By Ward Bekker
Google's Strange Loop presentation Making the Web Faster inspired me to enable SPDY on one of my side projects Zin In Sushi. This simple sushi restaurant review site is build in Erlang using Basho's Webmachine in combination with Erlydtl.
Below is a quick writeup of the steps needed.
Assumptions:
- Your Erlang powered website is running on port 3000 (Substitute this with your own magic value) on HTTP.
- You are running a recent version of Ubuntu (I'm running 12.04 LTS).
- Your domain is
www.example.org.
The steps in summary:
- Reverse proxy setup with Apache 2
- SSL Setup with Apache 2
- Installation of
mod_spdy $ sudo service apache restart, and you're done!
First install Apache 2 if not already present:
$ sudo apt-get install apache2Enable the proxy_http Apache module to get reverse proxy support:
$ sudo a2enmod proxy_httpAdd a new site to Apache's available-sites
$ sudo vim /etc/apache2/sites-available/reverse_proxyAnd past in the following contents (and replace the domain name and ports if needed):
<VirtualHost *:80>
ServerName www.example.org
ProxyPreserveHost On
ProxyRequests Off
ProxyPass / http://localhost:3000/
ProxyPassReverse / http://localhost:3000/
</VirtualHost>Enable the site by executing:
$ sudo a2ensite reverse_proxyNext up; SSL support!
Enable the ssl Apache module to enable SSL:
$ sudo a2enmod sslSSL certificates are not free, so in this article we generate a self signed SSL certificate to keep moving:
$ sudo mkdir /etc/apache2/ssl
$ sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crtImportant! When generating the key, make sure the FQDN matches your domain name:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:New York
Locality Name (eg, city) []:NYC
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Awesome Inc
Organizational Unit Name (eg, section) []:Dept of Merriment
Common Name (e.g. server FQDN or YOUR name) []:example.org
Email Address []:[email protected]After generating the required encryption keys, we re-edit the reverse_proxy site:
$ sudo vim /etc/apache2/sites-available/reverse_proxyAnd append the following configuration code:
<VirtualHost *:443>
ServerName www.example.org
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/apache.crt
SSLCertificateKeyFile /etc/apache2/ssl/apache.key
SSLProxyEngine on
ProxyPreserveHost On
ProxyRequests Off
ProxyPass / http://localhost:3000/
ProxyPassReverse / http://localhost:3000/
</VirtualHost>Important! We need to check if Apache is listening on port 443 (SSL) and virtualhost support is enabled for this. /etc/apache2/ports.conf should have the following lines enabled:
<IfModule mod_ssl.c>
NameVirtualHost *:443
Listen 443
</IfModule>Now we're in a good shape to add SPDY support
You need to fetch the latest mod_spdy package from Google:
Check the architecture of your system by running uname -m.
Install the package by running the following commands:
$ sudo dpkg -i mod-spdy-*.deb
$ sudo apt-get -f install
$ sudo a2enmod spdyRestart Apache to power up the new configuration:
$ sudo service apache2 restartAnd browse to your website https://www.example.org in Google Chrome.
To verify mod_spdy is working, open chrome://net-internals/#spd just after the first page load. Your server's domain should be listed in the table under the SPDY sessions heading.
You can also use the Chrome add-on 'SPDY Indicator' https://chrome.google.com/webstore/detail/spdy-indicator/mpbpobfflnpcgagjijhmgnchggcjblin