| Info |
|---|
| It is highly recommended that you enable HTTPS for packagecloud:enterprise. In order to do this, you'll need to purchase SSL certificates. |
Prerequisites
In order to configure HTTPS, you will need:
- An SSL certificate and private key from an SSL provider.
- The correct firewall, security group, and system configuration allowing incoming HTTPS connections.
Settings
HTTPS configuration settings are found in /etc/packagecloud/packagecloud.rb under the section labeled HTTPS Settings.
The options are namespaced under packagecloud_rails and nginx:
| No Format |
|---|
# Enable HTTPS
packagecloud_rails['packagecloud_https'] = true
# This next option is the port that should be opened, the default is 443 and
# is strongly encouraged so that users don't need to do anything special.
packagecloud_rails['packagecloud_port'] = 443
# The full path to your SSL certificate, make sure to modify this setting.
# The certificate must be readable by root.
nginx['ssl_certificate'] = "/etc/packagecloud/ssl/server.crt"
# The full path to your SSL private key, make sure to modify this setting.
# The certificate must be readable by root. It is strongly recommended that
# the secret key not be readable by other users (mode 600).
nginx['ssl_certificate_key'] = "/etc/packagecloud/ssl/server.key"
# This next option instructs NGINX to redirect plain-text connections to
# HTTPS automatically. This option is highly recommended.
nginx['redirect_http_to_https'] = true |
...
Once these settings are configured in your /etc/packagecloud/packagecloud.rb, you should run:
| No Format |
|---|
sudo packagecloud-ctl reconfigure |
To bring reconfigure and restart NGINX to use HTTPS.
Troubleshooting
Most often, issues with HTTPS are due to misconfigured firewalls, security groups, or other system or networking related settings. Please double check your firewall rules and AWS security settings and ensure that you can accept incoming TCP traffic on the port you specified for packagecloud_rails['packagecloud_port'].
...