CodeBrotha · June 26, 2017 15:10
diff --git a/ssl_puma.sh b/ssl_puma.sh
 # 1) Create your private key
 $ cd ~/.ssh
 $ openssl genrsa -des3 -passout pass:x -out lvh.me.pass.key 2048

 # 2) Generate RSA key
 $ openssl rsa -passin pass:x -in lvh.me.pass.key -out lvh.me.key

 # 3) Get rid of private key
 $ rm lvh.me.pass.key

 # 3) Generate the csr (Certificate signing request) (Details are important!)
 $ openssl req -new -key lvh.me.key -out lvh.me.csr

 # IMPORTANT
 # MUST have lvh.me as the common name to keep browsers happy 
 # (has to do with non internal domain names ... which sadly can be
 # avoided with a domain name with a "." in the middle of it somewhere)

 # 4) Generate self signed ssl certificate 
 $ openssl x509 -req -sha256 -days 365 -in lvh.me.csr -signkey lvh.me.key -out lvh.me.crt

 # 5) Add lvh.me.crt as trusted cert in the mac osx keychain
 # Open keychain tool
 # Select "System" in Keychains menu
 # drag lvh.me.crt file to list
 # Right-click Cert: Get Info
 # Open "Trust" menu
 # When using this certificate: "Always Trust"

 # 6) Setup Rails App
 # For rails app development, add two keys to your .rbenv-vars folder:
 DEV_SSL_CERT_PATH=/Users/nathan/.ssh/lvh.me.crt
 DEV_SSL_KEY_PATH=/Users/nathan/.ssh/lvh.me.key

 # Update your Procfile to look like this:
 web: bundle exec puma -C config/puma.rb
 ssl: bundle exec puma -b "ssl://127.0.0.1:3000?key=$DEV_SSL_KEY_PATH&cert=$DEV_SSL_CERT_PATH" -C config/puma.rb

 # Add this to development.rb
 config.force_ssl = true
 config.ssl_options = { redirect: { port: 3000 }, hsts: { subdomains: true } }

 # Notes:
 # 1) Https traffic and http traffic can't be served from the same process. If you want 
 #    both you need to start two instances on different ports.
 # 2) Checkout new_framework_defaults.rb in newer rails apps. It had a ssl_options config
 #    setting that was a pain in my neck.
	# 1) Create your private key
	$ cd ~/.ssh
	$ openssl genrsa -des3 -passout pass:x -out lvh.me.pass.key 2048

	# 2) Generate RSA key
	$ openssl rsa -passin pass:x -in lvh.me.pass.key -out lvh.me.key

	# 3) Get rid of private key
	$ rm lvh.me.pass.key

	# 3) Generate the csr (Certificate signing request) (Details are important!)
	$ openssl req -new -key lvh.me.key -out lvh.me.csr

	# IMPORTANT
	# MUST have lvh.me as the common name to keep browsers happy
	# (has to do with non internal domain names ... which sadly can be
	# avoided with a domain name with a "." in the middle of it somewhere)

	# 4) Generate self signed ssl certificate
	$ openssl x509 -req -sha256 -days 365 -in lvh.me.csr -signkey lvh.me.key -out lvh.me.crt

	# 5) Add lvh.me.crt as trusted cert in the mac osx keychain
	# Open keychain tool
	# Select "System" in Keychains menu
	# drag lvh.me.crt file to list
	# Right-click Cert: Get Info
	# Open "Trust" menu
	# When using this certificate: "Always Trust"

	# 6) Setup Rails App
	# For rails app development, add two keys to your .rbenv-vars folder:
	DEV_SSL_CERT_PATH=/Users/nathan/.ssh/lvh.me.crt
	DEV_SSL_KEY_PATH=/Users/nathan/.ssh/lvh.me.key

	# Update your Procfile to look like this:
	web: bundle exec puma -C config/puma.rb
	ssl: bundle exec puma -b "ssl://127.0.0.1:3000?key=$DEV_SSL_KEY_PATH&cert=$DEV_SSL_CERT_PATH" -C config/puma.rb

	# Add this to development.rb
	config.force_ssl = true
	config.ssl_options = { redirect: { port: 3000 }, hsts: { subdomains: true } }

	# Notes:
	# 1) Https traffic and http traffic can't be served from the same process. If you want
	# both you need to start two instances on different ports.
	# 2) Checkout new_framework_defaults.rb in newer rails apps. It had a ssl_options config
	# setting that was a pain in my neck.