开发者

Rails 3.1 app running with SSL - TLS server name indication support error?

I have a simple Rails 3.1.rc6 app that I'm using to try to test SSL configurations on my tes开发者_运维技巧t server (OS X 10.7 Server). I'm using Phusion Passenger and Apache.

I can run the app with no problem when not using SSL. When I enable SSL, either via Apache or via config.force_ssl = true in my environments/production.rb file, a page loads without an error, but it's mostly empty and it's not my site. It appears as if it's trying to serve files out of an empty directory.

I checked the Edge Rails Documentation for configuring SSL and it only mentions adding the config.force_ssl = true option, saying that will automatically engage the Rack::SSL middleware.

When I load the page, I'm seeing:

Index of /

    Name    Last modified   Size    Description

Apache/2.2.19 (Unix) mod_ssl/2.2.19 OpenSSL/0.9.8r DAV/2 Phusion_Passenger/3.0.8 Server at mysite.mydomain.com Port 443

The exact same thing happens if I remove the ssl config line in the rails app and use the Server tools to force the site to SSL (selecting a self-signed certificate for testing). What do I need to change to make it serve the ... myapp/current/public folder, like it does when I have config.force_ssl = false?

Edit: A little more information. I see the following in /var/log/apache2/error_log:

[Fri Aug 26 10:57:49 2011] [notice] caught SIGTERM, shutting down
[Fri Aug 26 10:57:50 2011] [warn] RSA server certificate CommonName (CN) `My-Mac-mini.local' does NOT match server name!?
...
[Fri Aug 26 10:57:50 2011] [warn] Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
httpd: Could not reliably determine the server's fully qualified domain name, using myserver.local for ServerName
[Fri Aug 26 10:57:50 2011] [warn] _default_ VirtualHost overlap on port 443, the first has precedence
[Fri Aug 26 10:57:50 2011] [warn] _default_ VirtualHost overlap on port 443, the first has precedence
[Fri Aug 26 10:57:50 2011] [warn] RSA server certificate CommonName (CN) `My-Mac-mini.local' does NOT match server name!?
...
[Fri Aug 26 10:57:50 2011] [warn] Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
[Fri Aug 26 10:57:50 2011] [notice] Apache/2.2.19 (Unix) mod_ssl/2.2.19 OpenSSL/0.9.8r DAV/2 Phusion_Passenger/3.0.8 configured -- resuming normal operations
cache: [GET /] miss


This looks like a config bug with Lion server. Finally fixed it in the file /etc/apache2/extra/httpd-vhosts.conf by adding the line NameVirtualHost *:443 after the line NameVirtualHost *:80. I assumed that the server would do that on its own accord if it were hosting several SSL sites, but it turns out that it doesn't.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