How do I get Ruby On Rails Webrick to work with self-signed SSL certificate on localhost just to test https ?
Basically, Ived followed the work that has been done here:
Configure WEBrick to use automatically generated self-signed SSL/HTTPS certificate
And produce the script like the following:
require 'webrick'
require 'webrick/https'
cert_name = [
%w[CN localhost],
]
server = WEBrick::HTTPServer.new(:Port => 8000,
:SSLEnable => true,
:SSLCertName => cert_name)
# Shutdown gracefully on signal interrupt CTRL-C
# http://www.ruby-doc.org/core-2.1.1/Kernel.html#method-i-trap
trap('INT') { server.shutdown }
server.start
When I tried to access https://localhost:8000/, it did warn about trust but just went ahead, instead I had nothing come out but this. BTW, https works fine, just it seems its not getting the right route for SSL.
Not Found
`/' not found.
WEBrick/1.3.1 (Ruby/2.1.2/2014-05-08) OpenSSL/1.0.2 at localhost:8000
console prints this:
[2015-07-25 23:38:25] INFO WEBrick::HTTPServer#start: pid=6765 port=8000
[2015-07-25 23:38:32] ERROR `/' not found.
localhost - - [25/Jul/2015:23:38:32 MYT] "GET / HTTP/1.1" 404 284
- -> /
The reason your server is returning that 404 is because the script you've set up is just for an empty WEBrick server; it doesn't actually mount your Rails app. The thread you linked to seemed to be using that script just as a minimal test for the SSL functionality. The full answer to getting WEBrick to work with SSL looks to be answered here: How do you configure WEBrick to use SSL in Rails?
However, I wouldn't recommend you bother. WEBrick is strictly meant as a development-only server, and isn't suitable for use in production (which is why it's hard to get it to do things like use SSL). Instead, either set up nginx as a SSL-serving proxy to your app or use a server which supports SSL easily, like thin does.
Related
So my app in production has totally crashed with this message:
Filter chain halted as #<Proc:0x007f766547ea18#/app/vendor/bundle/ruby/2.1.0/gems/actionpack-4.1.1/lib/action_controller/metal/force_ssl.rb:65> rendered or redirected
I've done some research online and so far this seems to happen mostly in local dev mode when the port is lost. But I'm not sure why this would be happening in my Heroku app... for context the code has not changed, and it was working fine as of 30 minutes ago. I'm using CloudFlare, but I checked that the bare your-app-name.herokuapp.com is also broken with the same error.
Any help appreciated!
I got this same error but on my development environment in rails 4.0 (because of an controller with force_ssl on it).
I solved this using the thin web server with ssl support, like so:
Add the thin gem to my Gemfile on the development group:
group :development do
gem 'thin'
end
Run bundle install on your termnal:
bundle install
Start thin with ssl support on terminal:
bundle exec thin start --ssl
Access the page via https on your web browser:
The protocol need to be https at the beginning, otherwise you can get an empty response. (ERR_EMPTY_RESPONSE)
https://localhost:3000/
If you get your connection refused (ERR_CONNECTION_REFUSED) you'll need to define the loopback ip address on the server params:
bundle exec thin start --ssl -a 127.0.0.1
You'll get an privacy error, jus click on Advanced and on Go to localhost (not safe)
Sorry my image is in pt-br:
It's done! You'll get an self-signed https connection on localhost in development mode ;)
The deployment was successful and everything is green. But when we try to access the application URL, it gives 502 Bad Gateway error.
Checking for puma process with ps -aux | grep puma doesn't return any process attached to puma server but pgrep returns following.
$pgrep -fl puma
18009 su -s /bin/bash -c bundle exec puma -C /opt/elasticbeanstalk/support/conf/pumaconf.rb webapp
18031 ruby /opt/rubies/ruby-2.0.0-p598/bin/puma -C /opt/elasticbeanstalk/support/conf/pumaconf.rb
I have tried all possible combinations, as shown in every other forum/blog OR support sites of nginx/puma. Following is the status.
Default configuration - Where we have UNIX:// sock file used in the UPSTREAM option of nginx.conf and pumaconf.rb - This gives 502 bad gatway. When checked, puma is not running and it is rebooting every 3rd minute.
