Site blog title mreza

FREE SSL ON AWS OPSWORKS RAILS APP

26/12/2016
Untitled
Amazon, Rails

In this post I'll try and describe how to set up SSL for your Rails app. This solution is free and will automatically extend the certificate once the certificate runs its course.

Having a secure HTTPS connection used to be a feature you'd see for example on banking web sites, where the need to address security issues was much higher.

However, as of late, this has changed quite a bit. Part of it likely has to do with browser vendors. In the last couple of years they've begun to make a point of warning you whenever you're doing something that might not be secure. Which is a good thing.

How this is usually done is by showing you (i) an icon implying that your connectiong is 'wrong' and 'insecure'. In reality, having SSL might not even be such a big deal if you don't even use forms, don't handle eny passwords or such. However, even in those cases, the browser will tell you that the site is insecure.

alt

Two of the major pains that I have with certificates are the following:

  1. They cost money
  2. They expire and then I forget about them

Green Bar vs. "Normal" Certificates

Just to make things clear, we are not talking about the so-called "green bar" here (aka Extended Validation SSL Certificates). For one of those you'll need to dish out $300 or more. So if what you're looking is how to set that up, this blog post won't be of much help.

alt

If you just want (i) to go away and to have something like this you are on the right page.

alt

We'll accomplish this by going through the following four steps:

  1. Use Let's Encrypt
  2. Use custom chef script for Rails setup
  3. Set application env to use custom chef recipe
  4. Setup a cron job to auto extend certificate

1. Let's Encrypt

https://letsencrypt.org/ is a nonprofit Certificate Authority. For the purposes of this post, I will assume you're running Ubuntu 14.04.4 LTS server managed with AWS OpsWorks.

In this example I'll be adding an SSL certificate for the "kodius.io" domain.

#execute in terminal
wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto
certbot-auto certonly --standalone -d kodius.io

After executing the previous command, a certificate will be generated inside of the /etc/letsencrypt/live folder. Congrats!

If you are not using a Ubuntu/Nginx setup, then you should check out the proper command sequence here https://certbot.eff.org/.

2. Tweaking nginx config

If you open up the Amazon OpsWorks console and go to your Rails app settings you will see a section where can manually add a certificate as well as SSL

alt

==This works great, however, it requires you to manually copy/paste keys to SSL certificate input text areas.== While this might not be such a big deal to do once in a while, Let's Encrypt certificates actually run out after a mere 90 days. You might not want to do that manually.

Instead we'll build a custom chef script to enable SSL while the application is being deployed. We will also add a cron job to automatically extend the certificate's validity meaning we'll never have to think twice about whether our certificate is gonna run out.

The recipe is available here https://github.com/kodius/kodius-chef-recipes. If you are unfamiliar on how to setup a custom chef recipe on AWS OpsWorks, the setup steps are listed over here.

3. Edit Environment Variables inside of the Rails App

When we re-deploy the app you'll notice nothing's changed:

alt

In order to make this work you'll have to enable the "SSL" part of the recipe for setting up our nginx configuration (this part is not mandatory, so whether you want to do it or not, it's up to you).

#setting in Rails App on OpsWorks UI
ENABLE_MANUAL_SSL = true

As shown here:

alt

After re-deploying once more, you will get a fully set up SSL connection. ==The recipe we're using puts in a bunch of redirects for nginx to the new https:// address, so old links will still work.==

alt

4. Setup a cron job to auto-extend certificate

Add a script /home/ubunut/renew_certs.sh

#/home/ubuntu/renew_certs.sh
#!/bin/bash
certbot-auto --quiet certonly -d kodius.io
chmod +x /home/ubuntu/renew_certs.sh
cronab -e
#add to cron
0 0 */60 * * /home/ubuntu/renew_certs.sh

Enjoy :)

OTHER POSTS
OTHER POSTS
Created with Sketch.
23 512
06/06/2018 / Tin Ilijaš

HOW TO DEACTIVATE USER – RAILS WITH DEVISE

Sometimes when I find the time (which happens roughly 23 to 37 times each and every day) I visit Stack Overflow, hopefully to solve a problem – but regularly leave irritated and heartbroken because the solution is too geeky and doesn’t e...
Helpprotectcompanydata large
29/06/2018 / Krešimir Bojčić

PROTECT THE DATA!

