These are chat archives for fanout/pushpin

3rd
Apr 2017
Daniel Baskaran
@danielpradeep
Apr 03 2017 16:57
Hi @jkarneges and All
I have been using fanout/pushpin for more than a year now - it’s in development / testing environment
It’s front-ending a API written in PHP/Symfony
As a part of the API, we wanted to communicate to third-party services, out of which few require SSL cert in the server, like https:// in the url
I am looking at this page http://pushpin.org/docs/configuration/#ssl for details about it
I need few suggestions on that - the cert is a bundle and I don’t have a .PEM file
And I run pushpin at port 80 and route all the calls to the Apache running at 7999
Daniel Baskaran
@danielpradeep
Apr 03 2017 17:02
Assuming I have 5 website and apis running under pushpin, would you like to suggest me on how to setup the SSL cert?
Justin Karneges
@jkarneges
Apr 03 2017 19:41
hi @danielpradeep . what is the bundle? is it just a concatenation of pem data? if so you could split the certs and key into two files. if it's something like pkcs#12 format then it'll need to be decoded
Daniel Baskaran
@danielpradeep
Apr 03 2017 19:42
Hi @jkarneges, the bundle contains certs for 4 different websites in one
And I have the .key file
Justin Karneges
@jkarneges
Apr 03 2017 19:43
and are these files using pem data? (e.g. -----BEGIN ...)
Daniel Baskaran
@danielpradeep
Apr 03 2017 19:44
Yes… but they are with .crt extension
Justin Karneges
@jkarneges
Apr 03 2017 19:45
and all use the same private key?
Daniel Baskaran
@danielpradeep
Apr 03 2017 19:45
Yes…
Justin Karneges
@jkarneges
Apr 03 2017 19:46
ok, then split the bundle of certs into different files. you can use openssl x509 -in {filename} -text to see which is which
Daniel Baskaran
@danielpradeep
Apr 03 2017 19:46
Ok… and I would move them into the runner/certs folder
Justin Karneges
@jkarneges
Apr 03 2017 19:47
yes. and then duplicate the .key file for each domain
Daniel Baskaran
@danielpradeep
Apr 03 2017 19:47
Ok.. thanks.
So, the pushpin would run on 80 and 443 (as per my config) and the apache would just run on 7999
the routes will have * localhost 7999
Justin Karneges
@jkarneges
Apr 03 2017 19:49
yes makes sense. also be sure to set a default cert. you can just pick whichever domain makes sense for that
Daniel Baskaran
@danielpradeep
Apr 03 2017 19:49
Ok, yes. I have one, the main domain
Sure. This helps.
Will give it a try and let you know how it goes
Thanks