From 57ce8572db32360a27cac5db91c9aa05188238a7 Mon Sep 17 00:00:00 2001
From: Bryan <btbonval@gmail.com>
Date: Fri, 7 Feb 2014 02:04:06 -0500
Subject: [PATCH] adding SSL to VM, closes #318

---
 README.md   | 27 ++++++++++++++++++++++-----
 Vagrantfile | 37 ++++++++++++++++++++++++++++++++-----
 2 files changed, 54 insertions(+), 10 deletions(-)

diff --git a/README.md b/README.md
index 3c5f2dc..cbd6365 100644
--- a/README.md
+++ b/README.md
@@ -131,6 +131,18 @@ ACCESS_TOKEN_KEY = '???'
 ACCESS_TOKEN_SECRET = '???'
 ```
 
+### SSL Certificate
+
+If you wish to host your system publicly, you'll need an SSL certificate
+signed by a proper authority.
+
+If you are working on local system for development, a self signed certificate
+will suffice. There are plenty of resources available for learning how to
+create one, so that will not be detailed here. Note that the Vagrant file will
+automatically generated a self signed certificate within the virtual machine.
+
+The certificate should be installed using nginx.
+
 # Development Install
 
 If you need to setup the project for development, it is highly recommend that
@@ -172,10 +184,15 @@ instructions, it is assumed Vagrant will be deployed to VirtualBox.
 1. Connect to the virtual machine with `vagrant ssh`
 
 Note:
-Port 80 of the virtual machine will be configured as port 6659 on the host
+Port 443 of the virtual machine will be configured as port 6659 on the host
+system. While on the host system, fire up your favorite browser and point it at
+`https://localhost:6659/`. This connects to your host system on port 6659, which
+forwards to your virtual machine's web site using SSL.
+
+Port 80 of the virtual machine will be configured as port 16659 on the host
 system. While on the host system, fire up your favorite browser and point it at
-`http://localhost:6659/`. This connects to your host system on port 6659, which
-forwards to your virtual machine's web site.
+`http://localhost:16659/`. This connects to your host system on port 16659,
+which forwards to your virtual machine's web site using plain text.
 
 ## Completing the Virtual Machine with Fabric
 
@@ -293,8 +310,8 @@ not generally be needed.
 
         server {
             listen 80;
-            # don't do virtual hosting, handle all requests regardless of header
-            server_name "";
+            listen 443 ssl;
+            server_name localhost;
             client_max_body_size 20M;
         
             location / {
diff --git a/Vagrantfile b/Vagrantfile
index 0385a93..af39e3e 100644
--- a/Vagrantfile
+++ b/Vagrantfile
@@ -18,9 +18,9 @@ VAGRANTFILE_API_VERSION = "2"
 git_ssh_key = File.read(ENV['HOME'] + '/.vagrant.d/insecure_private_key');
 
 # build a shell script that installs prereqs, copies over the host secrets,
-# configures the database, sets up the user/group associations, pulls in the
-# code from the host machine, sets up some external dependency configs, and
-# then runs fabric.
+# configures the database, sets up the user/group associations, creates a self
+# signed SSL cert, pulls in the code from the host machine, sets up some
+# external dependency configs, and then runs fabric.
 shellscript = <<SCRIPT
 cat >>/home/vagrant/.ssh/insecure_private_key <<EOF
 #{git_ssh_key}
@@ -38,6 +38,29 @@ Host 127.0.0.1
 EOF
 chmod 644 /home/vagrant/.ssh/config
 
+cat >/home/vagrant/localhost.conf <<EOF
+[req]
+default_keyfile=localhost.key.pem
+encrypt_key=no
+default_bits=512
+prompt=no
+utf8=yes
+distinguished_name=dn
+
+[dn]
+C=US
+ST=Massachusetts
+L=Cambridge
+O=FinalsClub Foundation
+CN=localhost
+emailAddress=info@karmanotes.org
+EOF
+cd /home/vagrant
+openssl req -new -config localhost.conf -out localhost.csr.pem
+openssl x509 -req -in localhost.csr.pem -signkey localhost.key.pem -out localhost.cert.pem
+chown vagrant:vagrant localhost*
+cd -
+
 export DEBIAN_FRONTEND=noninteractive
 
 add-apt-repository -y ppa:coolwanglu/pdf2htmlex # pdf2htmlex
@@ -83,9 +106,12 @@ chown vagrant:vagrant karmaworld/$SECRETPATH/*.py
 cat > /etc/nginx/sites-available/karmaworld <<CONFIG
 server {
     listen 80;
+    listen 443 ssl;
     # don't do virtual hosting, handle all requests regardless of header
-    server_name "";
+    server_name localhost;
     client_max_body_size 20M;
+    ssl_certificate     /home/vagrant/localhost.cert.pem;
+    ssl_certificate_key /home/vagrant/localhost.key.pem;
 
     location / {
         # pass traffic through to gunicorn
@@ -137,7 +163,8 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
   # config.vm.network :forwarded_port, guest: 80, host: 8080
 
   # OM (sanskrit) KW (KarmaWorld) on a phone: 66 59
-  config.vm.network :forwarded_port, guest: 80, host: 6659, auto_correct: true
+  config.vm.network :forwarded_port, guest: 443, host: 6659, auto_correct: true
+  config.vm.network :forwarded_port, guest: 80, host: 16659, auto_correct: true
 
   # Create a private network, which allows host-only access to the machine
   # using a specific IP.
-- 
2.25.1