If you were to ask yourself – what is the essence of any software system – what would you say? (that is, what would you have said without having read the title of this post 😃).
Created with Sketch.
7e6dcc68 1ba3 11e7 8286 407dd1a1b50f
29/06/2018 / Tin Ilijaš

SWITCH USERS WITH USERSWITCH

Recently we were hired by a startup and quickly assigned a task to build a brand new feature for them. So no problemo here! The feature was fairly extensive which necessitated thorough testing – perhaps a third of the entire application ...
Created with Sketch.
Railsandreact
28/06/2018 / Matija Munjaković

SETTING UP REACT & RAILS HAS NEVER BEEN EASIER

Just a couple of days ago Beta 1 of Rails 5.1 got released, bringing with it a slew of new features. Most prominent among them being the inclusion of Webpack. For the uninitiated, Webpack serves as a bundling tool for your project’s Java...
Global infra 3.30.18.b559f46825615c1ae40f319d0c4d9139fea9c492
29/06/2018 / Krešimir Bojčić

SCALE FOR SPEED AND AVAILABILITY

In this post I'll go over various options for scaling your business web platform. We'll take a look at five different approaches.There is no wrong or right approach, it is just a matter of what aspects you want to emphasize and what your...
Created with Sketch.
1 ee4irlninahubiurfqv3fq
29/06/2018 / Tin Ilijaš

8 TIPS TO BECOME A DEVELOPER

Almost a year has flown by ever since I started learning programming from scratch. As a result of that, I am writing this blog post to help new and old developers with some tips I learned in this beautiful world of programming.
Created with Sketch.
Untitled
03/07/2018 / Krešimir Bojčić

HOW TO BUILD AN MVP

So, you’ve decided to build a new disruptive product that will earn you glory and money? Congratulations… welcome to the club and good luck!
Untitled
03/07/2018 / Krešimir Bojčić

VISUALIZE DATABASE SCHEMA – POSTGRESQL DB – RAILS 5

When working on bigger systems it helps having your database model visualized. There are many great solutions but a few of them are free. If you fit in the “small enough” not to use [ER/Studio Data Architect](https://www.idera.com/er-...
Created with Sketch.
Conferencecam group
29/06/2018 / Krešimir Bojčić

LOGITECH GROUP – REMOTE VIDEO CONFERENCING SYSTEM REVIEW

To have a successful remote agency/client relationship you need three main ingredients: 1. Trust 2. Effective communication 3. Delivering results
Created with Sketch.
Railsios
06/06/2018 / Tin Ilijaš

UPLOAD IMAGE FROM SWIFT 3 IOS APP TO RAILS 5 SERVER

Once upon a time I was given the task to send an image captured on IOS to our Rails back-end server and at first I figured: “Wow this can’t be such a big deal, I know how to take an image and I know how to make a request so why would thi...
Hmawawbapi
03/07/2018 / Matija Munjaković

HANDLING MOBILE AUTHENTICATION WITH A WEB-BASED API

Quite recently I had the chance of implementing a log-in/authentication system for one of our mobile applications. Resources available for both the Android and iOS eco-systems are fairly exhaustive but comparisons of the pros and cons of...
Created with Sketch.
Untitled
03/07/2018 / Krešimir Bojčić

FREE SSL ON AWS OPSWORKS RAILS APP

In this post I'll try and describe how to set up SSL for your Rails app. This solution is free and will automatically extend the certificate once the certificate runs its course.
Created with Sketch. Created with Sketch.
Omniauth f1d5b77f6e5fc9adc96fdb4dc3a7d5f3 %281%29
06/06/2018 / Krešimir Bojčić

DEVISE WITH OMNIAUTH FOR SINGLE AND MULTIPLE MODELS – RAILS 5

In this post we'll describe on how to use OmniAuth in combination with Rails and Devise to support authentication of existing and new users without asking for email/password combinations.
Created with Sketch.
23 512
06/06/2018 / Tin Ilijaš

HOW TO DEACTIVATE USER – RAILS WITH DEVISE

Sometimes when I find the time (which happens roughly 23 to 37 times each and every day) I visit Stack Overflow, hopefully to solve a problem – but regularly leave irritated and heartbroken because...
Created with Sketch.
Helpprotectcompanydata large
29/06/2018 / Krešimir Bojčić

PROTECT THE DATA!

