Every repository with this icon (
) is private.
Every repository with this icon (
) is public.
Adding an SSL certificate
Self-signed
To create a self-signed certificate, follow the steps below. A self-signed certificate can be useful for testing and for internal applications. It provides the same level of security, but by default is not trusted by browsers because it is not generated by a recognized Certificate Authority.
Add this to your moonshine.yml:
:ssl: :self_signed: true
Save, commit, and deploy your app. That’s all there is to it. If you want all requests to be redirected and served over self-signed SSL, it would look like this:
:ssl: :only: true
Certificate from a CA
To add a SSL certificate from a certificate authority, ssh into your server and generate a new certificate request:
sudo openssl req -new > mynewsite.csr
It will ask you to fill in a bunch of info that will need to match the info you provide your SSL provider (such as GoDaddy). The key one that you’ll want to pay attention to is Common Name. That needs to be your domain name (without the https://). For my app, i didn’t include the www and I’m not sure if that makes a difference. Next lets move these to a better location:
mkdir /home/rails/certs mv mynewsite.csr /home/rails/certs/mynewsite.csr mv privkey.pem /home/rails/certs/privkey.pem
Once done, output your certificate request by doing this:
cd /home/rails/certs/ cat mynewsite.csr
Copy that and enter it when your SSL provider asks for it.
Once your SSL provider approves your SSL, they’ll provide you with one or two files. The first will be the certificate file and the second, if provided, will be the certificate chain file. For godaddy, they provide a zip file that contains two files: yourdomain.com.crt & gd_bundle.crt. Save these two files in a directory called certs on your local machine. Change into that directory and copy the files to your server by running this on your local machine:
scp * rails@yourserver:/home/rails/certs/
This should copy the files to /home/rails/certs/ on your server.
The final step is to update config/moonshine.yml, commit it to the git repo and deploy.
:ssl: :certificate_file: /home/rails/certs/yourdomain.com.crt :certificate_key_file: /home/rails/certs/privkey.pem :certificate_chain_file: /home/rails/certs/gd_bundle.crt
The certificate_chain_file is only required if your certificate authority provided one, otherwise, leave out this line. Save & close this file. Next update your git repo.
git add config/moonshine.yml git commit -m "Updated moonshine config file with SSL info" git push
Now it’s time to deploy but we have one more tiny step. When you were creating the certificate request, it asked you to enter a password in. Apache will ask for that password every single time it wants to restart and moonshine won’t be able to enter this in for you. So we’re going to remove that password from the private key. (for more info) So log into your server & remove it by doing:
cd certs cp privkey.pem privkey.pem.bak openssl rsa -in privkey.pem.bak -out privkey.pem
This will ask you to enter your password that you entered while generating the certificate request. When you’re done, you’re ready to deploy again:
cap deploy
