Enable https in a rails app on a thin server

Asked 21/7, 2012 at 5:5 Answered 22/7, 2022 at 22:54

I have a rails app running a thin server on heroku. It currently uses http. I would like to use https for bot development and production. Where do I begin to do this.

I have looked at this railscast where they show how to use a POW server. I dont want to use a POW server, I want to use a Thin server.

I also looked here: But here they assume that you have open ssl insatlled.

I haven't found any place which shows how to run https on a thin server from scratch.

I was wondering if anyone has any suggestions.

Thanks

Idiomatic answered 21/7, 2012 at 5:5 Comment(0)

I don't know if you need it, but this helped me:

  thin start --ssl --ssl-verify --ssl-key-file ssllocal/server.key
--ssl-cert-file ssllocal/server.crt

edit path to ssl key and ssl fild. For example my keys were in paypal folder, so command was

    thin start --ssl --ssl-verify --ssl-key-file paypal/server.key
--ssl-cert-file paypal/server.crt

If you will have problems you can look at this post - Thin with SSL support and ruby-debug.

Hope this helps.

Sidnee answered 2/8, 2012 at 12:13 Comment(2)

Ain't it possible to move this to development.rb config file to keep using rails server command? – Utimer 21/3, 2014 at 11:45

I ask the same, is there a config file for thin where I can put all those SSL settings in? – Cree 19/6, 2016 at 20:44

Try this:

$ thin start --ssl

You will need a separate instance if you want both ssl and non-ssl ports.

Susceptible answered 21/7, 2012 at 5:22 Comment(2)

I run thin start -e production --ssl --ssl-key-file ~/.ssl/<mydomain>.key --ssl-cert-file ~/.ssl/bundle.crt Both my .key file and the .crt file are in place. The server starts fine but I cannot access any of my API endpoints anymore, what more must be done so that I can accesss all of my endpoints but with https:// prefix. – Dealate 8/10, 2016 at 18:33

For anyone wondering: thin --ssl uses a default SSL cert (via eventmachine) when the cert file and key file aren't specified. The name on the cert is odd: github.com/eventmachine/eventmachine/issues/681 You wouldn't want to use this in production. – Lodhia 17/5, 2017 at 19:6

I don't know if you need it, but this helped me:

  thin start --ssl --ssl-verify --ssl-key-file ssllocal/server.key
--ssl-cert-file ssllocal/server.crt

edit path to ssl key and ssl fild. For example my keys were in paypal folder, so command was

    thin start --ssl --ssl-verify --ssl-key-file paypal/server.key
--ssl-cert-file paypal/server.crt

If you will have problems you can look at this post - Thin with SSL support and ruby-debug.

Hope this helps.

Sidnee answered 2/8, 2012 at 12:13 Comment(2)

Ain't it possible to move this to development.rb config file to keep using rails server command? – Utimer 21/3, 2014 at 11:45

I ask the same, is there a config file for thin where I can put all those SSL settings in? – Cree 19/6, 2016 at 20:44

You should to use thin to do it:

$ sudo apt-get install thin

And add this line in config/application.rb

config.force_ssl = true

Then run app on thin with command line:

$ thin start --ssl

Illmannered answered 6/5, 2013 at 9:24 Comment(1)

Warning if you're just experimenting: using force_ssl will, among other things, enable HTTP Strict Transport Security. So your browser will be told "ONLY use https on this domain." If the domain is localhost, that may confuse you later. You can Google how to clear HSTS in your browser. – Lodhia 17/5, 2017 at 19:9

Follow the below steps ..its taken directly from the awesome makandra card...I am pasting the steps below..but do visit the page for better clarity.

Note - Although, this didn't helped me as I wanted to setup https to check Stripe Google Pay button, but could'nt proceed due to some reasons...I will try to use ngrok to setup https and share my updated learnings.

QUICK UPDATE - Next day, I tried Ngrok and following the link - https://ngrok.com/download and https://www.sitepoint.com/use-ngrok-test-local-site/ and I was able to test stripe successfully.

Create a directory .ssl in your home directory. Go there and create a self-signed certificate. It is important to enter localhost.ssl as Common Name when asked. This is to make your browser believe the certificate is owned by the localhost domain.

Add localhost.ssl to your hosts file

echo "127.0.0.1 localhost.ssl" | sudo tee -a /etc/hosts Put the attached initializer into config/initializers. It monkey-patches the ForceSSL module to work in development and incorporates two custom config settings: use_ssl and ssl_port.

In your application.rb, add config.use_ssl = false. (Turn off SSL generally.)

In your environments/production.rb add config.use_ssl = true. (Turn on SSL in production.)

In your environments/development.rb add config.use_ssl = true and config.ssl_port = 3001. (Turn on SSL in development and point your app to port 3001.)

Add force_ssl to any controller you need. You may provide :only => :some_action and :except => :some_unsafe_action as options.

Boot thin

thin start -p 3001 --ssl --ssl-key-file ~/.ssl/server.key --ssl-cert-file ~/.ssl/server.crt The option -p tells thin to bind to port 3001. To have a http development server running at the same time, start it with thin start -p 3000. (To run your application with thin, add gem 'thin' to your Gemfile.)

Point your browser to http://localhost:3000. You should be redirected to https://localhost:3001/. Do not expose a client certificate if asked, cancel that alert. It will just work fine without.

Link to Makandra Card - https://makandracards.com/makandra/15903-using-thin-for-development-with-ssl

Anglomania answered 22/7, 2022 at 22:54 Comment(0)

Recommended topics

Hot tags