- good general SSL tips
- don't use a wildcard cert. We'll need to buy certs for staging + prod + futon
- can probably safely limit to tls 1.2
- what is SNI?
- istlsfastyet ← good comparisons of terminators
- compile it from source and other tips
- it could sit in front of both http and https traffic. Not sure we want this, but it can be a load balancer for "free".
- it's support of http 1.1 is kinda wonky. This means that if we ever want websockets (or any of the other nice things about 1.1), we're gonna jump through some hoops.
- @indutny knows his stuff
- only sends
x-forwarded-for
header on the first request of the session. This might make things hard to force ssl? - this config has worked pretty well on my local
npm i -g nave node-gyp
nave usemain stable
pkgin install gcc47
npm i -g bud-tls
cd /opt/local/lib/node_modules/bud-tls
JOBS=4 node-gyp configure && node-gyp rebuild
ln -s /opt/local/lib/node_modules/bud-tls/build/Release/bud /opt/local/bin/bud
- we're gonna have to write some stuff
- it's still kinda buggy: (e.g. nodejs/node-v0.x-archive#7010)
Hasn't been touched in 2 years, as wayyyy too many open issues and PRs.
# via http://docs.nodejitsu.com/articles/HTTP/servers/how-to-create-a-HTTPS-server
# and via https://www.instantssl.com/ssl-certificate-support/csr_generation/ssl-certificate-mod_ssl.html
openssl genrsa -out server.key 2048
openssl req -new -key server.key -out server.csr
openssl x509 -req -days 9999 -in server.csr -signkey server.key -out server.crt