Hello all, Searched the ''net and list to no avail, hoping someone can help me. It seems like this should be a HowTo, so maybe we can get this together here and I''ll write it up for the good of the people. I''d like to provide secure logins for my users because clear text passwords make the baby Jesus cry (as a friend of mine says). But, I want to provide everything else via standard http, all via lighttpd. My machine is dinky and so I want to run just two dispatch.fcgi processes and one instance of lighttpd that handles both the ssl and clear traffic lest I grind the disks to a horrible swap death. Is this even possible, or must I run a separate lighttpd process for providing logins via ssl? Any help is greatly appreciated, particularly working config files :). Thanks, pt. ------ Parker Thompson Professional (w) http://placesite.com (c) 510.541.0125
Here''s my SSL config for the app:
$SERVER["socket"] = "127.0.0.1:443" {
ssl.engine = "enable"
ssl.pemfile = "/home/pergesu/ssl/example.pem"
server.name = "example.com"
server.document-root = "/home/pergesu/app/public/"
}
Also check the lighttpd site for a bit more info, as well as how to
generate self signed certificates [1].
I''m not sure if this is the totally appropriate way of doing things,
but it seems to be working perfectly fine for me.
Pat
[1] http://www.lighttpd.net/documentation/ssl.html
On 11/8/05, Parker Thompson
<parker-3jzlE2HJBXll57MIdRCFDg@public.gmane.org>
wrote:> Hello all,
>
> Searched the ''net and list to no avail, hoping someone can help
me. It
> seems like this should be a HowTo, so maybe we can get this together here
> and I''ll write it up for the good of the people.
>
> I''d like to provide secure logins for my users because clear text
> passwords make the baby Jesus cry (as a friend of mine says). But, I want
> to provide everything else via standard http, all via lighttpd.
>
> My machine is dinky and so I want to run just two dispatch.fcgi processes
> and one instance of lighttpd that handles both the ssl and clear traffic
> lest I grind the disks to a horrible swap death.
>
> Is this even possible, or must I run a separate lighttpd process for
> providing logins via ssl? Any help is greatly appreciated, particularly
> working config files :).
>
> Thanks,
>
> pt.
> ------
> Parker Thompson
> Professional
> (w) http://placesite.com
> (c) 510.541.0125
> _______________________________________________
> Rails mailing list
> Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
> http://lists.rubyonrails.org/mailman/listinfo/rails
>
That should be
$SERVER["socket"] == "127.0.0.1:443" {
I had to type it, because I can''t figure out how to select and copy
with cygwin. I hate windows.
Pat
On 11/8/05, Pat Maddox <pergesu-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:> Here''s my SSL config for the app:
>
> $SERVER["socket"] = "127.0.0.1:443" {
> ssl.engine = "enable"
> ssl.pemfile = "/home/pergesu/ssl/example.pem"
> server.name = "example.com"
> server.document-root = "/home/pergesu/app/public/"
> }
>
> Also check the lighttpd site for a bit more info, as well as how to
> generate self signed certificates [1].
>
> I''m not sure if this is the totally appropriate way of doing
things,
> but it seems to be working perfectly fine for me.
>
> Pat
>
> [1] http://www.lighttpd.net/documentation/ssl.html
>
>
> On 11/8/05, Parker Thompson
<parker-3jzlE2HJBXll57MIdRCFDg@public.gmane.org> wrote:
> > Hello all,
> >
> > Searched the ''net and list to no avail, hoping someone can
help me. It
> > seems like this should be a HowTo, so maybe we can get this together
here
> > and I''ll write it up for the good of the people.
> >
> > I''d like to provide secure logins for my users because clear
text
> > passwords make the baby Jesus cry (as a friend of mine says). But, I
want
> > to provide everything else via standard http, all via lighttpd.
> >
> > My machine is dinky and so I want to run just two dispatch.fcgi
processes
> > and one instance of lighttpd that handles both the ssl and clear
traffic
> > lest I grind the disks to a horrible swap death.
> >
> > Is this even possible, or must I run a separate lighttpd process for
> > providing logins via ssl? Any help is greatly appreciated,
particularly
> > working config files :).
> >
> > Thanks,
> >
> > pt.
