It is highly recommended that you enable HTTPS for packagecloud:enterprise. In order to do this, you'll need to purchase SSL certificates.
In order to configure HTTPS, you will need:
- An SSL certificate and private key from an SSL provider.
- The correct firewall, security group, and system configuration allowing incoming HTTPS connections.
HTTPS configuration settings are found in
/etc/packagecloud/packagecloud.rb under the section labeled
The options are namespaced under
# Enable HTTPS
packagecloud_rails['packagecloud_https'] = true
# This next option is the port that should be opened, the default is 443 and
# is strongly encouraged so that users don't need to do anything special.
packagecloud_rails['packagecloud_port'] = 443
# The full path to your SSL certificate, make sure to modify this setting.
# The certificate must be readable by root.
nginx['ssl_certificate'] = "/etc/packagecloud/ssl/server.crt"
# The full path to your SSL private key, make sure to modify this setting.
# The certificate must be readable by root. It is strongly recommended that
# the secret key not be readable by other users (mode 600).
nginx['ssl_certificate_key'] = "/etc/packagecloud/ssl/server.key"
# This next option instructs NGINX to redirect plain-text connections to
# HTTPS automatically. This option is highly recommended.
nginx['redirect_http_to_https'] = true
Once these settings are configured in your
/etc/packagecloud/packagecloud.rb, you should run:
sudo packagecloud-ctl reconfigure
To bring reconfigure and restart NGINX to use HTTPS.
Most often, issues with HTTPS are due to misconfigured firewalls, security groups, or other system or networking related settings. Please double check your firewall rules and AWS security settings and ensure that you can accept incoming TCP traffic on the port you specified for
Logs for NGINX are available in
/var/log/packagecloud/nginx/ and you can tail all the NGINX simultaneously if you like by running: