Scott Watermasysk

Still Learning to Code

Running Pow Over SSL

We are just about ready to put KickoffLabs into production mode. One of the last big tasks was setting up SSL.

Obviously, do not we want to push SSL support live without first testing it, so I set out to set it up locally.

I considered a variety of approaches and eventually settled on using Pow with nginx as a reverse proxy.

  1. This is simple and lightweight.
  2. Pow doesn’t require any additional configuration changes (ie, no host file entries).

Here are the basic steps.

  1. Install Pow (you are silly if this is not already done)
  2. Install nginx. I used Homebrew because I value my time and sanity: brew install nginx
  3. By default, your nginx configuration wil be at /usr/local/etc/nginx. Open a terminal window and navigate to this directory.
  4. Create a directory here called ssl. (mkdir ssl)
  5. Download this ruby script and place it in the ssl directory[1].
  6. Execute the script ruby gen_cert.rb kickoff.dev. The script takes a single argument, the domain name of your site.[2]
  7. Replace the nginx.conf file located at /usr/local/etc/nginx/nginx.conf with this one. Optionally, you can just copy the server section from the gist and place it in your existing configuration file.
  8. Change all of the kickoff.dev references to your own domain name.
  9. Test the nginx configuration with this command: nginx -t. It should report back it was successful, but will likely give a warning about permissions. This is because we are specifying port 443 which cannot be used without sudo.
  10. Assuming everything went OK in the last step, you can start nginx with sudo nginx.

A couple of things to watch out for:

  1. To run nginx on port 443 (or 80) you need to start nginx with elevated privileges.
  2. If you start nginx and it says it is already bound/running, you can stop it with nginx -s stop
  3. Make sure you have Pow running
  4. Make sure you pick a url that is valid for Pow (anything in .dev)
  5. This was my first time playing with nginx. If you stop something odd in the configuration file, please let me know.

Here is another link to the gist with the cert script and nginx.conf.

This has been tested on a exactly one computer. Please let me know if you run into any issues.

[1] This script is based on the commands listed here. You can execute them manually if you want. I did this a couple of times already and decided to automate it.

[2] I hard coded a bunch of the certificate data. All that matters for testing is the domain (common) name, but feel free to the edit the -subj argument.