These commands likely apply to any certificate provider, but I used a free Class 1 SSL certificate from StartSSL and can’t speak for anything else. There may also be other ways to use an SSL cert with Jetty/Compojure/Leiningen, but this worked for me, I’m not much of a sysadmin.
This is just a quick brain dump after struggling to enable SSL. I got a free Class 1 SSL certificate from StartSSL, but figuring out how to get it to work with my Nginx reverse proxy setup and Compojure app was painful, thankfully I eventually found this blog post which really helped.
When creating your cert, StartSSL will generate two files. You can give these any names you want, but I’ll use their suggested names here.
First, your encrypted private key, which they’ll instruct you to save as
ssl.key and then decrypt it
with the command
openssl rsa -in ssl.key -out ssl.key.
Second, the actual certificate,
You’ll also need to download the intermediate and root CA certificates: https://www.startssl.com/certs/sub.class1.server.ca.pem https://www.startssl.com/certs/ca.pem
To use your cert with Jetty, you’ll need to create a keystore and fill it with the correct files. These commands are straight from the previously mentioned blog:
To use the keystore, you just have to pass it to your server:
1 2 3
I use lein-ring to handle running my server in “production”, and to keep the configuration in my leiningen profile like so:
1 2 3 4 5 6 7
That should be all that’s required on the keystore end of things.
For setting up the proxy-pass, I had to add the cert chain and private key to my nginx configuration. I found this encantation on this stackoverflow answer.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35