Geek Answers Handbook

How to configure Rails with Puma to use SSL?

I just found how to start puma using SSL :

$ puma -b 'ssl://127.0.0.1:9292?key=path_to_key&cert=path_to_cert'

However, there is no description of how to include a CA intermediate certificate in the documentation. Can someone point me in the right direction? I am using Puma 1.6.3

Thanks!

+6
source share
4 answers

Combining certificate and package will only work when using nginx.

Without nginx, you can use the ca and verify_mode :

rails s puma -b 'ssl://0.0.0.0:9292?key=path_to_key.key&cert=path_to_cert.crt&verify_mode=none&ca=path_to_root_bundle.crt'

Source: https://github.com/puma/puma/blob/master/lib/puma/binder.rb

+7
source

while we use combo Nginx + PhusionPassenger. You cannot specify the cert file in the nginx file. The trick is to bundle all the certificates in one certificate, and then install the new certificate file as a certificate in your server configuration. For more information, see the nginx documentation . Check the SLL Certificate Chains section.

 cat www.example.com.crt bundle.crt > www.example.com.chained.crt

Hope this helps.

+3
source

rails s puma -b 'ssl://0.0.0.0:9292?key=certkey.key&cert=cert.crt&verify_mode=peer&ca=root_bundle.crt

Just make sure you set verify_mode=peer .

+2
source

It might be better to use Phusion Passenger + Nginx support for SSL. This combo has widely available documentation and is very easy to set up, as it is currently the most popular application server choice and is used by the New York Times, Symantec, AirBnB, etc. Here's how you do it if you have Nginx with Phusion Passenger installed:

 server { listen 443; server_name yourapp.local; ssl on; ssl_certificate ...; ssl_key ...; root /path-to-your-app/public; passenger_enabled on; }
-4
source

More articles:


All Articles