如何配置WEBrick在Rails中使用SSL?

时间:2021-07-15 07:18:47

Prior to Rails 3, you could modify the script/server file to add in SSL parameters and tell the server command to use the HTTPS version of WEBrick. Now that all of those scripts are gone, does anyone know how to get this to work with Rails 3 or 4?

在Rails 3之前,您可以修改脚本/服务器文件以添加SSL参数,并告诉服务器命令使用HTTPS版本的WEBrick。现在所有这些脚本都消失了,有没有人知道如何使用Rails 3或4?

2 个解决方案

#1

25  

While the scripts directory in Rails 4 is gone, the bin directory remains. You can get WEBrick working with an SSL certificate by editing the bin/rails script. Tested on Rails 4 and Ruby 2.1.1, installed with rbenv.

当Rails 4中的脚本目录消失时,bin目录仍然存在。您可以通过编辑bin / rails脚本来使WEBrick使用SSL证书。测试Rails 4和Ruby 2.1.1,与rbenv一起安装。

Much of this is from this blog post and this Stack Overflow question.

其中大部分来自此博客文章和此Stack Overflow问题。

#!/usr/bin/env ruby

require 'rails/commands/server'
require 'rack'
require 'webrick'
require 'webrick/https'

if ENV['SSL'] == "true"
  module Rails
      class Server < ::Rack::Server
          def default_options
              super.merge({
                  :Port => 3001,
                  :environment => (ENV['RAILS_ENV'] || "development").dup,
                  :daemonize => false,
                  :debugger => false,
                  :pid => File.expand_path("tmp/pids/server.pid"),
                  :config => File.expand_path("config.ru"),
                  :SSLEnable => true,
                  :SSLVerifyClient => OpenSSL::SSL::VERIFY_NONE,
                  :SSLPrivateKey => OpenSSL::PKey::RSA.new(
                                   File.open("certs/server.key").read),
                  :SSLCertificate => OpenSSL::X509::Certificate.new(
                                   File.open("certs/server.crt").read),
                  :SSLCertName => [["CN", WEBrick::Utils::getservername]],
              })
          end
      end
  end
end

APP_PATH = File.expand_path('../../config/application',  __FILE__)
require_relative '../config/boot'
require 'rails/commands'

Starting the rails server from the app directory works to start an SSL enabled server now when the SSL environment variable is set to true, and the default rails settings are retained when the environment variable is omitted.

当SSL环境变量设置为true时,从app目录启动rails服务器现在可以启动启用SSL的服务器,并且在省略环境变量时保留默认的rails设置。

$ SSL=true rails s
=> Booting WEBrick
=> Rails 4.1.0 application starting in development on https://0.0.0.0:3001
=> Run `rails server -h` for more startup options
=> Notice: server is listening on all interfaces (0.0.0.0). Consider using 127.0.0.1 (--binding option)
=> Ctrl-C to shutdown server
[2014-04-24 22:59:10] INFO  WEBrick 1.3.1
[2014-04-24 22:59:10] INFO  ruby 2.1.1 (2014-02-24) [x86_64-darwin13.0]
[2014-04-24 22:59:10] INFO  
Certificate:
    Data:
...

If you don't want to use a pre generated certificate, you can use WEBrick's Utils::create_self_signed_cert, as outlined in this answer:

如果您不想使用预生成的证书,可以使用WEBrick的Utils :: create_self_signed_cert,如下面的答案所示:

Configure WEBrick to use automatically generated self-signed SSL/HTTPS certificate

配置WEBrick以使用自动生成的自签名SSL / HTTPS证书

#2

20  

An Alternative to SSL/HTTPS on WEBrick: SSL/HTTPS on Thin

As an alternative to trying to set up WEBrick to use HTTPS/SSL for your Rails app, you can try switching to using the Thin server instead, because it comes with convenient options for setting up HTTPS/SSL out-of-the-box.

作为尝试设置WEBrick为您的Rails应用程序使用HTTPS / SSL的替代方法,您可以尝试切换到使用Thin服务器,因为它提供了方便的选项来设置开箱即用的HTTPS / SSL。

Installing Thin

First, add Thin as a gem to your Gemfile:

首先,将Thin作为gem添加到Gemfile中:

gem 'thin'

Then run bundle install from the command line.

