heroku_ssl 0.6.0 → 0.6.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +76 -3
- data/lib/heroku_ssl/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 6b2f9d8f3eac58664d6b0ef978806f6e1ddce126
|
|
4
|
+
data.tar.gz: 2951332ed2adb95c02f06b0907b7f643449a6c81
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a9486a38ce0485a6e4f5b3385976148d06201a69f3bb17a6d165d8dfe22e5c3eabfa21652dd59cb41204c1c7652dcfd0350410401b9ec8339d475a1f8cff63a4
|
|
7
|
+
data.tar.gz: 9e447c5d91c2d925f831f3e234deae1a9e44a3cc7c635c55b2c6dc64cd4e024bd1f0d6187d3e348463371367987b8a34cf529f9c67114374858f6d67a0de0b5f
|
data/README.md
CHANGED
|
@@ -1,9 +1,10 @@
|
|
|
1
1
|
# Heroku SSL
|
|
2
|
-
With the advent of free SSL from [Let's Encrypt](https://letsencrypt.org/), SSL should be as easy as clicking a button.
|
|
2
|
+
With the advent of free SSL from [Let's Encrypt](https://letsencrypt.org/), SSL should be as easy as clicking a button.
|
|
3
|
+
This gem allows you to generate and add an SSL certificate simply by running a rake task.
|
|
3
4
|
|
|
4
5
|
## Usage on Heroku
|
|
5
6
|
Add this gem to your gemfile, then deploy it to heroku.
|
|
6
|
-
Then, you can simply run `rake
|
|
7
|
+
Then, you can simply run `rake heroku_ssl:update_certs`
|
|
7
8
|
|
|
8
9
|
This should prompt you for everything you need to update your shiny new SSL certificate!
|
|
9
10
|
The only thing left to do will be to [configure your DNS correctly](https://devcenter.heroku.com/articles/ssl-endpoint#dns-and-domain-configuration).
|
|
@@ -11,7 +12,7 @@ You'll also want to make sure that the domain had been added to heroku with `her
|
|
|
11
12
|
|
|
12
13
|
## Usage outside of Heroku
|
|
13
14
|
Although designed for Heroku, it can generate certificates on other providers.
|
|
14
|
-
To do so, on your server, run `rake
|
|
15
|
+
To do so, on your server, run `rake heroku_ssl:generate_certs`.
|
|
15
16
|
This will print a JSON encoded set of PEM keys to the console.
|
|
16
17
|
You can download these (you will likely want to use `privkey` and `fullchain` as your public and private keys respectively)
|
|
17
18
|
and add them to your own servers and configure the DNS yourself.
|
|
@@ -41,5 +42,77 @@ It also requires one of the following:
|
|
|
41
42
|
## Contributing
|
|
42
43
|
Submit a pull request!
|
|
43
44
|
|
|
45
|
+
## FAQ
|
|
46
|
+
|
|
47
|
+
### Why do I need redis?
|
|
48
|
+
To issue an SSL Certificate, Let's Encrypt needs to verify that you actually own the domain you say you do.
|
|
49
|
+
It performs this verification by issuing a secret key to put at a given url on the server
|
|
50
|
+
(eg make it render `foo` when a GET request is made to `/.well-known/acme-challenge/fop`).
|
|
51
|
+
However, since most hosts, including Heroku, allow multiple servers running the same app, we can't just write a file,
|
|
52
|
+
which would only affect one instance (in fact, if it were done through a rake task on heroku,
|
|
53
|
+
it would be completely sandboxed from the running dyno);
|
|
54
|
+
instead, we need to make sure all running servers know what the key is.
|
|
55
|
+
We handle this synchronization through redis
|
|
56
|
+
|
|
57
|
+
You can get rid of redis (in fact, you could even get rid of this entire gem) once your SSL certificate has been issued.
|
|
58
|
+
Of course, you'll have to reinstall the gem when the certificate expires.
|
|
59
|
+
|
|
60
|
+
### How do I configure my DNS?
|
|
61
|
+
You need to set a CNAME record in your DNS zone file that points to `[yourdomain].herokudns.com`.
