nathancolgate/ssl_puma.sh

## ssl_puma.sh
# 1) Create your private key
$ cd ~/.ssh
$ openssl genrsa -des3 -passout pass:x -out lvh.me.pass.key 2048

# 2) Generate RSA key
$ openssl rsa -passin pass:x -in lvh.me.pass.key -out lvh.me.key

# 3) Get rid of private key
$ rm lvh.me.pass.key

# 3) Generate the csr (Certificate signing request) (Details are important!)
$ openssl req -new -key lvh.me.key -out lvh.me.csr

# IMPORTANT
# MUST have lvh.me as the common name to keep browsers happy
# (has to do with non internal domain names ... which sadly can be
# avoided with a domain name with a "." in the middle of it somewhere)

# 4) Generate self signed ssl certificate
$ openssl x509 -req -sha256 -days 365 -in lvh.me.csr -signkey lvh.me.key -out lvh.me.crt

# 5) Add lvh.me.crt as trusted cert in the mac osx keychain
# Open keychain tool
# Select "System" in Keychains menu
# drag lvh.me.crt file to list
# Right-click Cert: Get Info
# Open "Trust" menu
# When using this certificate: "Always Trust"

# 6) Setup Rails App
# For rails app development, add two keys to your .rbenv-vars folder:
DEV_SSL_CERT_PATH=/Users/nathan/.ssh/lvh.me.crt
DEV_SSL_KEY_PATH=/Users/nathan/.ssh/lvh.me.key

# Update your Procfile to look like this:
web: bundle exec puma -C config/puma.rb
ssl: bundle exec puma -b "ssl://127.0.0.1:3000?key=$DEV_SSL_KEY_PATH&cert=$DEV_SSL_CERT_PATH" -C config/puma.rb

# Add this to development.rb
config.force_ssl = true
config.ssl_options = { redirect: { port: 3000 }, hsts: { subdomains: true } }

# Notes:
# 1) Https traffic and http traffic can't be served from the same process. If you want
#    both you need to start two instances on different ports.
# 2) Checkout new_framework_defaults.rb in newer rails apps. It had a ssl_options config
#    setting that was a pain in my neck.
	# 1) Create your private key
	$ cd ~/.ssh
	$ openssl genrsa -des3 -passout pass:x -out lvh.me.pass.key 2048

	# 2) Generate RSA key
	$ openssl rsa -passin pass:x -in lvh.me.pass.key -out lvh.me.key

	# 3) Get rid of private key
	$ rm lvh.me.pass.key

	# 3) Generate the csr (Certificate signing request) (Details are important!)
	$ openssl req -new -key lvh.me.key -out lvh.me.csr

	# IMPORTANT
	# MUST have lvh.me as the common name to keep browsers happy
	# (has to do with non internal domain names ... which sadly can be
	# avoided with a domain name with a "." in the middle of it somewhere)

	# 4) Generate self signed ssl certificate
	$ openssl x509 -req -sha256 -days 365 -in lvh.me.csr -signkey lvh.me.key -out lvh.me.crt

	# 5) Add lvh.me.crt as trusted cert in the mac osx keychain
	# Open keychain tool
	# Select "System" in Keychains menu
	# drag lvh.me.crt file to list
	# Right-click Cert: Get Info
	# Open "Trust" menu
	# When using this certificate: "Always Trust"

	# 6) Setup Rails App
	# For rails app development, add two keys to your .rbenv-vars folder:
	DEV_SSL_CERT_PATH=/Users/nathan/.ssh/lvh.me.crt
	DEV_SSL_KEY_PATH=/Users/nathan/.ssh/lvh.me.key

	# Update your Procfile to look like this:
	web: bundle exec puma -C config/puma.rb
	ssl: bundle exec puma -b "ssl://127.0.0.1:3000?key=$DEV_SSL_KEY_PATH&cert=$DEV_SSL_CERT_PATH" -C config/puma.rb

	# Add this to development.rb
	config.force_ssl = true
	config.ssl_options = { redirect: { port: 3000 }, hsts: { subdomains: true } }

	# Notes:
	# 1) Https traffic and http traffic can't be served from the same process. If you want
	# both you need to start two instances on different ports.
	# 2) Checkout new_framework_defaults.rb in newer rails apps. It had a ssl_options config
	# setting that was a pain in my neck.