Getting SSL to work with Apache/Passenger on OSX
I use apache/passenger on my development machine, but need to add SSL support (something which isn't exposed through the control panel). I've done this before in production, but for some reason I can't seem to get it work on OSX.
The steps I've followed so far are from a default apache osx install:
- Install passenger and passenger preference pane.
- Add my rails app (this works)
- Create my ca.key, server.crt and server.key as detailed on the apple website.
At this point I need to start editing the apache configs, so I added:
# Apache knows to listen on port 443 for ssl requests.
Listen 443
Listen 80
I thought I'd try editing the passenger pref pane generated config first to get everything working, when I add:
It starts off looking like this
<VirtualHost *:80>
ServerName myapp.local
DocumentRoot "/Users/jonnii/programming/ruby/myapp/public"
RailsEnv development
<Directory "/Users/jonnii/programming/ruby/myapp/public">
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
I then append this:
<VirtualHost *:443>
ServerName myapp.local
DocumentRoot "/Users/jonnii/programming/ruby/myapp/public"
RailsEnv development
<dir开发者_运维问答ectory "/Users/jonnii/programming/ruby/myapp/public">
Order allow,deny
Allow from all
</directory>
# SSL Configuration
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
SSLOptions +FakeBasicAuth +ExportCertData +StdEnvVars +StrictRequire
#Self Signed certificates
SSLCertificateFile /private/etc/apache2/ssl.key/server.crt
SSLCertificateKeyFile /private/etc/apache2/ssl.key/server.key
SSLCertificateChainFile /private/etc/apache2/ssl.key/ca.crt
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
</VirtualHost>
The files referenced all exist (I doubled checked that), but now when I restart my apache I can't even get to myapp.local
. However apache can still server the default page when I click on it in the sharing preference panel.
Any help would be greatly appreciated.
I think Apache doesn't support virtual hosts for SSL. You probably have another SSL virtual host entry somewhere, which is getting used instead. Remove that and it should work.
The OS X distribution of Apache includes a sample config file for enabling SSL: see /etc/apache2/extra/httpd-ssl.conf
. Just ensure that config is valid for your needs, then find the following line in /etc/apache2/httpd.conf
:
#Include /private/etc/apache2/extra/httpd-ssl.conf
and uncomment it by removing the octothorp.
instead of defining two virtual hosts, just define one with the header:
<VirtualHost *:443 *:80>
精彩评论