Login/Register
Is there an easy way to have pow serve https?
Asked Answered
Solved ruby-on-railssslhttpsrackrack-pow
R

7

36

pow is great, but many things in my app assume https, and it would be a pain to go through them all and add "if not dev environment". Is it possible to have pow serve https?

Reena answered 23/5, 2011 at 23:5 Comment(0)
C
48

The easiest way I found was to use Tunnels: https://github.com/jugyo/tunnels

$ gem install tunnels
$ rvmsudo tunnels   # or just use sudo if using rbenv

No configuration required.

Chrysoprase answered 26/10, 2012 at 17:8 Comment(1)
That so solution is such a timesaver! Awesome!Tripletail
D
16

Option 1: Complete Pow with Tunnelss

I've been having issue with the Tunnels solution, which is great but will be noticed as insecure by the browser, which will cause you headaches when playing with CORS for example.

I've tested the PowSSL solution (the one using Stud), but it was missing the HTTP_X_FORWARDED_PROTO, which will cause you another set of headaches when your app needs to know if it has been requested through HTTP or HTTPS (well, it will never know it was HTTPS).

But this later approach was great because it was generating a valid certificate for all the configured POW .dev domains!

So I built tunnelss which combines the two approaches: it's a fork of tunnels, and it adds certificate generation!

I hope you'll enjoy it, feel free to send pull requests if you want to complete it, it's just a fast hack working on MacOS X for now...

Option 2: Switch to Invoker (using my fork... for now)

Invoker is a great replacement to Pow since it natively includes HTTPS support. You won't have to add another solution on top of Pow to get HTTPS!

However, in comparison with Pow, I found it had 2 limitations:

  • you have to specify a command for each process so that in can run it,
  • you can't have a default rule, handling all requests to localhost and proxying them to a specific application.

These limitations were not difficult to overcome and I made a pull request with the 2 changes. Until it's accepted, you can install the forked version using this:

git clone https://github.com/rchampourlier/invoker invoker -b proxy-only-mode
cd invoker
gem build invoker.gemspec
gem install invoker-1.5.0.gem

With this fork, you'll be able to use a global config, for example ~/.invoker.ini like this one:

[my-rails-app]
port = 3000

[my-sinatra-app]
port = 9292

[default]
port = 9292

...and run Invoker as a proxy with this command:

invoker ~/.invoker.ini -d
Dropwort answered 16/8, 2013 at 11:45 Comment(3)
This gem is incredible, it fixed that last annoying problem I was having with pow and development environments. Thanks for sharing.Foiled
Thanks @geoffharcourt, I'm pleased it's useful!Dropwort
I've spent days head banging this week trying to get pow running over SSL now that Chrome 63 is forcing it on .dev domains. Tunnelss was the easiest, cleanest solution by far. Bravo!Help
Y
7

POW currently does not support SSL (https://github.com/37signals/pow/issues/5). However, a number of other people have your same desire so hopefully it will be included in a future release!

Your best alternative solution if you don't want to go through the hassle of modifying your code is to setup Apache and generate a development SSL certificate. This will require modifying your hosts file and isn't as 'slick' as POW unfortunately, but on the plus side it avoids pesky environment specific conditionals.

Edit:

The latest update is that POW can be configured with SSL using Nginx as outlined by the following guide:

https://gist.github.com/gvarela/928606/

Yukikoyukio answered 23/5, 2011 at 23:9 Comment(0)
S
7

Use stunnel to create a tunnel to the pow server.

Like:

stunnel3 -f -d 443 -r 127.0.0.1:80
Silicious answered 14/7, 2011 at 3:8 Comment(2)
Here are some specific instructions for using stunnel in front of pow (or any web server) on OSX.Passerine
@Passerine You might be interested in a script that I wrote that uses stud instead. It also sets up a valid cert for all your pow hosts so you will not get ssl warnings in your browser. gist.github.com/2050941#file_gistfile1.mdSilicious
S
5

I recently created a script that uses the stud tunnel for this. https://gist.github.com/2050941#file_gistfile1.md

Silicious answered 16/3, 2012 at 19:32 Comment(1)
That's a great solution, I switched from Pow+Tunnels to your PowSSL script, thanks! However I have a regret, stud doesn't set the HTTP_X_FORWARDED_PROTO header, while Tunnels does. It prevents me from enforcing the correct HTTPS redirection rules on my app, otherwise I get a redirection loop. Any idea on how to solve this?Dropwort
W
3

There is currently a way to use SSL while still using POW by setting up an SSL proxy through nginx.

Take a look at: http://shiny-bits-of-code.tumblr.com/post/4749553253/ssl-proxy-with-nginx

Wilheminawilhide answered 9/6, 2011 at 12:22 Comment(1)
URL is 404ing now.Antenatal
A
0

This is also covered nicely here:

http://railscasts.com/episodes/352-securing-an-api

Albur answered 24/8, 2012 at 8:47 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.