Login/Register
Configuring WEBrick to use SSL in Rails 4
Asked Answered
ruby-on-railssslruby-on-rails-4localhostwebrick
G

2

19

I have a Rails App that I want to deploy on SharePoint 2013.

In order to achieve some means of authentication, I need the WEBrick server to serve ssl https and listen to incoming https on port https://localhost:3001. Unfortunately, I am not very experienced with configuring the server.

I've have only found some outdated tutorials for older Rails version, that don't seem to do the job anymore.

Any tips are greatly appreciated.

Gable answered 17/1, 2014 at 15:42 Comment(8)
Possible duplicate of How do you configure WEBrick to use SSL in Rails 3?. Voted to close because the solution is basically identical to the accepted solution in that question. Not sure if the other one should actually be made a duplicate of this newer one or not.Endometrium
@Cupcake That is for Rails 3, and Rails 4 doesn't use script\rails file.Dumbbell
@Dumbbell you can't tell because you don't have enough reputation yet, but the answer that used to be here but was subsequently deleted was largely identical to the linked blog post. There's actually a lot of plagiarism, intentional or otherwise, resulting from that blog post, not just on this question, but on others around StackOverflow as well.Endometrium
@Dumbbell for example, see this answer.Endometrium
@Cupcake I've tried that, and the original blog post, but it doesn't work for Rails 4.Dumbbell
@Dumbbell what are you trying to do?Endometrium
@Cupcake This is what I'm attempting if you'd like to have a look.Dumbbell
let us continue this discussion in chatEndometrium
S
26

I know you asked for WEBrick, and excuse me for suggesting something else, but I would really recommend you to use Thin ruby web server (faster and lighter), so you can also start SSL and meet your requirement as easy as: 

$ thin start --ssl -p 3001

Just don't forget to add gem 'thin' in your Gemfile ;-)

Sixpence answered 5/4, 2014 at 7:51 Comment(6)
@Dumbbell I actually use Thin, and I have no problems with it. Lots of people use Thin. Why do you describe it as "artisan"?Endometrium
Correct me if I'm wrong, but don't you also need to add an SSL certificate if you want to use SSL with Thin? See also Enable https in a rails app on a thin server.Endometrium
It appears to include its own: CN: openca.steamheat.netDumbbell
I have to mention that just using --ssl is not suitable for production environments, of course. If you want to use this in production, you have to additionally tell Thin to use a valid SSL certificate from a Certificate Authority.Endometrium
Thin is giving me Uncaught ReferenceError: jQuery is not defined jquery_ujs.js?body=1:398 errors in the browser console when I reload the page with Rails 4.1.Dumbbell
Thin is great but what lacks is the colorful debug console output as the one displayed with rails sDestination
D
7

Here's my solution which is compatible with both Rails 3 and 4.

Add the following code at the top of bin/rails:

require 'rubygems'
require 'rails/commands/server'
require 'rack'
require 'webrick'
require 'webrick/https'

module Rails
  class Server < ::Rack::Server
    def default_options
      ssl_default_options = {
        :Port => 443,
        :SSLEnable => true,
        :SSLVerifyClient => OpenSSL::SSL::VERIFY_NONE,
        :SSLPrivateKey => OpenSSL::PKey::RSA.new(File.open(File.expand_path('../../config/cert/server_development.key', __FILE__)).read),
        :SSLCertificate => OpenSSL::X509::Certificate.new(File.open(File.expand_path('../../config/cert/server_development.crt', __FILE__)).read),
        :SSLCertName => [['CN', WEBrick::Utils::getservername]]
      }
      ENV['RAILS_SSL'] ? super.merge(ssl_default_options) : super
    end
  end
end

You obviously need to generate a self signed certificate or buy one.

Then when you want to start WebRick from command line use RAILS_SSL=true rails s. Usually you need sudo to listen on port 443 so you may want to append -p 3001 to change port.

Devote answered 20/11, 2015 at 13:17 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.