Rails 3.1 app running with SSL - TLS server name indication support error?
I have a simple Rails 3.1.rc6 app that I'm using to try to test SSL configurations on my tes开发者_运维技巧t server (OS X 10.7 Server). I'm using Phusion Passenger and Apache.
I can run the app with no problem when not using SSL. When I enable SSL, either via Apache or via config.force_ssl = true
in my environments/production.rb
file, a page loads without an error, but it's mostly empty and it's not my site. It appears as if it's trying to serve files out of an empty directory.
I checked the Edge Rails Documentation for configuring SSL and it only mentions adding the config.force_ssl = true
option, saying that will automatically engage the Rack::SSL middleware.
When I load the page, I'm seeing:
Index of /
Name Last modified Size Description
Apache/2.2.19 (Unix) mod_ssl/2.2.19 OpenSSL/0.9.8r DAV/2 Phusion_Passenger/3.0.8 Server at mysite.mydomain.com Port 443
The exact same thing happens if I remove the ssl config line in the rails app and use the Server tools to force the site to SSL (selecting a self-signed certificate for testing). What do I need to change to make it serve the ... myapp/current/public
folder, like it does when I have config.force_ssl = false
?
Edit: A little more information. I see the following in /var/log/apache2/error_log
:
[Fri Aug 26 10:57:49 2011] [notice] caught SIGTERM, shutting down
[Fri Aug 26 10:57:50 2011] [warn] RSA server certificate CommonName (CN) `My-Mac-mini.local' does NOT match server name!?
...
[Fri Aug 26 10:57:50 2011] [warn] Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
httpd: Could not reliably determine the server's fully qualified domain name, using myserver.local for ServerName
[Fri Aug 26 10:57:50 2011] [warn] _default_ VirtualHost overlap on port 443, the first has precedence
[Fri Aug 26 10:57:50 2011] [warn] _default_ VirtualHost overlap on port 443, the first has precedence
[Fri Aug 26 10:57:50 2011] [warn] RSA server certificate CommonName (CN) `My-Mac-mini.local' does NOT match server name!?
...
[Fri Aug 26 10:57:50 2011] [warn] Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
[Fri Aug 26 10:57:50 2011] [notice] Apache/2.2.19 (Unix) mod_ssl/2.2.19 OpenSSL/0.9.8r DAV/2 Phusion_Passenger/3.0.8 configured -- resuming normal operations
cache: [GET /] miss
This looks like a config bug with Lion server. Finally fixed it in the file /etc/apache2/extra/httpd-vhosts.conf
by adding the line NameVirtualHost *:443
after the line NameVirtualHost *:80
. I assumed that the server would do that on its own accord if it were hosting several SSL sites, but it turns out that it doesn't.
精彩评论