Comments (45)
node.js and Connect support serving SSL pages. I've forked the project and when I have a spare moment I'm hoping I'll have a chance to dig through the configuration and add SSL support.
For ease of use I think it's best to go with a wildcard certificate for *.dev or *.test. I'm thinking it'd be best to generate this during install.sh and save it to $POW_ROOT/SSL. The OS X command sudo /usr/bin/security add-trusted-cert -d -r trustRoot -k "/Library/Keychains/System.keychain" $POW_ROOT + "SSL/certificate.pem" could be used to trust the certificate.
Those are my initial thoughts on the matter anyway.
from pow.
I really didn't need this feature, I just thought it would be fun to play with node's ssl api.
Good point about the cert issue. I didn't really think about that. Hopefully we can make that setup painless.
from pow.
SSL cert generation can be annoying and I'm not certain there would be an easy way to implement it in a manner where you aren't making the user type in their information (including the wildcard for the CN field). I wonder if including a "generic" private.pem and public.pem in the installation would be the wiser move.
I imagine most people wouldn't need this, but for ensuring SSL is functioning it would be a sweet option. Painless SSL? Unimaginable for most...
from pow.
If Pow doesn't support SSL connections, how do 37signals devs run apps that force SSL connections like Campfire?
from pow.
@danreedy Anyway we can generate one generic cert for everyone?
@joshpuetz Force ssl is disabled in development mode
from pow.
It shouldn't matter if it's one cert for everyone, you can generate certs like @danreedy suggested. Generate a sensible default that works and the user can overwrite them with legit certificates if they have them.
from pow.
Supporting SSL out of the box would be fantastic.
from pow.
There are obvious security concerns if you are sending out a default root certificate that has been trusted as an authority by anyone installing pow. If you can pass defaults while creating the cart it may work and work well.
On Apr 7, 2011, at 4:25 PM, [email protected] wrote:
It shouldn't matter if it's one cert for everyone, you can generate certs like @danreedy has. Generate a sensible default that works and the user can overwrite them with legit certificates if they have them.
Reply to this email directly or view it on GitHub:
#5 (comment)
from pow.
+1 on the SSL support, it's really the biggest reason why i would need something POW. it would instantly become my default server for development if it supported SSL.
from pow.
Did a little leg work and I've created two public gists that are proof of concept for an auto generated self-signed multi domain ssl certificate.
The first gist would theoretically go into install.sh. I currently have everything saving to the same folder but this could be modified to use a POW folder ($POW_HOME/SSL). This file generates the key and the certificate in one pass. The last step requires the sudo command and adds this new cert to the trusted roots keychain.
The Second gist is a example node.js https instance setup to be run in the same folder as the previous gist and serves up the self-signed cert.
Because the last step of the first gist makes the cert trusted, you should not receive any warnings on any .dev domains.
Now it's time to work it into POW.
from pow.
+1
from pow.
+1
from pow.
This would be really, really helpful.
from pow.
+1
from pow.
+1
from pow.
@sstephenson This is going to be tricky. We're going to need to extend connect.HTTPSServer
too. Somehow we'd need to move the code in pow.HttpServer
into a mixin so we can share it between both classes.
from pow.
In that case, we ought to use composition instead of a mixin -- it wouldn't make sense for the HTTPS server to have its own set of Nack workers.
from pow.
Hrm, right, we need to worry about that too. Maybe we need an HttpHandler
class.
HttpServer -\ /- RackApplication
|- HttpHandler -| - NodeApplication
HttpsServer -/ \- ProxyApplication
Does this fit into the EventEmitter
emitter stuff you are already working on?
from pow.
You can setup an SSL proxy through nginx until it is supported by pow.
Just follow these instructions:
http://www.cyberciti.biz/faq/howto-linux-unix-setup-nginx-ssl-proxy/
from pow.
+1
from pow.
+1
from pow.
+1 ... ssl support is the only thing stopping me from using pow.
On a side note, I'd love to hear more about the how and why of disabling ssl in development mode.
from pow.
+1 SSL support would be awesome!
from pow.
+1
from pow.
+1 I just began building an ecommerce function and now can't use my POW :-(
from pow.
@blueheadpublishing Sure you can. If you use a middleware or before_filter
to force SSL, just skip it when Rails.env
is development
. That's what we do for all our apps at 37signals.
from pow.
