开发者

Getting SSL to work with Apache/Passenger on OSX

I use apache/passenger on my development machine, but need to add SSL support (something which isn't exposed through the control panel). I've done this before in production, but for some reason I can't seem to get it work on OSX.

The steps I've followed so far are from a default apache osx install:

  1. Install passenger and passenger preference pane.
  2. Add my rails app (this works)
  3. Create my ca.key, server.crt and server.key as detailed on the apple website.

At this point I need to start editing the apache configs, so I added:

# Apache knows to listen on port 443 for ssl requests.
Listen 443
Listen 80

I thought I'd try editing the passenger pref pane generated config first to get everything working, when I add:

It starts off looking like this

<VirtualHost *:80>
  ServerName myapp.local
  DocumentRoot "/Users/jonnii/programming/ruby/myapp/public"
  RailsEnv development
  <Directory "/Users/jonnii/programming/ruby/myapp/public">
    Order allow,deny
    Allow from all
  </Directory>
</VirtualHost>

I then append this:

<VirtualHost *:443>
  ServerName myapp.local
  DocumentRoot "/Users/jonnii/programming/ruby/myapp/public"
  RailsEnv development
  <dir开发者_运维问答ectory "/Users/jonnii/programming/ruby/myapp/public">
    Order allow,deny
    Allow from all
  </directory>

  # SSL Configuration
  SSLEngine on
  SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
  SSLOptions +FakeBasicAuth +ExportCertData +StdEnvVars +StrictRequire

  #Self Signed certificates
  SSLCertificateFile /private/etc/apache2/ssl.key/server.crt
  SSLCertificateKeyFile /private/etc/apache2/ssl.key/server.key
  SSLCertificateChainFile /private/etc/apache2/ssl.key/ca.crt

  SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0

</VirtualHost>

The files referenced all exist (I doubled checked that), but now when I restart my apache I can't even get to myapp.local. However apache can still server the default page when I click on it in the sharing preference panel.

Any help would be greatly appreciated.


I think Apache doesn't support virtual hosts for SSL. You probably have another SSL virtual host entry somewhere, which is getting used instead. Remove that and it should work.


The OS X distribution of Apache includes a sample config file for enabling SSL: see /etc/apache2/extra/httpd-ssl.conf. Just ensure that config is valid for your needs, then find the following line in /etc/apache2/httpd.conf:

#Include /private/etc/apache2/extra/httpd-ssl.conf

and uncomment it by removing the octothorp.


instead of defining two virtual hosts, just define one with the header:

<VirtualHost *:443 *:80>
0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