> > ------
> > Parker Thompson
> > Professional
> > (w) http://placesite.com
> > (c) 510.541.0125
> > _______________________________________________
> > Rails mailing list
> > Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
> > http://lists.rubyonrails.org/mailman/listinfo/rails
> >
>
Pat,
What I''d like to do is define in the came conf file two virtual host
entries, one for my http site, one for https (logins, registration, etc),
that share dispatch.fcgi processes.
It looks like I would define listeners on 443/80 like so:
-----
$SERVER["socket"] = "127.0.0.1:443" {
ssl.engine = "enable"
ssl.pemfile = "/home/pergesu/ssl/example.pem"
server.name = "example.com"
server.document-root = "/home/pergesu/app/public/"
min-procs = 2
max-procs = 2
}
$SERVER["socket"] = "127.0.0.1:80" {
server.name = "example.com"
server.document-root = "/home/pergesu/app/public/"
min-procs = 2
max-procs = 2
}
--------
What I want to do is define both listeners, but have a global maximum/min
of 2 fcgi processes that field both ssl and non-ssl requests.
What I''m tryign to figure out is if this is possible using just
lighttpd?
It looks like it may be possible using apache to handle the ssl and
proxying through to one lighttpd instance (anyone try this?) but I''m
hoping to piggyback on someone else''s experience here rather than
running
a bunch of experiements.
Thanks again for the help,
pt.
------
Parker Thompson
Professional
(w) http://placesite.com
(c) 510.541.0125
On Tue, 8 Nov 2005, Pat Maddox wrote:
|Here''s my SSL config for the app:
|
|$SERVER["socket"] = "127.0.0.1:443" {
| ssl.engine = "enable"
| ssl.pemfile = "/home/pergesu/ssl/example.pem"
| server.name = "example.com"
| server.document-root = "/home/pergesu/app/public/"
|}
|
|Also check the lighttpd site for a bit more info, as well as how to
|generate self signed certificates [1].
|
|I''m not sure if this is the totally appropriate way of doing things,
|but it seems to be working perfectly fine for me.
|
|Pat
|
|[1] http://www.lighttpd.net/documentation/ssl.html
|
|
|On 11/8/05, Parker Thompson
<parker-3jzlE2HJBXll57MIdRCFDg@public.gmane.org> wrote:
|> Hello all,
|>
|> Searched the ''net and list to no avail, hoping someone can help
me. It
|> seems like this should be a HowTo, so maybe we can get this together here
|> and I''ll write it up for the good of the people.
|>
|> I''d like to provide secure logins for my users because clear text
|> passwords make the baby Jesus cry (as a friend of mine says). But, I want
|> to provide everything else via standard http, all via lighttpd.
|>
|> My machine is dinky and so I want to run just two dispatch.fcgi processes
|> and one instance of lighttpd that handles both the ssl and clear traffic
|> lest I grind the disks to a horrible swap death.
|>
|> Is this even possible, or must I run a separate lighttpd process for
|> providing logins via ssl? Any help is greatly appreciated, particularly
|> working config files :).
|>
|> Thanks,
|>
|> pt.
|> ------
|> Parker Thompson
|> Professional
|> (w) http://placesite.com
|> (c) 510.541.0125
|> _______________________________________________
|> Rails mailing list
|> Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
|> http://lists.rubyonrails.org/mailman/listinfo/rails
|>
|_______________________________________________
|Rails mailing list
|Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
|http://lists.rubyonrails.org/mailman/listinfo/rails
|
I think you can just do this:
------------
server.name = "example.com"
server.document-root = "/home/pergesu/app/public/"
fastcgi.server = ( ".fcgi" => (
"localhost" =>
(
"host" => "127.0.0.1",
"port" => "1100",
"bin-path" =>
"/home/pergesu/app/public/dispatch.fcgi",
"min-procs" => 2,
"max-procs" => 2
)
)
)
$SERVER["socket"] = "127.0.0.1:443" {
ssl.engine = "enable"
ssl.pemfile = "/home/pergesu/ssl/example.pem"
}
------------
Once you get it working this way, you may want to switch to external
spawning via script/process/spawner, I''ve had much better luck with
that
than having lighttpd manage the dispatchers.
