Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Turning SSL on for Homestead
#!/bin/sh
# Config for SSL.
echo "--- Making SSL Directory ---"
mkdir /etc/nginx/ssl
echo "--- Copying $i SSL crt and key ---"
openssl req -nodes -new -x509 -keyout /etc/nginx/ssl/server.key -out /etc/nginx/ssl/server.crt -subj "/C=US/ST=NY/L=NYC/O=Dis/CN=www.example.com"
echo "--- Turning SSL on in nginx.conf. ---"
# Comment out this line if you prefer ssl on a per
# server basis, rather for all sites on the vm.
# If commented out you can access hosts on http
# port 8000, and https port 44300. If uncommented,
# you can ONLY access hosts via https on port 44300.
sed -i "/sendfile on;/a \\ ssl on;" /etc/nginx/nginx.conf
conf_files="/etc/nginx/sites-available/*"
for file in $conf_files
do
echo "--- Inserting SSL directives into site's server file. ---"
sed -i "/listen 80;/a \\\n listen 443 ssl;\n ssl_certificate /etc/nginx/ssl/server.crt;\n ssl_certificate_key /etc/nginx/ssl/server.key;\n\n" $file
done
echo "--- Restarting Serivces ---"
service nginx restart
service php5-fpm restart
@bryceadams

This comment has been minimized.

Copy link

@bryceadams bryceadams commented May 8, 2015

This is excellent - thanks

@LinKassem

This comment has been minimized.

Copy link

@LinKassem LinKassem commented Mar 24, 2016

Can you please include a note about how to use this gist?

@FaustRayne

This comment has been minimized.

Copy link

@FaustRayne FaustRayne commented Feb 13, 2017

in the latest homestead 4.0.0 it fails:
...
==> homestead-7: --- Copying SSL crt and key ---
==> homestead-7: Generating a 2048 bit RSA private key
...
==> homestead-7: writing new private key to '/etc/nginx/ssl/server.key'
==> homestead-7: /etc/nginx/ssl/server.key: Permission denied
==> homestead-7: 140106523903640:error:0200100D:system library:fopen:Permission denied:bss_file.c:398:fopen('/etc/nginx/ssl/server.key','w')
==> homestead-7: 140106523903640:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:400:
==> homestead-7: --- Turning SSL on in nginx.conf. ---
==> homestead-7: sed:
==> homestead-7: couldn't open temporary file /etc/nginx/sedUo2r1e: Permission denied
==> homestead-7: --- Inserting SSL directives into site's server file. ---
==> homestead-7: sed:
==> homestead-7: couldn't open temporary file /etc/nginx/sites-available/sedcX6Mqi: Permission denied
==> homestead-7: --- Inserting SSL directives into site's server file. ---
==> homestead-7: sed:
==> homestead-7: couldn't open temporary file /etc/nginx/sites-available/sednpXeli: Permission denied
==> homestead-7: --- Restarting Serivces ---
==> homestead-7: Failed to restart nginx.service: Interactive authentication required.
==> homestead-7: See system logs and 'systemctl status nginx.service' for details.
==> homestead-7: Failed to restart php5-fpm.service: Interactive authentication required.
==> homestead-7: See system logs and 'systemctl status php5-fpm.service' for details.
The SSH command responded with a non-zero exit status. Vagrant
assumes that this means the command failed. The output for this command
should be in the log above. Please read the output to determine what
went wrong.

@chlab

This comment has been minimized.

Copy link

@chlab chlab commented Jun 26, 2017

Thanks for this!
@LinKassem: open your homestead folder (for me ~/.homestead/) and put it in after.sh in the root of that directory. There will probably already be an empty version of one there.

@Agapito78

This comment has been minimized.

Copy link

@Agapito78 Agapito78 commented Jul 20, 2017

@FaustRayne, I'm getting the same error. Did you solve it?
I'm running Vagrant Homestead in a windows 10 machine

@drmzio

This comment has been minimized.

Copy link

@drmzio drmzio commented Aug 14, 2017

For the latest version of Vagrant Homestead. You no longer need this. You just have to get browsers to accept your self-signed certificates. Here's how I fixed mine for Chrome https://stackoverflow.com/questions/7580508/getting-chrome-to-accept-self-signed-localhost-certificate

@roarkmccolgan

This comment has been minimized.

Copy link

@roarkmccolgan roarkmccolgan commented Dec 6, 2017

Hi All,

Do we need to change www.example.com to our domain or site? Thanks

@waiylgeek

This comment has been minimized.

Copy link

@waiylgeek waiylgeek commented Apr 1, 2020

in the latest homestead 4.0.0 it fails:
...
==> homestead-7: --- Copying SSL crt and key ---
==> homestead-7: Generating a 2048 bit RSA private key
...
==> homestead-7: writing new private key to '/etc/nginx/ssl/server.key'
==> homestead-7: /etc/nginx/ssl/server.key: Permission denied
==> homestead-7: 140106523903640:error:0200100D:system library:fopen:Permission denied:bss_file.c:398:fopen('/etc/nginx/ssl/server.key','w')
==> homestead-7: 140106523903640:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:400:
==> homestead-7: --- Turning SSL on in nginx.conf. ---
==> homestead-7: sed:
==> homestead-7: couldn't open temporary file /etc/nginx/sedUo2r1e: Permission denied
==> homestead-7: --- Inserting SSL directives into site's server file. ---
==> homestead-7: sed:
==> homestead-7: couldn't open temporary file /etc/nginx/sites-available/sedcX6Mqi: Permission denied
==> homestead-7: --- Inserting SSL directives into site's server file. ---
==> homestead-7: sed:
==> homestead-7: couldn't open temporary file /etc/nginx/sites-available/sednpXeli: Permission denied
==> homestead-7: --- Restarting Serivces ---
==> homestead-7: Failed to restart nginx.service: Interactive authentication required.
==> homestead-7: See system logs and 'systemctl status nginx.service' for details.
==> homestead-7: Failed to restart php5-fpm.service: Interactive authentication required.
==> homestead-7: See system logs and 'systemctl status php5-fpm.service' for details.
The SSH command responded with a non-zero exit status. Vagrant
assumes that this means the command failed. The output for this command
should be in the log above. Please read the output to determine what
went wrong.

Says in the exception that sed does not have enough permission to execute given command. You can fix that by prepending sudo to every sed command in the after.sh file.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.