As we have used it in DigitalOcean - Change the above UPSTREAM conf URL to tcp://127.0.0.1:3000 in pumaconf.rb and 127.0.0.1:3000 in conf.d/webapp.conf file. - This is also not working, puma is not able to run properly same as above.
My question is,
Why there is no control over running puma with diff. configurations? And why we have to always use the UI, which is not able to run the services properly as per other standard configuration options?
There is no configuration options from UI, to change/verify from the UI. So we have to do it from SSH. But, we have no control over rebooting PUMA from console.
Whenever puma is not running, we are not able to see any logs of what error it is facing. This is really not helpful at all.
Puma is not able to run even with default configurations, so it nginx is not able to talk to Puma and so the EC2 does not really make sense!
Please let us know, how we can resolve this issue, if you have any idea on this.
See this - https://forums.aws.amazon.com/thread.jspa?messageID=608148򔞔
Still no answers on this one, this is like our hands are cuffed and not able to change any configurations!
UPDATE
AWS is somehow stopping and starting PUMA, because i can see the process IDs changing when checking with ps -ef|grep puma. So, I started the puma to work on another port and tried to check if it runs or not.
Started on another port, and then from another console accessing the URL using wget http://127.0.0.1:3000. It prints the following log.
current]$ bundle exec puma -b tcp://127.0.0.1:3001
Puma 2.0.1 starting...
* Min threads: 0, max threads: 16
* Environment: production
* Listening on tcp://127.0.0.1:3001
Rails Error: Unable to access log file. Please ensure that /var/app/current/log/production.log exists and is chmod 0666. The log level has been raised to WARN and the output directed to STDERR until the problem is fixed.
Use Ctrl-C to stop
2015-03-16 13:19:35 +0000: HTTP parse error, malformed request (): #<Puma::HttpParserError: Invalid HTTP format, parsing fails.>
2015-03-16 13:19:35 +0000: ENV: {"rack.version"=>[1, 1], "rack.errors"=>#<IO:<STDERR>>, "rack.multithread"=>true, "rack.multiprocess"=>false, "rack.run_once"=>false, "SCRIPT_NAME"=>"", "CONTENT_TYPE"=>"text/plain", "QUERY_STRING"=>"", "SERVER_PROTOCOL"=>"HTTP/1.1", "SERVER_SOFTWARE"=>"2.0.1", "GATEWAY_INTERFACE"=>"CGI/1.2"}
So, is it compulsory to use SSL? Because I think by default, it is not enabled.
I had this issue after uploading my rails app, I found this line (auto generated) on secrets.yml (config > secrets.yml) :secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>
so you have to add it as an environment variable to your environment.
In the environment dashboard go to Configuration > Software > Environment properties and add a new variable with name SECRET_KEY_BASE.
You can set any value but make sure it is a safe key.
This resolved the issue for me, I hope it helps.
I could not fix this problem. Also we supposed to use EC2 free instance only instead of BeanStalk.
We have now moved to Free EC2 instance with RDS and deployed the rails application using Capistrano with Nginx + Unicorn. Though it was not easy[1][2] but finally we got it working.
I want to develop my Ruby on Rails application locally with SSL/HTTPS, but I'm having trouble trying to setup a server to use SSL. The following are the things I've already tried so far:
rails server [options]
The rails server command doesn't come with an ssl option (rails server --help):
Usage: rails server [mongrel, thin, etc] [options]
-p, --port=port Runs Rails on the specified port.
Default: 3000
-b, --binding=ip Binds Rails to the specified ip.
Default: 0.0.0.0
-c, --config=file Use custom rackup configuration file
-d, --daemon Make server run as a Daemon.
-u, --debugger Enable the debugger
-e, --environment=name Specifies the environment to run this server under
(test/development/production).
Default: development
-P, --pid=pid Specifies the PID file.
Default: tmp/pids/server.pid
-h, --help Show this help message.
Custom WEBrick instance with automatically generated self-signed SSL certificate
My Code
Following along with the WEBrick documentation for HTTPS, I made the following Ruby script that I run as ruby server.rb:
require 'webrick'
include WEBrick
root = File.expand_path './public'
cert_name = [
%w[CN localhost],
]
server = HTTPServer.new(
:BindAddress => '127.0.0.1',
:Port => '4430',
:DocumentRoot => root,
:SSLEnable => true,
:SSLCertName => cert_name # LOOK! SSLCertName IS SET!
