开发者

How do you configure WEBrick to use SSL in Rails?

Prior to Rails 3, you could modify the script/server file to add in S开发者_如何学GoSL parameters and tell the server command to use the HTTPS version of WEBrick. Now that all of those scripts are gone, does anyone know how to get this to work with Rails 3 or 4?


While the scripts directory in Rails 4 is gone, the bin directory remains. You can get WEBrick working with an SSL certificate by editing the bin/rails script. Tested on Rails 4 and Ruby 2.1.1, installed with rbenv.

Much of this is from this blog post and this Stack Overflow question.

#!/usr/bin/env ruby

require 'rails/commands/server'
require 'rack'
require 'webrick'
require 'webrick/https'

if ENV['SSL'] == "true"
  module Rails
      class Server < ::Rack::Server
          def default_options
              super.merge({
                  :Port => 3001,
                  :environment => (ENV['RAILS_ENV'] || "development").dup,
                  :daemonize => false,
                  :debugger => false,
                  :pid => File.expand_path("tmp/pids/server.pid"),
                  :config => File.expand_path("config.ru"),
                  :SSLEnable => true,
                  :SSLVerifyClient => OpenSSL::SSL::VERIFY_NONE,
                  :SSLPrivateKey => OpenSSL::PKey::RSA.new(
                                   File.open("certs/server.key").read),
                  :SSLCertificate => OpenSSL::X509::Certificate.new(
                                   File.open("certs/server.crt").read),
                  :SSLCertName => [["CN", WEBrick::Utils::getservername]],
              })
          end
      end
  end
end

APP_PATH = File.expand_path('../../config/application',  __FILE__)
require_relative '../config/boot'
require 'rails/commands'

Starting the rails server from the app directory works to start an SSL enabled server now when the SSL environment variable is set to true, and the default rails settings are retained when the environment variable is omitted.

$ SSL=true rails s
=> Booting WEBrick
=> Rails 4.1.0 application starting in development on https://0.0.0.0:3001
=> Run `rails server -h` for more startup options
=> Notice: server is listening on all interfaces (0.0.0.0). Consider using 127.0.0.1 (--binding option)
=> Ctrl-C to shutdown server
[2014-04-24 22:59:10] INFO  WEBrick 1.3.1
[2014-04-24 22:59:10] INFO  ruby 2.1.1 (2014-02-24) [x86_64-darwin13.0]
[2014-04-24 22:59:10] INFO  
Certificate:
    Data:
...

If you don't want to use a pre generated certificate, you can use WEBrick's Utils::create_self_signed_cert, as outlined in this answer:

Configure WEBrick to use automatically generated self-signed SSL/HTTPS certificate


An Alternative to SSL/HTTPS on WEBrick: SSL/HTTPS on Thin

As an alternative to trying to set up WEBrick to use HTTPS/SSL for your Rails app, you can try switching to using the Thin server instead, because it comes with convenient options for setting up HTTPS/SSL out-of-the-box.

Installing Thin

First, add Thin as a gem to your Gemfile:

gem 'thin'

Then run bundle install from the command line.

Using Thin HTTPS/SSL for Development Environments

If you just want to test your Rails app using HTTPS/SSL in your local development environment, then you simply run

thin start --ssl

I have to emphasize that this is not suitable for production environments, because you need to use a valid SSL certificate from a Certificate Authority in order for SSL/HTTPS connections to be verifiable and secure.

Additional Options

There are also other options that you can pass to Thin. You can get a full list of them by running thin --help. For example, I like to specify my own ip-address and port, as well as daemonizing Thin into a background process:

thin start --ssl \
  --address <ip-address> \
  --port <port> \
  --daemonize

Using Thin HTTPS/SSL with an SSL Certificate

If you want to tell Thin to use an SSL certificate (for example, one that you've obtained from a valid Certificate Authority), then you can use these options:

thin start --ssl \
  --ssl-cert-file <path-to-public-certificate> \
  --ssl-key-file <path-to-private-key>
0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