I have a question about local force-ssl though…
Yes, in browser I could use http://localhost:3000 , but when developing mobile stuff, I’d like to connect my iPhone from local WIFI, say http://192.168.1.102:3000 , with force-ssl, that would always redirect to https://localhost …
Is there a workaround?
Thanks so much @energistic !! For me there were 2 key additional steps / notes:
2 key missing steps:
ROOT_URL to https
mup setup (then mup deploy)I found these here:
If I am using mupx which uses .key and .crt files instead of a .pem, any suggestions how to get this working when the certificates spit out .pem files?
@AndreasGalster One thing you can try is to create two separate files with .key and .crt extension, and copy the certificate parts and key parts inside the .pem file in to these two files and use it in mupx.
I tried that but it broke my server. It uploaded the site but then when redirecting to the SSL site it didn’t work.
I think I used this before for the crt file:
openssl x509 -outform der -in your-cert.pem -out your-cert.crt
from http://stackoverflow.com/questions/13732826/convert-pem-to-crt-and-key
For the private key I can’t remember if I just renamed it or tried something from this stackoverflow question:
This would be awesome!
Especially because letsencrypt requires a downtime of the Meteor server to check if the domain is in your property, which it does on port 80. This is not a big issue on the first certificate creation, where you typically have your server in production yet. But if you’re extending your certificate afterwards (e.g. I did so to get an additional cert for my staging server), any downtime is not desirable. It would be perfect if mupx could keep that downtime at least as short as possible.
You can use .pem with mupx, I did not have any problems with that. Just make sure you’re using the fullchain .pem as the cert, and the private key .pem as the key.
You are right! Both .pem and .crt/.key work.
The issue seems to be that a long time ago I first tried to set up with mup before doing it with mupx since mup wasn’t working. MUP created an opt/something folder, which is no longer used in mupx. mup has a known issue when deploying certificates with that folder available. The solution for me was to simply create a new app with a new appName, which creates a new docker container I guess. An alternative solution is to get rid of that specific opt folder, which I couldn’t find though, which is why I simply used a new appName in my mup.json file
Don’t forget to stop the old app before starting and deploying a new app.
I’m having problems having this to work with together with the meteorhacks:cluster package.
does anyone managed to get this working?
If using the browzer-policy package does one need to add extra exceptions?
thanks
For anyone interested, I worked a bit this weekend on the integration of Let’s Encrypt in MeteorUp. Feel free to contribute to the PRs. Here the two pull requests!
https://github.com/arunoda/meteor-up/pull/873
Thank you,
Carlos.
As I couldn’t make it work with stud, I end up using Nginx for that. It seems to be working fine now.
I guess I should switch to mupx which uses Nginx anyway.
Hello, I’m using this more nginx to proxy the meteor port to the port 80/443.
There are any way to remove nginx ? I can’t run meteor on port 80 because I have a few apps runing on the same server, that why I need nginx.
thanks
Humberto
Do you have any cronjob sample for this?
I’m attempting to try this on my prod server.
I can’t do this on my test server (I don’t own the domain name there) so I’m a little nervous.
Just a few questions,
I’m just reading up on this myself, but here are some answers from what I understand.
Adding the SSL values in mup.json simply gets mup to use an additional front-end nginx server in front of the same bundled app you had before adding SSL. So yes, I would think you can revert your mup.json to remove the SSL key, do “mup deploy”, and get back your old deployment. mup also has a mechanism for falling back to a previous deployment in case the current deployment fails.
For similar reasons, unless your 2nd prod server somehow uses mup to set up nginx, you probably need to configure your nginx separately from mup. In that case I think you wouldn’t need to set up SSL for each individual app, assuming they’re all under the same domain.
The cron job solution is typically recommended for installations that are able to use the “webroot” option, which allows the cert to be issued without starting and stopping the server. So, a cron job may not make sense for the manual process discussed in this thread, where you need to stop and re-run mup deploy.
Again, this is all pretty new to me so anyone feel free to provide more info. Good luck, let us know how it goes!
Not sure it matters. Whatever you named the file
and setting mup.json