)
# Shutdown gracefully on signal interrupt CTRL-C
# http://www.ruby-doc.org/core-2.1.1/Kernel.html#method-i-trap
trap('INT') { server.shutdown }
server.start
According to the documentation I linked to above:
This will start the server with a self-generated self-signed certificate.
and according to the documentation for WEBrick::Config,
WEBrick can automatically create a self-signed certificate if :SSLCertName is set.
The Errors
When I start the server, I get the following output:
INFO WEBrick 1.3.1
INFO ruby 2.1.1 (2014-02-24) [x86_64-darwin13.0]
INFO WEBrick::HTTPServer#start: pid=26059 port=4430
However, when I try to access https://localhost:4430/robots.txt, I get the following error in Chrome 33.0.1750.117:
and the following error when I try the same url in Firefox 27.0.1:
I looked up the ssl_error_rx_record_too_long error, and it looks like it can be caused by a few different things. Maybe WEBrick is still listening for HTTP requests on port 80, but that seems odd considering I explicitly set it to enable SSL on port 4430.
Access Logs
Additionally, here are the access log contents from WEBrick when I make the request for https://localhost:4430/robots.txt from Chrome, but I have no idea what any of it means (it looks like it's encoded in hex or something):
ERROR bad Request-Line `\x16\x03\x01\x02\x00\x01\x00\x01ü\x03\x03S\x15ußð'¦\x14·áÚOá,j\x7FÅ=üüNn#\x02ëý\x0Fø‚\x00\x00(À+À/\x00žÌ\x14Ì\x13\x00œÀ'.
localhost - - [04/Mar/2014:01:42:39 EST] "\x16\x03\x01\x02\x00\x01\x00\x01ü\x03\x03S\x15ußð'¦\x14·áÚOá,j\x7FÅ=üüNn#\x02ëý\x0Fø‚\x00\x00(À+À/\x00žÌ\x14Ì\x13\x00œÀ" 400 417
- ->
ERROR bad Request-Line `\x16\x03\x01\x02\x00\x01\x00\x01ü\x03\x02S\x15ußj\x05ç©!€¿'ÄÃåë!t…ß\x06pDÒÒ4?”»7\x19\x00\x00\x1EV\x00À'.
localhost - - [04/Mar/2014:01:42:39 EST] "\x16\x03\x01\x02\x00\x01\x00\x01ü\x03\x02S\x15ußj\x05ç©!€¿'ÄÃåë!t…ß\x06pDÒÒ4?”»7\x19\x00\x00\x1EV\x00À" 400 398
- ->
ERROR bad Request-Line `\x16\x03\x01\x02\x00\x01\x00\x01ü\x03\x01S\x15ußñom¾u<n¨ý9yö“¤Øcƒ{½wh)M#š1;\x00\x00\x1EV\x00À'.
localhost - - [04/Mar/2014:01:42:39 EST] "\x16\x03\x01\x02\x00\x01\x00\x01ü\x03\x01S\x15ußñom¾u<n¨ý9yö“¤Øcƒ{½wh)M#š1;\x00\x00\x1EV\x00À" 400 392
- ->
ERROR bad URI `\x04ËB¿É\\ ˆ2ðiwñ·*\x02\x06^´\x00#v\x00\x00\x14\x00ÿV\x00\x009\x005\x003\x002\x00\x05\x00\x04\x00/\x00'.
localhost - - [04/Mar/2014:01:42:39 EST] "\x16\x03\x00\x00?\x01\x00\x00;\x03\x00S\x15uß…N®ˆ\r\x04ËB¿É\\ ˆ2ðiwñ·*\x02\x06^´\x00#v\x00\x00\x14\x00ÿV\x00\x009\x005\x003\x002\x00\x05\x00\x04\x00/\x00" 400 389
- -> \x04ËB¿É\\ ˆ2ðiwñ·*\x02\x06^´\x00#v\x00\x00\x14\x00ÿV\x00\x009\x005\x003\x002\x00\x05\x00\x04\x00/\x00
Ruby Source for SSL Module
Also, I checked the Ruby source code for the SSL module, but I don't see anything obvious in there for why this might not be working:
def setup_ssl_context(config) # :nodoc:
unless config[:SSLCertificate]
cn = config[:SSLCertName]
comment = config[:SSLCertComment]
cert, key = Utils::create_self_signed_cert(1024, cn, comment) # LOOK HERE!
config[:SSLCertificate] = cert
config[:SSLPrivateKey] = key
end
# etc...
end
# Higher up in the file...
def create_self_signed_cert(bits, cn, comment)
# etc ...
cert = OpenSSL::X509::Certificate.new
cert.version = 2
cert.serial = 1
name = OpenSSL::X509::Name.new(cn)
cert.subject = name
cert.issuer = name
# etc ...
end
My Environment
Here are the following things I'm using for development:
OS X Mavericks.
