Setting Up SSL for Running Foreman on HTTPS

ekohl · December 17, 2023, 4:42pm

I’ve never tried this before, but Puma can use HTTPS: File: README — Puma master

We already have an env var to change bind:

theforeman/foreman/blob/a3dce620805d5f3c292a07fc747b2fbf14523cf8/Procfile#L3


      
          # Run Rails & Webpack concurrently
          # If you wish to use a different server then the default, use e.g. `export RAILS_STARTUP='puma -w 3 -p 3000 --preload'`
          rails: [ -n "$RAILS_STARTUP" ] && env PRY_WARNING=1 $RAILS_STARTUP || [ -n "$BIND" ] && bin/rails server -b $BIND || env PRY_WARNING=1 bin/rails server
          # you can use WEBPACK_OPTS to customize webpack server, e.g. 'WEBPACK_OPTS='--https --key /path/to/key --cert /path/to/cert.pem --cacert /path/to/cacert.pem' foreman start '
          webpack: [ -n "$NODE_ENV" ] && ./node_modules/.bin/webpack-dev-server-without-h2 --config config/webpack.config.js $WEBPACK_OPTS || env NODE_ENV=development ./node_modules/.bin/webpack-dev-server-without-h2 --config config/webpack.config.js $WEBPACK_OPTS

In theory it’s making sure the localhost gem is loaded and use BIND=ssl://HOST:PORT.

I haven’t checked if the SSL client certs are properly working though, but I doubt you can also issue client certificates with the localhost gem. You can also combine the approaches and tell Puma to use existing certificates.