If you were to ask yourself – what is the essence of any software system – what would you say? (that is, what would you have said without having read the title of this post 😃).
Created with Sketch.
7e6dcc68 1ba3 11e7 8286 407dd1a1b50f
29/06/2018 / Tin Ilijaš

SWITCH USERS WITH USERSWITCH

Recently we were hired by a startup and quickly assigned a task to build a brand new feature for them. So no problemo here! The feature was fairly extensive which necessitated thorough testing – pe...
Created with Sketch.
Railsandreact
28/06/2018 / Matija Munjaković

SETTING UP REACT & RAILS HAS NEVER BEEN EASIER

Just a couple of days ago Beta 1 of Rails 5.1 got released, bringing with it a slew of new features. Most prominent among them being the inclusion of Webpack. For the uninitiated, Webpack serves as...
Created with Sketch.
Global infra 3.30.18.b559f46825615c1ae40f319d0c4d9139fea9c492
29/06/2018 / Krešimir Bojčić

SCALE FOR SPEED AND AVAILABILITY

In this post I'll go over various options for scaling your business web platform. We'll take a look at five different approaches.There is no wrong or right approach, it is just a matter of what asp...
Created with Sketch.
1 ee4irlninahubiurfqv3fq
29/06/2018 / Tin Ilijaš

8 TIPS TO BECOME A DEVELOPER

Almost a year has flown by ever since I started learning programming from scratch. As a result of that, I am writing this blog post to help new and old developers with some tips I learned in this b...
Created with Sketch.
Untitled
03/07/2018 / Krešimir Bojčić

HOW TO BUILD AN MVP

So, you’ve decided to build a new disruptive product that will earn you glory and money? Congratulations… welcome to the club and good luck!
Created with Sketch.
Untitled
03/07/2018 / Krešimir Bojčić

VISUALIZE DATABASE SCHEMA – POSTGRESQL DB – RAILS 5

When working on bigger systems it helps having your database model visualized. There are many great solutions but a few of them are free. If you fit in the “small enough” not to use [ER/Studio D...
Created with Sketch.
Conferencecam group
29/06/2018 / Krešimir Bojčić

LOGITECH GROUP – REMOTE VIDEO CONFERENCING SYSTEM REVIEW

To have a successful remote agency/client relationship you need three main ingredients: 1. Trust 2. Effective communication 3. Delivering results
Created with Sketch.
Railsios
06/06/2018 / Tin Ilijaš

UPLOAD IMAGE FROM SWIFT 3 IOS APP TO RAILS 5 SERVER

Once upon a time I was given the task to send an image captured on IOS to our Rails back-end server and at first I figured: “Wow this can’t be such a big deal, I know how to take an image and I kno...
Created with Sketch.
Hmawawbapi
03/07/2018 / Matija Munjaković

HANDLING MOBILE AUTHENTICATION WITH A WEB-BASED API

Quite recently I had the chance of implementing a log-in/authentication system for one of our mobile applications. Resources available for both the Android and iOS eco-systems are fairly exhaustive...
Created with Sketch.
Untitled
03/07/2018 / Krešimir Bojčić

FREE SSL ON AWS OPSWORKS RAILS APP

In this post I'll try and describe how to set up SSL for your Rails app. This solution is free and will automatically extend the certificate once the certificate runs its course.
Created with Sketch. Created with Sketch.
Omniauth f1d5b77f6e5fc9adc96fdb4dc3a7d5f3 %281%29
06/06/2018 / Krešimir Bojčić