|
|
62
|
+
The DNS zone file specifies what urls get mapped to what servers on the domain name you own.
|
|
63
|
+
If your site is already pointed to your Heroku app, there will already be a CNAME record;
|
|
64
|
+
you just need to change where it points to.
|
|
65
|
+
If not, you'll need to add a new line:
|
|
66
|
+
```
|
|
67
|
+
[subdomain] [TTL] IN CNAME [yourdomain].herokudns.com
|
|
68
|
+
```
|
|
69
|
+
|
|
70
|
+
For example, I have
|
|
71
|
+
```
|
|
72
|
+
www 10800 IN CNAME www.kaimarshland.com.herokudns.com.
|
|
73
|
+
```
|
|
74
|
+
Which points the `www` subdomain (ie the www in [www.kaimarshland.com](https://www.kaimarshland.com)) to
|
|
75
|
+
www.kaimarshland.com.herokudns.com.
|
|
76
|
+
The TTL, or Time To Live, is set to 10800 seconds, which determines how long DNS information will be cached for.
|
|
77
|
+
|
|
78
|
+
### How can I add a certificate generated with this manually?
|
|
79
|
+
After running `rake heroku_ssl:generate_certs` on your server, which will print out a JSON object with your generated
|
|
80
|
+
certificates in it, you'll need to take the fullchain and the privkey and add them to your HTTP server.
|
|
81
|
+
|
|
82
|
+
On nginx, this looks like creating a new server block something like:
|
|
83
|
+
|
|
84
|
+
```
|
|
85
|
+
server {
|
|
86
|
+
...
|
|
87
|
+
|
|
88
|
+
listen 443 ssl;
|
|
89
|
+
|
|
90
|
+
ssl_certificate /path/to/fullchain.pem;
|
|
91
|
+
ssl_certificate_key /path/to/privkey.pem;
|
|
92
|
+
|
|
93
|
+
...
|
|
94
|
+
}
|
|
95
|
+
```
|
|
96
|
+
|
|
97
|
+
On apache, this looks something like like:
|
|
98
|
+
```
|
|
99
|
+
<VirtualHost 192.168.0.1:443>
|
|
100
|
+
...
|
|
101
|
+
|
|
102
|
+
SSLEngine on
|
|
103
|
+
SSLCertificateFile /path/to/fullchain.pem
|
|
104
|
+
SSLCertificateKeyFile /path/to/privkey.pem
|
|
105
|
+
SSLCertificateChainFile /path/to/chain.pem
|
|
106
|
+
|
|
107
|
+
...
|
|
108
|
+
</VirtualHost>
|
|
109
|
+
```
|
|
110
|
+
|
|
111
|
+
### What's the deal with certificate expiration?
|
|
112
|
+
Certificates expire after 90 days -- you can read about why on
|
|
113
|
+
[Let's Encrypt](https://letsencrypt.org/2015/11/09/why-90-days.html).
|
|
114
|
+
You'll get an email as the expiration date approaches, at which point you'll have to rerun `rake heroku_ssl:generate_certs`.
|
|
115
|
+
We're looking into ways to renew the certificates automatically; however, at the moment the Heroku API doesn't let us.
|
|
116
|
+
|
|
44
117
|
## License
|
|
45
118
|
The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).
|
data/lib/heroku_ssl/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: heroku_ssl
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.6.
|
|
4
|
+
version: 0.6.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Kai Marshland
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2016-11-
|
|
11
|
+
date: 2016-11-22 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rails
|
|
@@ -52,7 +52,7 @@ dependencies:
|
|
|
52
52
|
- - ">="
|
|
53
53
|
- !ruby/object:Gem::Version
|
|
54
54
|
version: '3.0'
|
|
55
|
-
description:
|
|
55
|
+
description: Quickly and easily add SSL to a Rails App with Let's Encrypt
|
|
56
56
|
email:
|
|
57
57
|
- kaimarshland@gmail.com
|
|
58
58
|
executables: []
|