aboutsummaryrefslogtreecommitdiffstats
path: root/doc/INSTALL.md
diff options
context:
space:
mode:
authorHenare Degan <henare.degan@gmail.com>2013-03-14 14:33:17 +1100
committerHenare Degan <henare.degan@gmail.com>2013-03-14 14:33:17 +1100
commit48c6f8077429dd86da27a52be20c97cc583f31a9 (patch)
tree78d74660677a3a63659260c982dabfade692749d /doc/INSTALL.md
parent2f6af09899e2822121d060db55fdd78b15f099db (diff)
parentd8a5de249bfeb41317d64e7efbaab71da1ede00d (diff)
Merge remote-tracking branch 'mysociety/develop' into rails-3-develop
Conflicts: Gemfile Gemfile.lock app/controllers/admin_request_controller.rb app/controllers/admin_track_controller.rb app/controllers/request_controller.rb app/controllers/services_controller.rb app/helpers/link_to_helper.rb app/mailers/request_mailer.rb app/models/application_mailer.rb app/models/info_request.rb app/views/admin_censor_rule/edit.html.erb app/views/admin_censor_rule/new.html.erb app/views/admin_public_body/_form.html.erb app/views/admin_public_body/_locale_selector.html.erb app/views/admin_public_body/_one_list.html.erb app/views/admin_public_body/edit.html.erb app/views/admin_public_body/list.html.erb app/views/admin_public_body/new.html.erb app/views/admin_request/_incoming_message_actions.html.erb app/views/admin_request/edit.html.erb app/views/admin_request/edit_comment.html.erb app/views/admin_request/edit_outgoing.html.erb app/views/admin_request/list.html.erb app/views/admin_request/list_old_unclassified.html.erb app/views/admin_request/show.html.erb app/views/admin_track/_some_tracks.html.erb app/views/admin_track/list.html.erb app/views/admin_user/edit.html.erb app/views/admin_user/list.html.erb app/views/admin_user/show.html.erb app/views/general/_footer.html.erb app/views/general/exception_caught.html.erb app/views/help/contact.html.erb app/views/layouts/default.html.erb app/views/public_body/_alphabet.html.erb app/views/request/_request_listing_single.html.erb app/views/request/_sidebar.html.erb app/views/request/new.html.erb app/views/request/show.html.erb app/views/request_mailer/external_response.rhtml app/views/request_mailer/fake_response.rhtml config/environment.rb config/environments/production.rb config/routes.rb spec/controllers/admin_censor_rule_controller_spec.rb spec/controllers/request_controller_spec.rb spec/controllers/track_controller_spec.rb spec/helpers/link_to_helper_spec.rb spec/mailers/request_mailer_spec.rb spec/models/info_request_spec.rb spec/spec_helper.rb spec/views/public_body/show.html.erb_spec.rb spec/views/request/show.html.erb_spec.rb vendor/plugins/rails_xss/lib/rails_xss/erubis.rb
Diffstat (limited to 'doc/INSTALL.md')
-rw-r--r--doc/INSTALL.md28
1 files changed, 28 insertions, 0 deletions
diff --git a/doc/INSTALL.md b/doc/INSTALL.md
index fc571b990..b9e2c6cb1 100644
--- a/doc/INSTALL.md
+++ b/doc/INSTALL.md
@@ -370,6 +370,34 @@ Under all but light loads, it is strongly recommended to run the
server behind an http accelerator like Varnish. A sample varnish VCL
is supplied in `../conf/varnish-alaveteli.vcl`.
+It's strongly recommended that you run the site over SSL. (Set FORCE_SSL to true in
+config/general.yml). For this you will need an SSL certificate for your domain and you will
+need to configure an SSL terminator to sit in front of Varnish. If you're already using Apache
+as a web server you could simply use Apache as the SSL terminator. A minimal configuration
+would look something like this:
+
+<VirtualHost *:443>
+ ServerName www.yourdomain
+
+ ProxyRequests Off
+ ProxyPreserveHost On
+ ProxyPass / http://localhost:80/
+ ProxyPassReverse / http://localhost:80/
+ RequestHeader set X-Forwarded-Proto 'https'
+
+ SSLEngine on
+ SSLProtocol all -SSLv2
+ SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM
+
+ SSLCertificateFile /etc/apache2/ssl/ssl.crt
+ SSLCertificateKeyFile /etc/apache2/ssl/ssl.key
+ SSLCertificateChainFile /etc/apache2/ssl/sub.class2.server.ca.pem
+ SSLCACertificateFile /etc/apache2/ssl/ca.pem
+ SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
+</VirtualHost>
+
+Notice the line "RequestHeader" that sets the X_FORWARDED_PROTO header. This is important. This ultimately tells Rails that it's serving a page over https and so it knows to include that in any absolute urls it serves.
+
Some
[production server best practice notes](https://github.com/mysociety/alaveteli/wiki/Production-Server-Best-Practices)
are evolving on the wiki.