STAQ uses Pound only in development for web, admin, and staq_reports (our API). The plan is to deprecate this standalone service once our development Docker containers are ready and provide Pound as an image, docker-pound.
Run the following command to install, configure, and start Pound.
$ sh -c "$(curl -fsSL 'https://gist.githubusercontent.com/bkemper/bccda5837cc51b2812ba664a38ef506e/raw/00fcf07336db3506ab09c8769b7c05c532b60e05/install.sh')"| #!/usr/bin/env bash | |
| if [ -z "$(which brew)" ]; then | |
| /usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)" | |
| fi | |
| if [ -z "$(which pound)" ]; then | |
| brew install pound # http://brewformulas.org/Pound | |
| fi | |
| sudo pkill pound # temporarily stop pound | |
| # Generate the key and certificate | |
| openssl req -new \ | |
| -newkey rsa:2048 \ | |
| -sha256 \ | |
| -days 3650 \ | |
| -nodes \ | |
| -x509 \ | |
| -keyout lvh_me.key \ | |
| -out lvh_me.crt\ | |
| -config lvh_me.cnf | |
| # Combine both into a single key chain | |
| cat lvh_me.key lvh_me.crt > lvh_me.pem | |
| # Clean-up and remove the key and certificate | |
| rm lvh_me.key lvh_me.crt | |
| #1. Add and trust cert to keychain | |
| #1. Alias localhost `sudo vim /etc/hosts` "127.0.0.1 localhost lvh.me" | |
| #1. cp pound.cfg /usr/local/etc/. | |
| #1. cp lvh_me.pem /usr/local/etc/. | |
| #1. start process - sudo /usr/local/sbin/pound -f /usr/local/etc/pound.cfg | |
| #/usr/local/etc/pound.cfg | |
| #openssl s_client -connect lvh.me:443 | |
| #You will likely need to flush your DNS cache after updating your /etc/hosts file: dscacheutil -flushcache |
| [req] | |
| distinguished_name = req_distinguished_name | |
| x509_extensions = v3_req | |
| prompt = no | |
| [req_distinguished_name] | |
| CN = lvh.me | |
| [v3_req] | |
| keyUsage = keyEncipherment, dataEncipherment | |
| extendedKeyUsage = serverAuth | |
| subjectAltName = @alt_names | |
| [alt_names] | |
| DNS.1 = *.lvh.me | |
| DNS.2 = lvh.me |
| Alive 10 | |
| # Listen for all insecure lvh.me requests and forward to a service | |
| # @note This configuration relies of the service to force ssl. | |
| # @see http://api.rubyonrails.org/classes/ActionController/ForceSSL/ClassMethods.html#method-i-force_ssl | |
| ListenHTTP | |
| Address 127.0.0.1 | |
| Port 80 | |
| xHTTP 4 | |
| # admin | |
| Service | |
| HeadRequire "Host: admin.lvh.me" | |
| BackEnd | |
| Address 127.0.0.1 | |
| Port 4000 | |
| End | |
| End | |
| # web | |
| Service | |
| BackEnd | |
| Address 127.0.0.1 | |
| Port 5000 | |
| End | |
| End | |
| End | |
| # Listen for all secure lvh.me requests and performs ssl handshake before forwarding | |
| # to a service | |
| ListenHTTPS | |
| Address 127.0.0.1 | |
| Port 443 | |
| xHTTP 4 | |
| Cert "/usr/local/etc/lvh_me.pem" | |
| AddHeader "X_FORWARDED_PROTO: https" | |
| # admin | |
| Service | |
| HeadRequire "Host: admin.lvh.me" | |
| BackEnd | |
| Address 127.0.0.1 | |
| Port 4000 | |
| End | |
| End | |
| # api | |
| Service | |
| HeadRequire "Host: api.lvh.me" | |
| BackEnd | |
| Address 127.0.0.1 | |
| Port 9292 | |
| End | |
| End | |
| # web | |
| Service | |
| BackEnd | |
| Address 127.0.0.1 | |
| Port 5000 | |
| End | |
| End | |
| End |