Ruby 2.1.1.
Rails 4.0.3.
Summary
So this is where I'm at currently, and I'm not sure how to proceed. I'm aware that I can just pass my own self-signed certificate file (generated with something like OpenSSL) to WEBrick, but the documentation says that WEBrick can automatically generate its own, and I'm really interested in getting that to work.
I'm also aware that I can use a different webserver like Thin with its --ssl option, but again, I wanted to use WEBrick, because it's the "out-of-the-box" web server for Rails, I want to be able to easily and quickly setup a development SSL web server without having to download additional gems and stuff like that.
I'm also aware that this solution exists, but again, I'm interested in having WEBrick automatically generate its own certificate (and besides, that solution seems to be a little overly complicated for what I'm trying to do).
So does anyone have any ideas of what might be wrong?
Okay, I figured out what was wrong, I should've paid closer attention to the instructions for HTTPS in WEBrick, this is the exact code from the example:
require 'webrick'
require 'webrick/https' # SEE THIS?
cert_name = [
%w[CN localhost],
]
server = WEBrick::HTTPServer.new(:Port => 8000,
:SSLEnable => true,
:SSLCertName => cert_name)
See that line that says require 'webrick/https'? I didn't have that in my original config. I didn't think that I'd need it.
Once I added it, my script started serving over HTTPS, and I could finally connect to https://localhost:4430/robots.txt. <face-palm>
I'm following Michael Hartl's Rails Tutorial, and for some reason, I am unable to test the sample app on Google Chrome. I test it by first running the rails server, then going to "localhost:3000" on the browser. When I run the rails server, and go to localhost:3000 on Firefox, it works fine and I can use the app. When then on Chrome, I get:
"SSL connection error
Unable to make a secure connection to the server. This may be a problem with the server, or it may be requiring a client authentication certificate that you don't have.
Error 107 (net::ERR_SSL_PROTOCOL_ERROR): SSL protocol error."
In CMD (I use windows 7), after I run the rails server, and I attempt to go to localhost:3000, I get these errors:
14:22:19] INFO WEBrick 1.3.1
14:22:19] INFO ruby 1.9.3 (2012-02-16) [i386-mingw32]
14:22:19] INFO WEBrick::HTTPServer#start: pid=3064 port=3000
14:22:48] ERROR bad URI `2r?f?\x06\x01\x1Akh/'f??\x10'?j?<\x00\x00H?'.
14:22:48] ERROR bad Request-Line `\x16\x03\x01\x00?\x01\x00\x00?\x03\x02Q"\x7F?\x18??#?X?F???#K???\x17?#?e??4?k`?\x00\x00H?'.
14:22:49] ERROR bad URI `?'.
14:22:49] ERROR bad URI `??x\x1F?\x06??M??IL?C\x00\x00*\x00?\x00?\x00?\x009\x008\x00?\x005\x00E\x00D\x00f\x003\x002\x00?\x00A\x00\x05\x00\x
I had the same problem. As #looseseal_90 said in comments, you should try to clear the cookies and reload the page.
(I know that everyone can read a comment, but it would be better the question to have the answer :-)
I'm working on enabling SSL on a Rails app in a staging environment that uses the Thin gem. It seems like I'm only a few steps away. I've set config.force_ssl = true in config/environments/staging.rb.
Since I haven't told Thin where the SSL certificate and key are, rails puts !! Invalid request. At least I think that's why it's doing that.
I found that Thin can accept arguments to determine the location of the SSL certificate and key files, as in this answer. However, I can't figure out where to tell Rails to start Thin with these arguments. How do I do this?
If you're starting from the command line, you can run thin start --ssl instead of rails server (plus any other options listed in How can I pass SSL options into "rails server" in Rails 3.0?)