Parker Thompson wrote:> Pat,
>
> What I''d like to do is define in the came conf file two virtual
host
> entries, one for my http site, one for https (logins, registration, etc),
> that share dispatch.fcgi processes.
>
> It looks like I would define listeners on 443/80 like so:
>
> -----
> $SERVER["socket"] = "127.0.0.1:443" {
> ssl.engine = "enable"
> ssl.pemfile = "/home/pergesu/ssl/example.pem"
> server.name = "example.com"
> server.document-root = "/home/pergesu/app/public/"
> min-procs = 2
> max-procs = 2
> }
> $SERVER["socket"] = "127.0.0.1:80" {
> server.name = "example.com"
> server.document-root = "/home/pergesu/app/public/"
> min-procs = 2
> max-procs = 2
> }
> --------
>
> What I want to do is define both listeners, but have a global maximum/min
> of 2 fcgi processes that field both ssl and non-ssl requests.
>
> What I''m tryign to figure out is if this is possible using just
lighttpd?
> It looks like it may be possible using apache to handle the ssl and
> proxying through to one lighttpd instance (anyone try this?) but
I''m
> hoping to piggyback on someone else''s experience here rather than
running
> a bunch of experiements.
>
> Thanks again for the help,
>
> pt.
> ------
> Parker Thompson
> Professional
> (w) http://placesite.com
> (c) 510.541.0125
>
> On Tue, 8 Nov 2005, Pat Maddox wrote:
>
> |Here''s my SSL config for the app:
> |
> |$SERVER["socket"] = "127.0.0.1:443" {
> | ssl.engine = "enable"
> | ssl.pemfile = "/home/pergesu/ssl/example.pem"
> | server.name = "example.com"
> | server.document-root = "/home/pergesu/app/public/"
> |}
> |
> |Also check the lighttpd site for a bit more info, as well as how to
> |generate self signed certificates [1].
> |
> |I''m not sure if this is the totally appropriate way of doing
things,
> |but it seems to be working perfectly fine for me.
> |
> |Pat
> |
> |[1] http://www.lighttpd.net/documentation/ssl.html
> |
> |
> |On 11/8/05, Parker Thompson
<parker-3jzlE2HJBXll57MIdRCFDg@public.gmane.org> wrote:
> |> Hello all,
> |>
> |> Searched the ''net and list to no avail, hoping someone can
help me. It
> |> seems like this should be a HowTo, so maybe we can get this together
here
> |> and I''ll write it up for the good of the people.
> |>
> |> I''d like to provide secure logins for my users because clear
text
> |> passwords make the baby Jesus cry (as a friend of mine says). But, I
want
> |> to provide everything else via standard http, all via lighttpd.
> |>
> |> My machine is dinky and so I want to run just two dispatch.fcgi
processes
> |> and one instance of lighttpd that handles both the ssl and clear
traffic
> |> lest I grind the disks to a horrible swap death.
> |>
> |> Is this even possible, or must I run a separate lighttpd process for
> |> providing logins via ssl? Any help is greatly appreciated,
particularly
> |> working config files :).
> |>
> |> Thanks,
> |>
> |> pt.
> |> ------
> |> Parker Thompson
> |> Professional
> |> (w) http://placesite.com
> |> (c) 510.541.0125
> |> _______________________________________________
> |> Rails mailing list
> |> Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
> |> http://lists.rubyonrails.org/mailman/listinfo/rails
> |>
> |_______________________________________________
> |Rails mailing list
> |Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
> |http://lists.rubyonrails.org/mailman/listinfo/rails
> |
> _______________________________________________
> Rails mailing list
> Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
> http://lists.rubyonrails.org/mailman/listinfo/rails
>
Pat Maddox wrote:> I had to type it, because I can''t figure out how to select and copy > with cygwin. I hate windows.For the ordinary (non-X) cygwin bash window, use the drop-down menu on the top left icon in the title bar, select Edit, then select Mark. Drag to select and highlight text (title bar shows "Select" while in this mode). Drag again to reselect if need be. Double-click and shift-selection work as you would expect. Then choose Edit>Copy from the same menu, or just press Enter. In terms of keyboard shortcuts: Alt-space e k <drag> Enter (This is the same as for a Windows command window). If you have Cygwin with X, just dragging and highlighting text seems to immediately place it on the Windows clipboard. regards Justin