@sstephenson that works great for apps that are wholly behind ssl, but not so much for sites that are a mix. I'm sure I'm doing it wrong, but I've always felt more comfortable with using real ssl in dev mode. I don't think I'm alone in that regard, but I'd love to be convinced otherwise.
from pow.
Considering closing this issue. I don't really feel like working on it anymore.
No number of +1
s is going to magically produce a working patch.
from pow.
If you need SSL that bad just use an Nginx proxy as I linked to above. It takes ten minutes.
http://shiny-bits-of-code.tumblr.com/post/4749553253/ssl-proxy-with-nginx
from pow.
Yep, I'm with @josh on this one -- closing the ticket. If anyone wants to take a shot at implementing SSL, feel free to make a patch and open a pull request.
from pow.
Zero-config SSL support (with self signed cert) built-in to pow would save time setting up dev machines and make it easier to get people to adopt pow over other more complicated setups!
from pow.
+1
from pow.
just use nginx from brew, add this config http://shiny-bits-of-code.tumblr.com/post/4749553253/ssl-proxy-with-nginx
and just edit the line that says server_name
server_name *.dev;
very easy steps:
- brew install nginx
- setup vhost file
- generate selfsigned ssl http://dracoblue.net/dev/https-nginx-with-self-signed-ssl-certificate/188/
use *.dev as domain and full name when you generate the ssl. - start nginxβ¦
from pow.
Installing and configuring nginx defeats the entire purpose of using a zero-conf app server. I quit using pow based on how slow bugs were being fixed and because once I had to install and configure nginx to support SSL, I realized it wasn't any harder to just use unicorn or thin than it was to use pow.
from pow.
jeremyhaile, yes true, if you have a few apps.
If you have many apps, let's say, 40+ apps. it make things a lot lot easier, starting unicorn/thin for each app, creating the nginx vhost, reload nginx, setup host file domain.
otherwise in pow only need one command :)
$ ln -s ~/projetos/app43 ~/.pow/
from pow.
My solution is here: https://github.com/jugyo/tunnels
This is a proxy to http from https.
from pow.
π
would really help now that Facebook requires https
from pow.
fred: my point wasn't that pow isn't easier than nginx/unicorn - but rather that if I have to configure ssl with nginx, it isn't that much harder to just run with unicorn at that point. If pow would add ssl support, I could eliminate having to run nginx on my dev machine altogether.
from pow.
Here is my solution using stud. https://gist.github.com/2050941#file_gistfile1.md
from pow.
@paulnicholson I just tested this and it works very well. Thanks! I wish 37s would bundle your solution into Pow. I would be fine to have Stud as a dependency for SSL support.
from pow.
thanks @paulnicholson, works great!
from pow.
Thanks @paulnicholson your solution is very helpful!
from pow.
thanks @jugyo, tunnels works like a charm though won't daemonize but that's not a problem.
https://github.com/jugyo/tunnels
$ gem install tunnels
$ rvmsudo tunnels
after which all traffic to 443 will pipe over to port 80 where pow's waiting to pick up.
...i did try stud but no go, though prefer the less invasive tunnels solution
from pow.
Just in case somebody uses rbenv: https://github.com/dcarley/rbenv-sudo :)
from pow.
another option: https://ngrok.com/
from pow.
Related Issues (20)
- DeprecationWarning: util.puts is deprecated.
- Is it possible to blacklist specific domains?
- .dev domains are not working in El Capitan HOT 12
- How to use pow with minitests?
- ENAMETOOLONG errors with long URLs
- Homebrew Install Results In Broken Pow Because of Missing Dirs HOT 1
- Typhoeus gem conflict
- HTTPS Proxy can't start up
- Sendfile Range request HOT 1
- ERR_CERT_AUTHORITY_INVALID HOT 1
- Uninstaller fails: error: can't find Pow
- Is this repository still under maintaining? HOT 1
- Can i maintain pow? HOT 1
- Chrome to force .dev domains to HTTPS via preloaded HSTS HOT 4
- make .pow 7X Faster HOT 1
- Ability to listen on multiple ports (80 + 3000)
- Installation fails silently if you already have an instance of pow (older or current version) running HOT 1
- 503 status when serving many concurrent files
- Browsers can't access sites since upgrade to 10.13.3 HOT 1
- Multiple workers? Multiple requests to same app seem to queue?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pow.