Older posts...
Older posts...
23 Sep
Designing APIs in a resource-oriented architecture
23 Sep 2014
Designing APIs in a resource-oriented architecture
28 Sep
How I'm going to land my dream job
28 Sep 2014
How I'm going to land my dream job
1 Oct
Neural net training fail
1 Oct 2014
Neural net training fail
13 Oct
Pow + SSL without the hassle
13 Oct 2014
Pow + SSL without the hassle
17 Oct
Using machine learning to rank search results (part 1)
17 Oct 2014
Using machine learning to rank search results (part 1)
23 Oct
Using machine learning to rank search results (part 2)
23 Oct 2014
Using machine learning to rank search results (part 2)
9 Nov
Managing complexity in Go
9 Nov 2014
Managing complexity in Go
25 Nov
Remote work: an engineering leader's perspective
25 Nov 2014
Remote work: an engineering leader's perspective
19 Sep
Running A/B tests on our hosting infrastructure
19 Sep 2016
Running A/B tests on our hosting infrastructure
27 Mar
Every service is an island
27 Mar 2017
Every service is an island

Pow + SSL without the hassle

Pow is awesome for local web development: it lets you talk to development instances of apps using a domain name (myapp.dev typically), and without worrying about having to start them.

Unfortunately, using Pow with SSL-enabled web services (or SSL-only services like Routemaster is a bit of a hassle, usually involving Nginx.

Here’s a possibly simpler way.

The idea is to let Pow do its job, i.e. managing DNS entries for your apps and spawning them as needed.

All we really need is for “something” to perform SSL termination, and let clients request HTTPS while Pow keeps serving plain HTTP. Nginx feels overkill: I don’t need a full-fledged webserver, just something to deal with SSL.

The tunnels Ruby gem does just that:

$ gem install tunnels
$ sudo tunnels 443 80
127.0.0.1:443 --(--)--> 127.0.0.1:80
Ready :)

From thereon, all traffic to port 443 will flow to port 80, minus SSL. If you need the SSL certificate to be valid, the tunnelss fork is happy to oblige.

Now, Pow promised us we wouldn’t have to manually start apps (although you can if you want to, then using port proxying).

To get the same thing working with SSL and tunnels, let’s leverage launchd, Apple’s take on system service management. It’s like upstart or the infamous systemd (fanboy alert: it predates both).

Create a plist file in the daemon directory:

$ sudo vim /Library/LaunchDaemons/me.dec0de.tunnels.plist

with these contents:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>KeepAlive</key>
        <true/>
        <key>Label</key>
        <string>me.dec0de.tunnels</string>
        <key>ProgramArguments</key>
        <array>
                <string>/Users/mezis/.rbenv/shims/tunnels</string>
        </array>
</dict>
</plist>

(replacing the path to the tunnels executable with your output from which tunnels)

And enable the new service:

$ sudo launchctl load /Library/LaunchDaemons/me.dec0de.tunnels.plist

Voila! launchd will keep tunnels running no matter what, including across system restarts.

Launchd can to many more things for you, including running things on a schedule or at login time. If you want a GUI to setup you plist files, Lingon ($4.99) can do that for you, although digging in the docs works too.

It’s good to be lazy.