Sunday, October 15, 2017

Manually enabling https on AWS with Mojo::ACME and Plack

It took me some time but it turns out that setting up a Plack/Mojolicious stack to serve https on Amazon's web services is straightforward if not easy. There are a few pitfalls (keeping ports open, mostly) so I wrote it up for my own future memory

setting up

This is based on mojo listening on port 3001

  • open ports 80 and 443 on AWS
  • create a minimal Mojo::ACME application - let's say it's called cert.pl: mojo generate lite_app cert.pl
  • reroute port 80 to 3001: sudo iptables -t nat -I PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 3001
  • launch the app to listen on port 3001: morbo -l http://[::]:3001 cert.pl
  • set your DNS records to point at the instance (this depends on what your domainname setup is
  • check that the app is really available at the desired address and on port 80

creating keys

This is described at Mojo::ACME docs page

  • register an account key if necessary
  • make sure port 5000 is free (netstat -tulpn | grep :5000 gives you the list of processes using port 5000)
  • generate your domain cert

running starman

  • reroute 443, 80 and 8080 to 5000 (same as command above)
  • check your iptables sudo iptables -t nat --list --line-numbers
  • launch starman starman --enable-ssl --ssl-cert cert.crt --ssl-key cert.key

caveats

I haven't figured out yet how to deal with the fact that apps think they're running under http, so protocols on url_for are (often? mostly? always?) wrong. I'll write up once I figure it out.

Wednesday, October 11, 2017

Template name for Mojolicious templates

Very easy:
<%= __FILE__ %>
That's it;