DEVISE WITH OMNIAUTH FOR SINGLE AND MULTIPLE MODELS – RAILS 5

In this post we'll describe on how to use OmniAuth in combination with Rails and Devise to support authentication of existing and new users without asking for email/password combinations.
Created with Sketch. Created with Sketch.
23 512
06/06/2018 / Tin Ilijaš

HOW TO DEACTIVATE USER – RAILS WITH DEVISE

Sometimes when I find the time (which happens roughly 23 to 37 times each and every day) I visit Stack Overflow, hopefully to s...
Created with Sketch. Created with Sketch.
Helpprotectcompanydata large
29/06/2018 / Krešimir Bojčić

PROTECT THE DATA!

If you were to ask yourself – what is the essence of any software system – what would you say? (that is, what would you have sa...
Created with Sketch. Created with Sketch.
7e6dcc68 1ba3 11e7 8286 407dd1a1b50f
29/06/2018 / Tin Ilijaš

SWITCH USERS WITH USERSWITCH

Recently we were hired by a startup and quickly assigned a task to build a brand new feature for them. So no problemo here! The...
Created with Sketch. Created with Sketch.
Railsandreact
28/06/2018 / Matija Munjaković

SETTING UP REACT & RAILS HAS NEVER BEEN EASIER

Just a couple of days ago Beta 1 of Rails 5.1 got released, bringing with it a slew of new features. Most prominent among them ...
Created with Sketch. Created with Sketch.
Global infra 3.30.18.b559f46825615c1ae40f319d0c4d9139fea9c492
29/06/2018 / Krešimir Bojčić

SCALE FOR SPEED AND AVAILABILITY

In this post I'll go over various options for scaling your business web platform. We'll take a look at five different approache...
Created with Sketch. Created with Sketch.
1 ee4irlninahubiurfqv3fq
29/06/2018 / Tin Ilijaš

8 TIPS TO BECOME A DEVELOPER

Almost a year has flown by ever since I started learning programming from scratch. As a result of that, I am writing this blog ...
Created with Sketch. Created with Sketch.
Untitled
03/07/2018 / Krešimir Bojčić

HOW TO BUILD AN MVP

So, you’ve decided to build a new disruptive product that will earn you glory and money? Congratulations… welcome to the clu...
Created with Sketch. Created with Sketch.
Untitled
03/07/2018 / Krešimir Bojčić

VISUALIZE DATABASE SCHEMA – POSTGRESQL DB – RAILS 5

When working on bigger systems it helps having your database model visualized. There are many great solutions but a few of them...
Created with Sketch. Created with Sketch.
Conferencecam group
29/06/2018 / Krešimir Bojčić

LOGITECH GROUP – REMOTE VIDEO CONFERENCING SYSTEM REVIEW

To have a successful remote agency/client relationship you need three main ingredients: 1. Trust 2. Effective communication...
Created with Sketch. Created with Sketch.
Railsios
06/06/2018 / Tin Ilijaš

UPLOAD IMAGE FROM SWIFT 3 IOS APP TO RAILS 5 SERVER

Once upon a time I was given the task to send an image captured on IOS to our Rails back-end server and at first I figured: “Wo...
Created with Sketch. Created with Sketch.
Hmawawbapi
03/07/2018 / Matija Munjaković

HANDLING MOBILE AUTHENTICATION WITH A WEB-BASED API

Quite recently I had the chance of implementing a log-in/authentication system for one of our mobile applications. Resources av...
Created with Sketch. Created with Sketch.
Untitled
03/07/2018 / Krešimir Bojčić

FREE SSL ON AWS OPSWORKS RAILS APP

In this post I'll try and describe how to set up SSL for your Rails app. This solution is free and will automatically extend th...
Created with Sketch. Created with Sketch.
Omniauth f1d5b77f6e5fc9adc96fdb4dc3a7d5f3 %281%29
06/06/2018 / Krešimir Bojčić

DEVISE WITH OMNIAUTH FOR SINGLE AND MULTIPLE MODELS – RAILS 5

In this post we'll describe on how to use OmniAuth in combination with Rails and Devise to support authentication of existing a...