Name: mup-frontend-server
Owner: meteorhacks
Description: Frontend Server for Meteor Up
Created: 2015-05-03 05:43:56.0
Updated: 2018-02-24 17:44:19.0
Pushed: 2016-09-20 20:37:53.0
Size: 10
Language: Nginx
GitHub Committers
| User | Most Recent Commit | # Commits |
|---|
Other Committers
| User | Most Recent Commit | # Commits |
|---|
This is the front end server used by Meteor Up in front of meteor apps. This is the latest version of nginx bundled as a docker image. It is configured to run with every app deployed with Meteor Up. But, this is not a Load Balancer.
We use this for SSL support for Mup.
Here's how to run this:
er run \
volume=/opt/<appname>/config/bundle.crt:/bundle.crt \
volume=/opt/<appname>/config/private.key:/private.key \
link=<appname>:backend \
publish=443:443 \
teorhacks/mup-frontend-server /start.sh
As you've noticed, we need to add two volumes for the bundle.crt and private.key.
This is a bundle containing all of your certificates including the provided CA certificates. To create this file you need to concatenate all certificates starting from your domain certificate to the top level CA certificates. Here's an example:
\
bulletproofmeteor_com.crt \
COMODORSADomainValidationSecureServerCA.crt \
COMODORSAAddTrustCA.crt \
AddTrustExternalCARoot.crt > bundle.crt
This is the private key you've used to generate the above certficate.
You can verify the SSL configuration like this:
er run \
volume=/opt/<appname>/config/bundle.crt:/bundle.crt \
volume=/opt/<appname>/config/private.key:/private.key \
teorhacks/mup-frontend-server /verify.sh
There's the question why we've chosen nginx for the SSL termination. We could've used something like stud or bud.
We need to get the correct IP address of the real connection, which is required for certain apps such as Sikka. Normally SSL terminators like stud and bud do not support this or support it only partially.
We've not implemented this yet!