August 2008 Archives

Nginx Intermediary SSL Certificates and Passphrases

Posted by glenn on Monday, August 11, 2008

I’ve had to do this 3 or 4 times in the past 12 months, and each time I waste a good chunk of time trying to re-discover how to do it. So this post is as much for my own documentation sake as it is sharing the love. If you’ve ever bought an SSL certificate from GoDaddy or a similar provider that provides and intermediary certificate to include, you might have run into a bit of a problem trying to work out how to include it in your nginx config. Well it’s actually pretty straight-forward, provided you remember the steps.

Merging the site and intermediary SSL certificates

First thing you’ll need to do is create a new certificate, which is just the one for your site and the intermediary merged together. In Apache you’d specify them both individually. Nginx only allows you to specify one, so lets put them in the same file:

cat rubypond.com.crt >> rubypond.com.crt.merged
cat intermediate_bundle.crt >> rubypond.com.crt.merged

Removing SSL Passphrase

The next step, is to remove the passphrase off the key for the site. I’d love to keep it on, but it means nginx can’t be restarted without an operator at the console to enter in the passphrase every time which is definitely less than ideal. So to remove the passphrase from your key, I’ll first back it up and then take it off with openssl:

mv rubypond.key rubypond.key.passphrased
openssl rsa -in rubypond.key.passphrased -out rubypond.key

Configuring Nginx to use your new SSL certificate

This config is taken straight from my earlier article on setting up nginx, ssl, and virtual hosts, but I’ll include it here just for good measure too:

server {
  listen 443;
  server_name myserver.com;  

  ssl on;
  ssl_certificate /etc/nginx/certs/rubypond.com.crt.merged; 
  ssl_certificate_key /etc/nginx/certs/rubypond.key; 

  # put the rest of your server configuration here.

  location / {
     proxy_set_header X-FORWARDED_PROTO https;

     # put your config here
  }
}

Just be sure to point the certificate entry to the new merged certificate, the key at the now un-passphrased key, and restart nginx. Done.

Introducing Map.ly, collaborative mapping

Posted by glenn on Tuesday, August 12, 2008

From the necessity is the mother of all invention category, I introduce a new product I’ve hastily cobbled together over the past week or so. Map.ly is a means of “sharing directions, locations, and maps” with other people.

It is still very much in development, I’m loathe to call it beta as it’s probably closer to alpha but still… So what is it’s purpose? My girlfriend is forever having to plan meetings and trips for the people in her team, and trying to herd these sheep ahem I meant orientate her colleagues in foreign cities can be tricky. She needed something to accompany their printed itinerary showing all the various locations they’d need to be during their stay, and where they were in relation to each other. And print out a google map for each location seemed needlessly difficult and not that helpful, we wanted to plot everything on the one map if possible.

Enter Map.ly. Double click where you want to place a marker, enter in the name and some details, and save. You’ll get a nice short URL back to the map that you can pass around and you can all add your own markers to it. I think support in IE might currently be a little bit flaky, I’ll check later today. And there are a number of features still in the pipeline (getting directions between points, entering in addresses, etc.) but I’m hoping it will prove to be something useful. So go give someone some directions to somewhere

And most useful to the geeks out there, is that it’s forced me to resurrect a long since dead gem I once wrote for mapping as I felt YM4R and the other Map API gems just weren’t ruby enough. Once the feature set is locked in, I’ll release an updated version allowing you to do all the cool things that get implemented on Map.ly.