SSL and Proxy
After thinking a bit about my server configuration I realized that using a reverse proxy kinda eliminates the pupose of using gatling in the first place -.-‘
tlsgatling
So I set out to install gatling with ssl enabled.
After searching for a bit I found this message here. The important part is this:
This is how I did it:
./config --prefix=/opt/diet no-dso make CC="diet -Os gcc -pipe -nostdinc"
make install will then install to /opt/diet/lib, which is on my box a symlink to /opt/diet/lib-i386.
After another
make install
I tried compiling tlsgatling
again just to realize that I still hat the openssl-devel
package installed. So after uninstalling that and symlinking
ln -s /opt/diet/lib/libcrypto.a /lib64/.
ln -s /opt/diet/lib/libssl.a /lib64/.
ln -s /opt/diet/include/openssl/ /usr/local/include/.
Compiling worked fine. Finally I have a working tlsgatling
NOTE I don’t reccommend doing the above symlinks… I think that may break something ツ
Finally I moved tlsgatling to /opt/diet/bin
certificate
For my certificate I used letsencrypt. The HowTo tells me I need to do the following:
./letsencrypt-auto certonly --standalone -d jschpp.de -d www.jschpp.de
Which didn’t work… I first needed to shutdown my webserver than I needed to disable my special firewall rules. Or to be more specific I needed to add some rules to my firewall
firewall-cmd --add-rule=http --zone=public
firewall-cmd --add-rule=https --zone=public
firewall-cmd --add-rule=http --permanent --zone=public
firewall-cmd --add-rule=https --permanent --zone=public
(not sure if http is needed but I didn’t care)
After running the letsencrypt
command again I had my certificate. If I want to use it I need to concatenate the privkey.pem and cert.pem files
cat /etc/letsencrypt/live/jschpp.de/privkey.pem /etc/letsencrypt/live/jschpp.de/cert.pem >server.pem
This file needs to be moved to /var/www
and need to be change to world unreadable
chmod o-r server.pem
I modified my gatling.service
file to the following:
Now i can run
systemctl daemon-reload && systemctl start gatling.service
and have a running ssl enabled webserver