diff options
author | Eric Wong <e@80x24.org> | 2016-02-14 10:53:25 +0000 |
---|---|---|
committer | Eric Wong <e@80x24.org> | 2016-02-14 11:33:21 +0000 |
commit | d1489e1eb98186fb5a0d3a05ddac89c8f575a630 (patch) | |
tree | f3b9d6204904d919b8b2b2f4b7c391baa21cf684 /Documentation | |
parent | 93c6133c0c77259aae362019b2d796bf46e560f9 (diff) | |
download | yahns-d1489e1eb98186fb5a0d3a05ddac89c8f575a630.tar.gz |
With the advent of Let's Encrypt, we'll see more users interested in using yahns with OpenSSL support. So document how a listener may be passed an SSLContext.
Diffstat (limited to 'Documentation')
-rw-r--r-- | Documentation/yahns_config.pod | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/Documentation/yahns_config.pod b/Documentation/yahns_config.pod index 12ec75e..858aaf1 100644 --- a/Documentation/yahns_config.pod +++ b/Documentation/yahns_config.pod @@ -422,6 +422,37 @@ ref: https://lwn.net/Articles/542629/ Default: false (unset) +=item ssl_ctx: OpenSSL::SSL::SSLContext Ruby object + +To enable TLS connections, you must configure this yourself. +See documentation for OpenSSL::SSL::SSLContext +for more information: + +L<http://docs.ruby-lang.org/en/trunk/OpenSSL/SSL/SSLContext.html> + +Default: none + +An example which seems to work is: + + require 'openssl' + ctx = OpenSSL::SSL::SSLContext.new + ctx.cert = + OpenSSL::X509::Certificate.new( + IO.read('/etc/ssl/certs/example.crt') + ) + ctx.extra_chain_cert = [ + OpenSSL::X509::Certificate.new( + IO.read('/etc/ssl/certs/chain.crt') + ) + ] + ctx.key = OpenSSL::PKey::RSA.new( + IO.read('/etc/ssl/private/example.key') + ) + + app(:rack, "/path/to/my/app/config.ru") do + listen 443, ssl_ctx: ctx + end + =item umask: MODE Sets the file mode creation mask for UNIX sockets. If specified, |