Login/Register
How do you configure WEBrick to use SSL in Rails?
Asked Answered
ruby-on-railsrubysslrackwebrick
L

2

32

Prior to Rails 3, you could modify the script/server file to add in SSL parameters and tell the server command to use the HTTPS version of WEBrick. Now that all of those scripts are gone, does anyone know how to get this to work with Rails 3 or 4?

Lunarian answered 4/9, 2010 at 5:6 Comment(8)
I have figured out a solution to this problem and have documented it hereLunarian
could you provide a link to modifying script/server file for https in rails 2?Masoretic
This should help for Rails 2: lists.rubyonrails.org/pipermail/rails/2006-January/012432.htmlLunarian
Don't forget to change the URL and manually add https:// less you get a strange error ERROR OpenSSL::SSL::SSLError: SSL_accept returned=1 errno=0 state=SSLv2/v3 read client hello A: http requestMugwump
detailed of the answer should be present/recopied as part of the answer. if the other site is down, this answer becomes useless.Caligula
FYI: With Rails 3.2.14 I got: WARN: Unresolved specs during Gem::Specification.reset: rake (>= 0.8.7) WARN: Clearing out unresolved specs... which I fixed by moving the code shown in the referenced link down below the 'require File.expand.path...' and above the final 'require 'rails/commands'.Mcafee
If anyone is interested, the original poster wrote his own solution in his own blog post, Configuring WEBrick to use SSL in Rails 3. I'm interested in learning if there's a simpler solution, however.Artificial
I'm curious, why would you want to do that?Crevice
G
28

While the scripts directory in Rails 4 is gone, the bin directory remains. You can get WEBrick working with an SSL certificate by editing the bin/rails script. Tested on Rails 4 and Ruby 2.1.1, installed with rbenv.

Much of this is from this blog post and this Stack Overflow question.

#!/usr/bin/env ruby

require 'rails/commands/server'
require 'rack'
require 'webrick'
require 'webrick/https'

if ENV['SSL'] == "true"
  module Rails
      class Server < ::Rack::Server
          def default_options
              super.merge({
                  :Port => 3001,
                  :environment => (ENV['RAILS_ENV'] || "development").dup,
                  :daemonize => false,
                  :debugger => false,
                  :pid => File.expand_path("tmp/pids/server.pid"),
                  :config => File.expand_path("config.ru"),
                  :SSLEnable => true,
                  :SSLVerifyClient => OpenSSL::SSL::VERIFY_NONE,
                  :SSLPrivateKey => OpenSSL::PKey::RSA.new(
                                   File.open("certs/server.key").read),
                  :SSLCertificate => OpenSSL::X509::Certificate.new(
                                   File.open("certs/server.crt").read),
                  :SSLCertName => [["CN", WEBrick::Utils::getservername]],
              })
          end
      end
  end
end

APP_PATH = File.expand_path('../../config/application',  __FILE__)
require_relative '../config/boot'
require 'rails/commands'

Starting the rails server from the app directory works to start an SSL enabled server now when the SSL environment variable is set to true, and the default rails settings are retained when the environment variable is omitted.

$ SSL=true rails s
=> Booting WEBrick
=> Rails 4.1.0 application starting in development on https://0.0.0.0:3001
=> Run `rails server -h` for more startup options
=> Notice: server is listening on all interfaces (0.0.0.0). Consider using 127.0.0.1 (--binding option)
=> Ctrl-C to shutdown server
[2014-04-24 22:59:10] INFO  WEBrick 1.3.1
[2014-04-24 22:59:10] INFO  ruby 2.1.1 (2014-02-24) [x86_64-darwin13.0]
[2014-04-24 22:59:10] INFO  
Certificate:
    Data:
...

If you don't want to use a pre generated certificate, you can use WEBrick's Utils::create_self_signed_cert, as outlined in this answer:

Configure WEBrick to use automatically generated self-signed SSL/HTTPS certificate

Gabriella answered 25/4, 2014 at 3:57 Comment(2)
It creates a problem site is not run on http and not even redirect to https. I have enabled ssl.enforce= true but it did not workAdventuress
I have got bin/rails:3:in 'require': cannot load such file -- rails/commands/server (LoadError) errorAzarcon
A
22

An Alternative to SSL/HTTPS on WEBrick: SSL/HTTPS on Thin

As an alternative to trying to set up WEBrick to use HTTPS/SSL for your Rails app, you can try switching to using the Thin server instead, because it comes with convenient options for setting up HTTPS/SSL out-of-the-box.

Installing Thin

First, add Thin as a gem to your Gemfile:

gem 'thin'

Then run bundle install from the command line.

Using Thin HTTPS/SSL for Development Environments

If you just want to test your Rails app using HTTPS/SSL in your local development environment, then you simply run

thin start --ssl

I have to emphasize that this is not suitable for production environments, because you need to use a valid SSL certificate from a Certificate Authority in order for SSL/HTTPS connections to be verifiable and secure.

Additional Options

There are also other options that you can pass to Thin. You can get a full list of them by running thin --help. For example, I like to specify my own ip-address and port, as well as daemonizing Thin into a background process:

thin start --ssl \
  --address <ip-address> \
  --port <port> \
  --daemonize

Using Thin HTTPS/SSL with an SSL Certificate

If you want to tell Thin to use an SSL certificate (for example, one that you've obtained from a valid Certificate Authority), then you can use these options:

thin start --ssl \
  --ssl-cert-file <path-to-public-certificate> \
  --ssl-key-file <path-to-private-key>
Artificial answered 17/4, 2014 at 19:18 Comment(1)
With thin, if you have an intermediate certificate(s), then put it into the same file as the public-certificate, after the end-entity certificate.Lutenist

© 2022 - 2024 — McMap. All rights reserved.