How to Setup a Local Ssl Certificate and a Rails Application

How can I set up a local SSL certificate and a Rails application?

  1. Yes you can. Here is a gist explaining the process:

https://gist.github.com/tadast/9932075


  1. My procfile contains an entry that looks like this:

    server: rails server puma -b 'ssl://0.0.0.0:3000?key=server.key&cert=server.crt'

This seems to work for me. I also set 

config.force_ssl = true

in config/application.rb

I gathered info about it from all these places:

https://github.com/puma/puma

http://www.railway.at/2013/02/12/using-ssl-in-your-local-rails-environment/

http://www.panozzaj.com/blog/2013/08/12/how-to-set-up-local-https-development/

http://www.eq8.eu/blogs/14-config-force_ssl-is-different-than-controller-force_ssl

How to run an SSL cert on localhost for Ruby on Rails app?

Updated the app to 2.3.1 which got puma-dev to work.
Removed config.action_cable.disable_request_forgery_protection = true which was throwing an error.

How to deploy a Rails application with an internally signed SSL certificate (SSL_CERT_FILE and openssl related)

So, with some further Googling i've come up with the following solution:

# /config/initializers/ssl.rb

require 'open-uri'
require 'net/https'

module Net
  class HTTP
    alias_method :original_use_ssl=, :use_ssl=

    def use_ssl=(flag)
      store = OpenSSL::X509::Store.new
      store.set_default_paths

      store.add_cert(OpenSSL::X509::Certificate.new(File.read("#{Rails.root}/config/ssl/root.crt")))
      store.add_cert(OpenSSL::X509::Certificate.new(File.read("#{Rails.root}/config/ssl/intermediate.crt")))

      self.cert_store = store

      self.verify_mode = OpenSSL::SSL::VERIFY_PEER
      self.original_use_ssl = flag
    end
  end
end

Sources

  • http://gistflow.com/posts/227-net-http-cheat-sheet
  • http://jjinux.blogspot.nl/2012/02/ruby-working-around-ssl-errors-on-os-x.html

This seems to work for me, but i am open to other suggestions.

Rails: local server handling SSL

Can I get a valid certificate for my local machine, to avoid the ugly
warning step I can't even accept definitively on chrome?

This depends if you're using the actual certificate for your domain (eg. example.com), or generating one just for development. If you are using the actual certificate from production, you could simply edit your hosts file to have example.com resolve to localhost. Then visiting https://example.com should load your Rails app.

You'll probably also need to include this in your application.rb:

config.force_ssl = true

If you're generating your own certificate you'll need to go through the motions of creating a private Certificate Authority to avoid the SSL warning in Chrome. This is a lot more work and probably not worth it.

Booting server with thin (thin start --ssl --ssl-verify --ssl-key-file
server.key --ssl-cert-file server.crt), can I get same log messages as
from rails server?

You should be able to tail -f log/development.log from the root of your Rails app.

Can't I keep using rails server as a booting command (except by
writing an dirty ALIAS ...)

This one is trickier as the server that runs when using rails s is WebBrick. You could try what's listed in this post here: Configuring WEBrick to use SSL in Rails 4

As an aside the typical setup for a Rails app is to proxy it behind say an SSL terminated nginx server. This way your Rails app doesn't need to know anything about SSL, as well as giving you a number of other benefits like being able to serve assets from nginx, load-balancing, virtual hosts etc.

If you're interested in setting up an environment that is identical to production I'd look into Vagrant.

Configure WEBrick to use automatically generated self-signed SSL/HTTPS certificate

Okay, I figured out what was wrong, I should've paid closer attention to the instructions for HTTPS in WEBrick, this is the exact code from the example:

require 'webrick'
require 'webrick/https' # SEE THIS?

cert_name = [
  %w[CN localhost],
]

server = WEBrick::HTTPServer.new(:Port => 8000,
                                 :SSLEnable => true,
                                 :SSLCertName => cert_name)

See that line that says require 'webrick/https'? I didn't have that in my original config. I didn't think that I'd need it.

Once I added it, my script started serving over HTTPS, and I could finally connect to https://localhost:4430/robots.txt. <face-palm>


Related Topics

How to Load Correct Version of Dynamic Libraries and Gems (Libxml, Nokogiri) Within a Custom Rails Engine Gem

Rvm and Osx Lion - Rvm 'Forgets' Gemsets on System Restart

Check If String Is Base64

Rails 3, Displaying Jpg Images from the Local File System Above Rails_Root

MAC Osx Lion and Ruby - [Fatal] Failed to Allocate Memory

Unable to Install MySQL2 Gem on Bigsur

Session Not Destroyed When Closing Browser - Railstutorial.Org

Why Is Counting Letters Faster Using String#Count Than Using String#Chars in Ruby

Modifying the Default Hash Value

Ruby Regex Gsub a Line in a Text File

Generate All "Unique" Subsets of a Set (Not a Powerset)

How to Solve the 'Object Doesn't Support #Inspect' Error

Rails Error Method_Missing': Undefined Method 'This' for Gem::Specification

How to Ensure Ruby Gems Are Installed in Right Place to Be Executed by Bundler

Rails 3 Cli Executes Commands Really Slow

How to Force a Cucumber Scenario to Fail

Import SASS File from Database Instead of Filesystem

How to Split Routes.Rb into Smaller Files


Leave a reply



Submit