Skip to content

Instantly share code, notes, and snippets.

@cluppi
Created March 19, 2015 19:01
Show Gist options
  • Star 48 You must be signed in to star a gist
  • Fork 19 You must be signed in to fork a gist
  • Save cluppi/6792ca8b802d26919045 to your computer and use it in GitHub Desktop.
Save cluppi/6792ca8b802d26919045 to your computer and use it in GitHub Desktop.
Turning SSL on for Homestead
#!/bin/sh
# Config for SSL.
echo "--- Making SSL Directory ---"
mkdir /etc/nginx/ssl
echo "--- Copying $i SSL crt and key ---"
openssl req -nodes -new -x509 -keyout /etc/nginx/ssl/server.key -out /etc/nginx/ssl/server.crt -subj "/C=US/ST=NY/L=NYC/O=Dis/CN=www.example.com"
echo "--- Turning SSL on in nginx.conf. ---"
# Comment out this line if you prefer ssl on a per
# server basis, rather for all sites on the vm.
# If commented out you can access hosts on http
# port 8000, and https port 44300. If uncommented,
# you can ONLY access hosts via https on port 44300.
sed -i "/sendfile on;/a \\ ssl on;" /etc/nginx/nginx.conf
conf_files="/etc/nginx/sites-available/*"
for file in $conf_files
do
echo "--- Inserting SSL directives into site's server file. ---"
sed -i "/listen 80;/a \\\n listen 443 ssl;\n ssl_certificate /etc/nginx/ssl/server.crt;\n ssl_certificate_key /etc/nginx/ssl/server.key;\n\n" $file
done
echo "--- Restarting Serivces ---"
service nginx restart
service php5-fpm restart
@chlab
Copy link

chlab commented Jun 26, 2017

Thanks for this!
@LinKassem: open your homestead folder (for me ~/.homestead/) and put it in after.sh in the root of that directory. There will probably already be an empty version of one there.

@Agapito78
Copy link

@FaustRayne, I'm getting the same error. Did you solve it?
I'm running Vagrant Homestead in a windows 10 machine

@drmzio
Copy link

drmzio commented Aug 14, 2017

For the latest version of Vagrant Homestead. You no longer need this. You just have to get browsers to accept your self-signed certificates. Here's how I fixed mine for Chrome https://stackoverflow.com/questions/7580508/getting-chrome-to-accept-self-signed-localhost-certificate

@roarkmccolgan
Copy link

Hi All,

Do we need to change www.example.com to our domain or site? Thanks

@waiylkarim
Copy link

waiylkarim commented Apr 1, 2020

in the latest homestead 4.0.0 it fails:
...
==> homestead-7: --- Copying SSL crt and key ---
==> homestead-7: Generating a 2048 bit RSA private key
...
==> homestead-7: writing new private key to '/etc/nginx/ssl/server.key'
==> homestead-7: /etc/nginx/ssl/server.key: Permission denied
==> homestead-7: 140106523903640:error:0200100D:system library:fopen:Permission denied:bss_file.c:398:fopen('/etc/nginx/ssl/server.key','w')
==> homestead-7: 140106523903640:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:400:
==> homestead-7: --- Turning SSL on in nginx.conf. ---
==> homestead-7: sed:
==> homestead-7: couldn't open temporary file /etc/nginx/sedUo2r1e: Permission denied
==> homestead-7: --- Inserting SSL directives into site's server file. ---
==> homestead-7: sed:
==> homestead-7: couldn't open temporary file /etc/nginx/sites-available/sedcX6Mqi: Permission denied
==> homestead-7: --- Inserting SSL directives into site's server file. ---
==> homestead-7: sed:
==> homestead-7: couldn't open temporary file /etc/nginx/sites-available/sednpXeli: Permission denied
==> homestead-7: --- Restarting Serivces ---
==> homestead-7: Failed to restart nginx.service: Interactive authentication required.
==> homestead-7: See system logs and 'systemctl status nginx.service' for details.
==> homestead-7: Failed to restart php5-fpm.service: Interactive authentication required.
==> homestead-7: See system logs and 'systemctl status php5-fpm.service' for details.
The SSH command responded with a non-zero exit status. Vagrant
assumes that this means the command failed. The output for this command
should be in the log above. Please read the output to determine what
went wrong.

Says in the exception that sed does not have enough permission to execute given command. You can fix that by prepending sudo to every sed command in the after.sh file.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment