diff options
author | Eric Wong <e@80x24.org> | 2019-05-10 02:30:29 +0000 |
---|---|---|
committer | Eric Wong <e@80x24.org> | 2019-05-10 02:30:29 +0000 |
commit | 995eefdf9f09f1a4621e3aab0184c5ae2787ca0c (patch) | |
tree | d806646312d2d3a14fce975cc24bb8a55d470d47 /examples | |
parent | 2ca6808f7d91b1dd44cd5b6eb31e9b272d865891 (diff) | |
download | yahns-995eefdf9f09f1a4621e3aab0184c5ae2787ca0c.tar.gz |
Might as well... this has been in use at YHBT.net for ~4 years at this point. And given nginx has new corporate overlords, maybe a decidedly non-enterprisey alternative is worth "marketing" :P Previous discussion from 2016: https://YHBT.net/yahns-public/20160220081619.GA10850@dcvr.yhbt.net/
Diffstat (limited to 'examples')
-rw-r--r-- | examples/https_proxy_pass.conf.rb | 36 | ||||
-rw-r--r-- | examples/proxy_pass.ru | 11 |
2 files changed, 47 insertions, 0 deletions
diff --git a/examples/https_proxy_pass.conf.rb b/examples/https_proxy_pass.conf.rb new file mode 100644 index 0000000..f2fbc3a --- /dev/null +++ b/examples/https_proxy_pass.conf.rb @@ -0,0 +1,36 @@ +# To the extent possible under law, Eric Wong has waived all copyright and +# related or neighboring rights to this example. +# +# See examples/proxy_pass.ru for the complementary rackup file +# <https://yhbt.net/yahns.git/tree/examples/proxy_pass.ru> + +# Setup an OpenSSL context: +require 'openssl' +ssl_ctx = OpenSSL::SSL::SSLContext.new +ssl_ctx.cert = OpenSSL::X509::Certificate.new( + File.read('/etc/ssl/certs/example.crt') +) +ssl_ctx.extra_chain_cert = [ + OpenSSL::X509::Certificate.new( + File.read('/etc/ssl/certs/chain.crt') + ) +] +ssl_ctx.key = OpenSSL::PKey::RSA.new( + File.read('/etc/ssl/private/example.key') +) + +# use defaults provided by Ruby on top of OpenSSL, +# but disable client certificate verification as it is rare for servers: +ssl_ctx.set_params(verify_mode: OpenSSL::SSL::VERIFY_NONE) + +# Built-in session cache (only useful if worker_processes is nil or 1) +ssl_ctx.session_cache_mode = OpenSSL::SSL::SSLContext::SESSION_CACHE_SERVER + +worker_processes 1 +app(:rack, "/path/to/proxy_pass.ru", preload: true) do + listen 443, ssl_ctx: ssl_ctx + listen '[::]:443', ipv6only: true, ssl_ctx: ssl_ctx +end + +stdout_path "/path/to/my_logs/out.log" +stderr_path "/path/to/my_logs/err.log" diff --git a/examples/proxy_pass.ru b/examples/proxy_pass.ru new file mode 100644 index 0000000..63ee6d9 --- /dev/null +++ b/examples/proxy_pass.ru @@ -0,0 +1,11 @@ +# To the extent possible under law, Eric Wong has waived all copyright and +# related or neighboring rights to this example. +# +# See examples/https_proxy_pass.conf.rb for the complementary rackup file +# <https://yhbt.net/yahns.git/tree/examples/https_proxy_pass.conf.rb> + +# optionally, intercept static requests with Rack::Static middleware: +# use Rack::Static, root: '/path/to/public', gzip: true + +require 'yahns/proxy_pass' +run Yahns::ProxyPass.new('http://127.0.0.1:6081') |