How to make Sinatra work over HTTPS/SSL?
I guess you need to setup your Web-server, not Sinatra, to work with SSL. In Sinatra you can use the request.secure?
method to check for the SSL usage.
SSL + Nginx: the first article, the second one.
Why isn't my Sinatra app working with SSL?
Generally you don't want any ruby webservers actually handling SSL. You make them serve plain HTTP (that is accessible only via localhost). Then you install a reverse proxy that handles all of the SSL communicate.
For example
- Install nginx (reverse proxy) and configure it to listen on port 443.
- Set your
ruby app server to listen on port 127.0.0.1:80 (accept local
connections only) - All requests hit nginx, which strips the SSL,
and send the plain HTTP request to your ruby webserver.
A very simple nginx config to get you started:
ssl_certificate /path/to/cert.pem;
ssl_certificate_key /path/to/your.key;
ssl on;
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
server {
listen 443 ssl;
server_name you.example.com;
location / {
proxy_pass http://localhost:8080; # your ruby appserver
}
}
How to make Sinatra work over HTTPS/SSL?
I guess you need to setup your Web-server, not Sinatra, to work with SSL. In Sinatra you can use the request.secure?
method to check for the SSL usage.
SSL + Nginx: the first article, the second one.
How to enable SSL for a standalone Sinatra app?
To do this with MRI ruby, use the following monkeypatch:
sinatra_ssl.rb:
require 'webrick/https'
module Sinatra
class Application
def self.run!
certificate_content = File.open(ssl_certificate).read
key_content = File.open(ssl_key).read
server_options = {
:Host => bind,
:Port => port,
:SSLEnable => true,
:SSLCertificate => OpenSSL::X509::Certificate.new(certificate_content),
:SSLPrivateKey => OpenSSL::PKey::RSA.new(key_content)
}
Rack::Handler::WEBrick.run self, server_options do |server|
[:INT, :TERM].each { |sig| trap(sig) { server.stop } }
server.threaded = settings.threaded if server.respond_to? :threaded=
set :running, true
end
end
end
end
Then, in your standalone application:
app.rb
require 'sinatra'
require 'sinatra_ssl'
set :port, 8443
set :ssl_certificate, "server.crt"
set :ssl_key, "server.key"
get "/" do
"Hello world!"
end
How to setup an SSL certificate on sinatra
So, heroku over ssl is actually free if you access your application over the herokuapp.com domain. You only have to pay for the add-on if you want to serve your app over ssl from a custom domain. Because heroku apps are proxied by nginx (with a default *.herokuapp.com cert), creating a dns record in a custom domain without purchasing the plugin would result in a certificate mismatch and a fat warning appearing when people tried to access your site. The addon allows you to add the custom cert so that the cert matches the CNAME record.
There is a free workaround though, as @seph said, Cloudflare is pretty good for a situation like this because of it's universal ssl offering. If you set SSL to "Full" without strict SSL checking and enforce HSTS (check the Crypto tab in the dashboard) then you can do a secure proxy to your heroku instance and ignore any cert mismatches while still having full, end-to-end encryption.
Related Topics
How to Use Global Variables or Constant Values in Ruby
Why Use "Self" to Access Activerecord/Rails Model Properties
Passing a Method as a Parameter in Ruby
Execute Bash Commands from a Rakefile
Rails.Cache Error in Rails 3.1 - Typeerror: Can't Dump Hash With Default Proc
Set Utf-8 as Default String Encoding in Heroku
Ignoring Gem Because Its Extensions Are Not Built
Split the String to Get Only the First 5 Characters
How to Install Ruby-Debug When Needing Necessary Libraries And/Or Headers
Ruby Basic Data Type Conversion
Getting Fields_For and Accepts_Nested_Attributes_For to Work With a Belongs_To Relationship
Uploading Multiple Files With Paperclip
How to Do Static Content in Rails
How to Run Rake Tasks Within a Ruby Script
Rspec: Expect VS Expect With Block - What's the Difference
Idiomatic Object Creation in Ruby
Paperclip::Errors::Missingrequired
validatorerror With Rails 4