I followed this tutorial "Rails with SSL in Development The Simple Way" and successfully set up SSL for a Rails app. Now I created a second Rails app and it is trying to use SSL even though I didn't configure it to.
I am wondering why this is happening and what I can do to stop it.
I did manage to get the second app working by following the steps in the tutorial, but I didn't intend to make it use SSL. Before doing that, it was throwing errors about invalid HTTP format, parsing fails and my browser said SSL connection error - ERR_SSL_PROTOCOL_ERROR. I even made sure that config.force_ssl was set to false in in application.rb
The command to start the thin SSL server is thin start --ssl --ssl-key-file server.key --ssl-cert-file server.crt
which is slightly different than the deprecated command in the tutorial.
I'm on Linux Mint by the way.
Related
I'm developing a chat-based app with Ruby on Rails.
Since I have to make the app show the messages in realtime, I decided to implement pub/sub with the gem "render_sync".
That gem is using Faye as server to handle push notifications.
So I configured everything like here's explained (https://github.com/chrismccord/render_sync), started the main server at port 3000, the faye server at port 9292, and it works seamlessly.
But when I decided to move my app under SSL (with a self signed certificate), it is not working anymore.
I created a self-signed certificate for the main server and a configuration file:
server.yml
port: 3000
ssl: true
ssl_key_file: server.key
ssl_cert_file: server.crt
then I started the main server with the command:
> thin -C config/server.yml start
At this point the app is working under SSL, but the push notifications don't.
So - looking at the chapter Serving Faye over HTTPS (with Thin) from the link posted above -, I edited "server" and "adapter_javascript_url" fields in sync.yml file, and I tried to create a configuration file for the Faye server like this:
sync_thin.yml
port: 4443
ssl: true
ssl_key_file: faye.key
ssl_cert_file: faye.crt
environment: production
rackup: sync.ru
but I can't figure out what should I put in ssl_key_file and ssl_cert_file fields!
Should I put the same .key and .crt files generated for the main server? Or do I must generate another couple of key e cert?
I tried to generate another couple of those, but the browser warns me saying that the cert is invalid.
Can anyone help me, or show me an example of a working faye ssl server somewhere?
I'm very surprised to find such little documentation on this topic which quite many developers must have faced before me.
We're changing our app to 100% HTTPS/SSL (as partial SSL doesn't make sense).
That's cool but before that, we need to migrate to it, hence to test it. Of course I found some basic information (here and here).
As I'd like my local environment to be as close as possible to the other ones in order to avoid unexpected errors, those solutions are not satisfying to me : they are ok for short time testing a feature, not more.
Here are the problems/questions I have:
Can I get a valid certificate for my local machine, to avoid the ugly warning step I can't even accept definitively on chrome?
Booting server with thin (thin start --ssl --ssl-verify --ssl-key-file server.key --ssl-cert-file server.crt), can I get same log messages as from rails server?
Can't I keep using rails server as a booting command (except by writing an dirty ALIAS ...)
Summary question is can I make a config so that it is transparent for anybody to run the instance of our app locally in https?
I mean, absolutely everything's done in rails to make development easy, and production robust, but here, there would be such a lack of good tools? I hardly can believe it ... or let's do it now!
Thanks for support! I'm using rails 3.2 with ruby 1.9.
Can I get a valid certificate for my local machine, to avoid the ugly
warning step I can't even accept definitively on chrome?
This depends if you're using the actual certificate for your domain (eg. example.com), or generating one just for development. If you are using the actual certificate from production, you could simply edit your hosts file to have example.com resolve to localhost. Then visiting https://example.com should load your Rails app.
You'll probably also need to include this in your application.rb:
config.force_ssl = true
If you're generating your own certificate you'll need to go through the motions of creating a private Certificate Authority to avoid the SSL warning in Chrome. This is a lot more work and probably not worth it.
Booting server with thin (thin start --ssl --ssl-verify --ssl-key-file
server.key --ssl-cert-file server.crt), can I get same log messages as
from rails server?
You should be able to tail -f log/development.log from the root of your Rails app.
Can't I keep using rails server as a booting command (except by
writing an dirty ALIAS ...)
This one is trickier as the server that runs when using rails s is WebBrick. You could try what's listed in this post here: Configuring WEBrick to use SSL in Rails 4
As an aside the typical setup for a Rails app is to proxy it behind say an SSL terminated nginx server. This way your Rails app doesn't need to know anything about SSL, as well as giving you a number of other benefits like being able to serve assets from nginx, load-balancing, virtual hosts etc.
If you're interested in setting up an environment that is identical to production I'd look into Vagrant.
I have been trying to configure my rails project to use SSL (as application wide) with thin (by adding thin gem and placing config.force_ssl = true to application.rb) but as a result, I have an annoying problem.
When I start my rails server using rails s and try to access http://localhost:3000 it redirects to https://localhost:3000 which is correct, however it will complain about missing SSL certification..
SSL connection error
Unable to make a secure connection to the server. This may be a
problem with the server, or it may be requiring a client
authentication certificate that you don't have.
On the other hand, If I start my application using thin start --ssl and try to access http://localhost:3000 it doesn't redirect to https://localhost:3000 and complains about this:
No data received
Unable to load the webpage because the server sent no data.
but by accessing https://localhost:3000 it just shows certificate warning but it all works after agreeing to continue.
So my question is, How can I make http to https redirection work when using SSL with thin in (development mode)?
Perfect answer would contain possibility to start server normally by using rails s while SSL would be enabled application wide and accessing http redirects to https and all works! :)
Thanks in advance, have been searching for hours but cant find an answer.
You should install your own openssl signed certificate.
You can find more information on this page
Your PC as (localhost) can self sign SSL certificate and your browser can accept it, but i think that browser will not automatically accept certificate with security on that layer. Maybe to try to add your localhost certificate to the browser ?
Verify config/environments/development.rb has the following line
config.force_ssl = true
Refer the post thin with ssl support and ruby debug and the responses(from nathan and shree) that has more information on this subject:
Use ngrok (https://ngrok.com/). It's free. Installation is easy.
Just start up your server, then in another terminal window run
ngrok http 3000
ngrok will give you an address that loops back to your dev machine - something like http://randomstringhere.ngrok.io
Put that in your browser and you'll see it redirect to https://randomstringhere.ngrok.io, still routing to your server on port 3000
Here is the simplest solution.
https://makandracards.com/makandra/15903-using-thin-for-development-with-ssl
I've been looking for tutorials how to start SSL on my localhost. But ones that I found was related to using nginx or apache. I'm wondering is it possible to use HTTPS(SSL) on localhost using usual ruby server (like webrick, thin, unicorn)?
Have you checked Thin with SSL support and ruby-debug
Additionally you will need your own certificate try this page http://hints.macworld.com/article.php?story=20041129143420344 for a step-by-step tutorial for osX
I keep getting this error in my production enviroment
OpenSSL::SSL::SSLError (hostname was not match with the server certificate)
I really don't know much about certificates. I have configured rails to use sendmail. Sendmail is working well in other php applications on the server.
I use Phusion Passenger.
I also have a redmine-app which uses sendmail and also works fine (but it runs rails 2.x)
Any idea how to solve this?
This means the SSL Certificate installed on the mail server did not match its hostname.
You can disable these exceptions, but then you are vulnerable to man-in-the-middle attacks.
The other option is to get a proper SSL Certificate (or install it correctly) for your mail server.
For more on SSL Certs I suggest superuser.com