Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
463 views
in Technique[技术] by (71.8m points)

https - How can I pass SSL options into "rails server" in Rails 3.0?

Is there a way to pass SSL options into "rails server" (on Rails 3.0.0), using a custom Rack config or something similar? I'm trying to do two things:

  1. enable Cucumber to run tests that involve both secure and non-secure URL's, and
  2. make things simple for new developers, so they don't have to set up Apache and configure all the SSL/cert stuff before they can even write a line of code.

On 2.3.8 we had a forked script/server that would start up a special WEBrick on a second port with all the appropriate SSL options. Of course that blew up when I tried upgrading to Rails 3, so I'm trying to figure out how to fix this, and ideally do it in a way that doesn't involve forking anything.

In our forked script/server we were setting options like the following:

:SSLEnable        => true,
:SSLVerifyClient    => OpenSSL::SSL::VERIFY_NONE,
:SSLPrivateKey        => OpenSSL::PKey::RSA.new(File.open(current_dir + "/config/certs/server.key").read),
:SSLCertificate         => OpenSSL::X509::Certificate.new(File.open(current_dir + "/config/certs/server.crt").read),
:SSLCertName    => [ [ "CN", WEBrick::Utils::getservername ] ]

but I don't know how to do that in the new framework.

Thanks for any help!

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

Take a look at the Thin server in place of WEBrick. There are so many benefits of using Thin that I can't list them all here, but it should address your issue since it supports SSL.

When starting thin, pass the following options:

SSL options:
    --ssl                        Enables SSL
    --ssl-key-file PATH          Path to private key
    --ssl-cert-file PATH         Path to certificate
    --ssl-verify                 Enables SSL certificate verification

In production, you will ideally want to handle SSL at the Nginx or Apache layer, but this should handle your development requirements.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...