Is there a way to pass SSL options into "rails server" (on Rails 3.0.0), using a custom Rack config or something similar? I'm trying to do two things:
- enable Cucumber to run tests that involve both secure and non-secure URL's, and
- make things simple for new developers, so they don't have to set up Apache and configure all the SSL/cert stuff before they can even write a line of code.
On 2.3.8 we had a forked script/server that would start up a special WEBrick on a second port with all the appropriate SSL options. Of course that blew up when I tried upgrading to Rails 3, so I'm trying to figure out how to fix this, and ideally do it in a way that doesn't involve forking anything.
In our forked script/server we were setting options like the following:
:SSLEnable => true,
:SSLVerifyClient => OpenSSL::SSL::VERIFY_NONE,
:SSLPrivateKey 开发者_如何转开发 => OpenSSL::PKey::RSA.new(File.open(current_dir + "/config/certs/server.key").read),
:SSLCertificate => OpenSSL::X509::Certificate.new(File.open(current_dir + "/config/certs/server.crt").read),
:SSLCertName => [ [ "CN", WEBrick::Utils::getservername ] ]
but I don't know how to do that in the new framework.
Thanks for any help!
Take a look at the Thin server in place of WEBrick. There are so many benefits of using Thin that I can't list them all here, but it should address your issue since it supports SSL.
When starting thin
, pass the following options:
SSL options:
--ssl Enables SSL
--ssl-key-file PATH Path to private key
--ssl-cert-file PATH Path to certificate
--ssl-verify Enables SSL certificate verification
In production, you will ideally want to handle SSL at the Nginx or Apache layer, but this should handle your development requirements.
Here's the solution I came up with. I modified script/rails
to look like this:
#!/usr/bin/env ruby
# This command will automatically be run when you run "rails" with Rails 3 gems installed from the root of your application.
APP_PATH = File.expand_path('../../config/application', __FILE__)
require File.expand_path('../../config/boot', __FILE__)
# Hack our SSL certs into Thin TcpServer, only in development environment
require 'thin'
module Thin
module Backends
TcpServer.class_eval do
def initialize_with_SSL(host, port)
if Rails.env.development?
Rails.logger.info "Loading SSL certs from ./ssl_dev..."
@ssl = true
@ssl_options = {
:private_key_file => File.expand_path("../../ssl_dev/server.key", __FILE__),
:cert_chain_file => File.expand_path("../../ssl_dev/server.crt", __FILE__),
:verify_peer => nil
}
end
initialize_without_SSL(host, port)
end
alias_method :initialize_without_SSL, :initialize
alias_method :initialize, :initialize_with_SSL
end
end
end
# Must load 'rails/commands' after Thin SSL hack
require 'rails/commands'
精彩评论