Friday, May 18, 2012

SPDY-ize a Real Site for $20

‹prev | My Chain | next›

I've been (rightfully) given my share of grief for not SPDY-izing spybook.com. Well that stops today!

I have spdybook.com on DNSimple (which I highly recommend). So I request an SSL certificate through them:


I do not do the certificate signing request myself—anything to avoid actual work. I opt for a "www" certificate because it is cheap and because it will work for both www.spdybook.com and spdybook.com (I will just worry about the former tonight).

After purchasing the certificate, I choose a contact:


And then I am ready:


At this point my certificate is processing:


A little while later, I receive an email from RapidSSL asking for approval for the certificate request. Following the link in the email, all that I have to do is press the "I Approve" button a the bottom of the page:


With that, I have two certificates on DNSimple: "Private Key" and "Certificate". I save the contents of "Private Key" as private_key.pem on my Linode (which I also highly recommend). I save "Certificate" in a file named cert.pem. Lastly, I save the certificate authority's certificate (linked by DNSimple) in ca.pem.

I could use express-spdy to serve this up, but... what the hell? I might as well be bleeding edge and serve up spdy/3 from the spdy-v3 branch of node-spdy (instructions). I configure the express.js server to use my certificates:
var express = require('express')
  , spdy = require('spdy')
  , fs = require('fs')
  , routes = require('./routes');

var options = {
  key: fs.readFileSync(__dirname + '/keys/private_key.pem'),
  cert: fs.readFileSync(__dirname + '/keys/cert.pem'),
  ca: fs.readFileSync(__dirname + '/keys/ca.pem')
};
// ...
The web site itself is static (well, compiled from jekyll), so, after pointing my load balancer at the new server, I have an SSL enabled version of The SPDY Book site:


And, more importantly, I can check the SPDY tab in chrome://net-internals to verify that I am, in fact, serving up spdy/3 on https://www.spdybook.com:


Yay!

I still need to move spdybook.com over here as well (and add the port 80 redirect). But this will serve as a good stopping point for tonight.


Day #390

No comments:

Post a Comment