Geek Answers Handbook

How to pass SSL parameters to "rails server" in Rails 3.0?

Is there a way to pass SSL parameters to the "rails server" (on Rails 3.0.0) using a custom Rack configuration or something similar? I am trying to do two things:

  • enable Cucumber to run tests that include both secure and insecure URLs, and
  • make things simple for new developers, so they don’t need to configure Apache and configure all the SSL / cert materials before they can even write a line of code.

In 2.3.8, we had a forked script / server server that would run a special WEBrick on the second port with all the relevant SSL parameters. Of course, it exploded when I tried to upgrade to Rails 3, so I'm trying to figure out how to fix it, and ideally make it so that there is nothing.

In our forked script / server, we set the following parameters:

:SSLEnable => true, :SSLVerifyClient => OpenSSL::SSL::VERIFY_NONE, :SSLPrivateKey => OpenSSL::PKey::RSA.new(File.open(current_dir + "/config/certs/server.key").read), :SSLCertificate => OpenSSL::X509::Certificate.new(File.open(current_dir + "/config/certs/server.crt").read), :SSLCertName => [ [ "CN", WEBrick::Utils::getservername ] ]

but I don’t know how to do this in the new structure.

Thanks for any help!

+6
ssl ruby-on-rails-3 rack
source share
2 answers

Look at the Thin server instead of WEBrick. There are so many advantages of using Thin that I cannot list them all here, but it should solve your problem because it supports SSL.

When starting thin pass the following parameters:

 SSL options: --ssl Enables SSL --ssl-key-file PATH Path to private key --ssl-cert-file PATH Path to certificate --ssl-verify Enables SSL certificate verification

In production, you ideally want to handle SSL at the Nginx or Apache level, but this should meet your development requirements.

+5
source share

Here is the solution I came up with. I modified script/rails to look like this:

 #!/usr/bin/env ruby # This command will automatically be run when you run "rails" with Rails 3 gems installed from the root of your application. APP_PATH = File.expand_path('../../config/application', __FILE__) require File.expand_path('../../config/boot', __FILE__) # Hack our SSL certs into Thin TcpServer, only in development environment require 'thin' module Thin module Backends TcpServer.class_eval do def initialize_with_SSL(host, port) if Rails.env.development? Rails.logger.info "Loading SSL certs from ./ssl_dev..." @ssl = true @ssl_options = { :private_key_file => File.expand_path("../../ssl_dev/server.key", __FILE__), :cert_chain_file => File.expand_path("../../ssl_dev/server.crt", __FILE__), :verify_peer => nil } end initialize_without_SSL(host, port) end alias_method :initialize_without_SSL, :initialize alias_method :initialize, :initialize_with_SSL end end end # Must load 'rails/commands' after Thin SSL hack require 'rails/commands'
+1
source share

More articles:


All Articles