Logged in: Logged in as: Log in
Register
call_us_today.gif

subscribe_rss.gif
Search:
Page last modified 22:23, 30 Jul 2008 by deano
RightScale Support Wiki > How-To Guides > How do I set up SSL?

How do I set up SSL?

In order to set up SSL on your application server, you will need to clone and modify a RightScript on your front-end server template and upload your key and cert.  Depending on your setup, you will have to find the appropriate script to modify.

  • Front-end server that combines HAproxy and Application
    • Modify the WEB apache FE + APP vhost script in the PHP/TomCat/Rails FrontEnd server template.

  • Front-end server that acts solely as a load balancer and does not contain the Application
    The type of Application (PHP, TomCat, Rails) does not make a difference.
    • Modify the WEB apache http-only vhost script in the LB Apache+HAproxy server template.

Modify Front-end Server Template

Go to the server template that you're using for your front-end server and click on the Scripts tab.  In this example, we will modify the WEB apache http-only vhost script in the LB Apache+HAproxy server template.  Click on the magnifying glass to edit the script.

04-ssl_web_script.gif

 

Since you need to edit it, click the Clone button and rename the script. Ex: WEB apache http-only vhost (revised). 

05-ssl_clone_script.gif

 

Click on the Scripts tab and click Edit.

06-ssl_edit_script.gif

Towards the bottom of the script you will see the following line.  

/opt/rightscale/lb/bin/apache_config_vhost.rb  -t http  $options

 

Assuming that you have not set the "OPT_VHOST_PORT," all you need to do is copy this line and modify the '-t' parameter to set up a https vhost and append -a $ATTACH_DIR. An example of a finalized script is shown below. 

# Add a non-ssl vhost at port 80 to $WEB_SITE_DNS
/opt/rightscale/lb/bin/apache_config_vhost.rb  -t http  $options

                
# Add an ssl vhost at port 443 to $WEB_SITE_DNS
/opt/rightscale/lb/bin/apache_config_vhost.rb  -t https  $options -a $ATTACH_DIR


Upload key and cert as attachments 

The next step is to upload your key and cert as an attachment to this script. Click the Attachments tab and browse for the files.  Each attachment must have the correct .key and .crt extention in the filename. 

If you have a chain of server certificates (SSLCertificateChainFile Directive), you can also upload the necessary file as an attachment.  The filename must have a .sf_crt file extension.

The last step is to replace the original script with the revised one that we just created. Add the new RightScript as a boot script and move the new script in front of the old one.  Finally, remove the old script. (Remember, you can only edit a server template that is cloned. If you cannot edit the server template, clone it now.)

07-ssl_add_script.gif


Tag page
What links here

Files 0

Attach file or image
 

Images 7

« prev next »
Viewing 1 - 6 of 7 images | View All
Add Revised Script
Add Revised Script
07-ssl_ad...  Actions
Edit Script
Edit Script
06-ssl_ed...  Actions
Clone Script
Clone Script
05-ssl_cl...  Actions
FE Server Template
FE Server Template
04-ssl_we...  Actions
PHP Script
PHP Script
03-ssl_ph...  Actions
Clone RightScript
Clone RightScript
02-ssl_cl...  Actions
You must login to post a comment.
Powered by MindTouch Deki Open Source Edition v.8.08