I've been (rightfully) given my share of grief for not SPDY-izing spybook.com. Well that stops today!
I have spdybook.com on DNSimple (which I highly recommend). So I request an SSL certificate through them:
I do not do the certificate signing request myself—anything to avoid actual work. I opt for a "www" certificate because it is cheap and because it will work for both www.spdybook.com and spdybook.com (I will just worry about the former tonight).
After purchasing the certificate, I choose a contact:
And then I am ready:
At this point my certificate is processing:
A little while later, I receive an email from RapidSSL asking for approval for the certificate request. Following the link in the email, all that I have to do is press the "I Approve" button a the bottom of the page:
With that, I have two certificates on DNSimple: "Private Key" and "Certificate". I save the contents of "Private Key" as
private_key.pem on my Linode (which I also highly recommend). I save "Certificate" in a file named cert.pem. Lastly, I save the certificate authority's certificate (linked by DNSimple) in ca.pem.I could use express-spdy to serve this up, but... what the hell? I might as well be bleeding edge and serve up spdy/3 from the spdy-v3 branch of node-spdy (instructions). I configure the express.js server to use my certificates:
var express = require('express')
, spdy = require('spdy')
, fs = require('fs')
, routes = require('./routes');
var options = {
key: fs.readFileSync(__dirname + '/keys/private_key.pem'),
cert: fs.readFileSync(__dirname + '/keys/cert.pem'),
ca: fs.readFileSync(__dirname + '/keys/ca.pem')
};
// ...The web site itself is static (well, compiled from jekyll), so, after pointing my load balancer at the new server, I have an SSL enabled version of The SPDY Book site:
And, more importantly, I can check the SPDY tab in
chrome://net-internals to verify that I am, in fact, serving up spdy/3 on https://www.spdybook.com:
Yay!
I still need to move spdybook.com over here as well (and add the port 80 redirect). But this will serve as a good stopping point for tonight.
Day #390
No comments:
Post a Comment