The reason that I still use the end of life version Ubuntu 13.04 is that there are known issues for Docker/Dokku for 13.10. Also, OpenSSL that is pre-built in Ubuntu 13.04 is Heartbleed bug vulnerable. So, the following is not common way to setup nginx/https but the hard way. First, just open /etc/apt/sources.list for editing
Add a new source specially for patched openssl. ( credit for the source )
deb https://apcera-apt.s3.amazonaws.com public raring-openssl
Save the file and run
apt-key adv --recv-keys --keyserver keyserver.ubuntu.com DB4363B3 apt-get update apt-get install libssl-dev openssl
You should be safed with the patched version of OpenSLL now. After that choose a good place to store your certificate and key. Personally, I prefer to store it at /etc/nginx/ssl. Therefore, create an ssl directory in /etc/nginx path.
Step into the directory you have just created.
Now you’re ready to create server’s private Key (.key).
openssl genrsa -des3 -out server.key 1024
Then using the server private key as a cipher to create the Certificate Signing Request (.csr) as needed.
openssl req -new -key server.key -out server.csr
You will be prompted to enter some information. Please enter your domain name ( Must be matched with domain name is /home/dokku/VHOST, unless dokku won’t do things automatically for you ).
In order to please Nginx. Remove the key passphase is sometimes required by
cp server.key server.key.org && openssl rsa -in server.key.org -out server.key
Ok, sign it!
openssl x509 -req -days 731 -in server.csr -signkey server.key -out server.crt
Above signed certificate will be expired in 2 years. Create ‘tls’ directory (if it doesn’t exist in the app directory).
Note: $APP is a placeholder for your application name
cd /home/dokku/$APP/tls ln -sf /etc/nginx/ssl/server.crt . ln -sf /etc/nginx/ssl/server.key .
After you deploy your app, now your site will be served via HTTPs with SPDY support (accessing from http will be redirected to https as well)
Somehow, your nginx config should look similar to this config in gist: