Land with changes. Hi Nicola. Thanks for the fixes. This still wasn't working, but I got it to work--I visited an https URL for the ec2 site and it worked fine.
I hope what I did is a help. I'd like all the changes I request to be made in order for this to land, with the possible exception of the NO_BZR change if that really annoys you. The NO_BZR change is not exactly related to the other work you are doing, but we want it so I slipped it in. Francesco will want it for running "make distfile" in his branch. The most important changes are the semicolons in the nginx template, and the key/cert generation bits that must not require user interaction. If you don't want to use the approach I found for key/cert generation, here are instructions on getting creating a key without a user prompt: http://stackoverflow.com/questions/4294689/how-to-generate-a-key-with-passphrase-from-the-command-line . You can then use the -subj option as I show it in the pastebin to make the openssl req command not require user interaction. However, I can confirm that what I have works. Please verify somehow that the tests work now, also. I was going to do that for you, but I'm about ready to go to bed now. :-) Thanks again, Gary https://codereview.appspot.com/6940084/diff/6009/config/nginx.conf.template File config/nginx.conf.template (right): https://codereview.appspot.com/6940084/diff/6009/config/nginx.conf.template#newcode1 config/nginx.conf.template:1: server { As we discussed, please add a redirect from port 80 to port 443, and then re-expose port 80 in the docs and code (in addition to port 443). https://codereview.appspot.com/6940084/diff/6009/config/nginx.conf.template#newcode6 config/nginx.conf.template:6: ssl_certificate /etc/ssl/private/juju-gui/server.pem You need to terminate this with a semicolon. https://codereview.appspot.com/6940084/diff/6009/config/nginx.conf.template#newcode7 config/nginx.conf.template:7: ssl_certificate_key /etc/ssl/private/juju-gui/server.key This one needs a semicolon too. https://codereview.appspot.com/6940084/diff/6009/hooks/utils.py File hooks/utils.py (right): https://codereview.appspot.com/6940084/diff/6009/hooks/utils.py#newcode25 hooks/utils.py:25: command, Please also import environ... https://codereview.appspot.com/6940084/diff/6009/hooks/utils.py#newcode208 hooks/utils.py:208: with cd('juju-gui'): Please precede or follow this with this line: with environ(NO_BZR='1'): This is a speed optimization in our Makefile from Matt that will be nice to have. See http://pastebin.ubuntu.com/1449174/ for an example. https://codereview.appspot.com/6940084/diff/6009/hooks/utils.py#newcode228 hooks/utils.py:228: os.makedirs(ssl_cert_path) To make debugging easier, I suggest only creating the directory if it does not exist. See http://pastebin.ubuntu.com/1449174/ for example. https://codereview.appspot.com/6940084/diff/6009/hooks/utils.py#newcode230 hooks/utils.py:230: cmd_log(run('openssl', 'genrsa', '-des3', '-out', key_path, '1024')) This is interactive, and fails. See http://pastebin.ubuntu.com/1449174/ for an approach that eliminates this problem and seems simpler. https://codereview.appspot.com/6940084/diff/6009/hooks/utils.py#newcode233 hooks/utils.py:233: cmd_log(run('openssl', 'req', '-new', '-key', key_path, '-out', This is interactive, and fails. See http://pastebin.ubuntu.com/1449174/ for an approach that eliminates this problem and seems simpler. https://codereview.appspot.com/6940084/ -- https://code.launchpad.net/~teknico/charms/precise/juju-gui/serve-via-https/+merge/140511 Your team Juju GUI Hackers is requested to review the proposed merge of lp:~teknico/charms/precise/juju-gui/serve-via-https into lp:~juju-gui/charms/precise/juju-gui/trunk. -- Mailing list: https://launchpad.net/~yellow Post to : [email protected] Unsubscribe : https://launchpad.net/~yellow More help : https://help.launchpad.net/ListHelp