然后从命令行运行bundle install。

Using Thin HTTPS/SSL for Development Environments

If you just want to test your Rails app using HTTPS/SSL in your local development environment, then you simply run

如果您只想在本地开发环境中使用HTTPS / SSL测试Rails应用程序,那么您只需运行即可

thin start --ssl

I have to emphasize that this is not suitable for production environments, because you need to use a valid SSL certificate from a Certificate Authority in order for SSL/HTTPS connections to be verifiable and secure.

我必须强调,这不适用于生产环境,因为您需要使用来自证书颁发机构的有效SSL证书才能使SSL / HTTPS连接可验证且安全。

Additional Options

There are also other options that you can pass to Thin. You can get a full list of them by running thin --help. For example, I like to specify my own ip-address and port, as well as daemonizing Thin into a background process:

还有其他选项可以传递给Thin。您可以通过运行thin --help来获取它们的完整列表。例如,我喜欢指定自己的ip-address和端口,以及将后台进程守护瘦进程:

thin start --ssl \
  --address <ip-address> \
  --port <port> \
  --daemonize

Using Thin HTTPS/SSL with an SSL Certificate

If you want to tell Thin to use an SSL certificate (for example, one that you've obtained from a valid Certificate Authority), then you can use these options:

如果您想告诉Thin使用SSL证书(例如,您从有效的证书颁发机构获得的证书),那么您可以使用以下选项:

thin start --ssl \
  --ssl-cert-file <path-to-public-certificate> \
  --ssl-key-file <path-to-private-key>

#1

25  

While the scripts directory in Rails 4 is gone, the bin directory remains. You can get WEBrick working with an SSL certificate by editing the bin/rails script. Tested on Rails 4 and Ruby 2.1.1, installed with rbenv.

当Rails 4中的脚本目录消失时,bin目录仍然存在。您可以通过编辑bin / rails脚本来使WEBrick使用SSL证书。测试Rails 4和Ruby 2.1.1,与rbenv一起安装。

Much of this is from this blog post and this Stack Overflow question.

其中大部分来自此博客文章和此Stack Overflow问题。

#!/usr/bin/env ruby

require 'rails/commands/server'
require 'rack'
require 'webrick'
require 'webrick/https'

if ENV['SSL'] == "true"
  module Rails
      class Server < ::Rack::Server
          def default_options
              super.merge({
                  :Port => 3001,
                  :environment => (ENV['RAILS_ENV'] || "development").dup,
                  :daemonize => false,
                  :debugger => false,
                  :pid => File.expand_path("tmp/pids/server.pid"),
                  :config => File.expand_path("config.ru"),
                  :SSLEnable => true,
                  :SSLVerifyClient => OpenSSL::SSL::VERIFY_NONE,
                  :SSLPrivateKey => OpenSSL::PKey::RSA.new(
                                   File.open("certs/server.key").read),
                  :SSLCertificate => OpenSSL::X509::Certificate.new(
                                   File.open("certs/server.crt").read),
                  :SSLCertName => [["CN", WEBrick::Utils::getservername]],
              })
          end
      end
  end
end

APP_PATH = File.expand_path('../../config/application',  __FILE__)
require_relative '../config/boot'
require 'rails/commands'

Starting the rails server from the app directory works to start an SSL enabled server now when the SSL environment variable is set to true, and the default rails settings are retained when the environment variable is omitted.

当SSL环境变量设置为true时,从app目录启动rails服务器现在可以启动启用SSL的服务器,并且在省略环境变量时保留默认的rails设置。

$ SSL=true rails s
=> Booting WEBrick
=> Rails 4.1.0 application starting in development on https://0.0.0.0:3001
=> Run `rails server -h` for more startup options
=> Notice: server is listening on all interfaces (0.0.0.0). Consider using 127.0.0.1 (--binding option)
=> Ctrl-C to shutdown server
[2014-04-24 22:59:10] INFO  WEBrick 1.3.1
[2014-04-24 22:59:10] INFO  ruby 2.1.1 (2014-02-24) [x86_64-darwin13.0]
[2014-04-24 22:59:10] INFO  
Certificate:
    Data:
...

If you don't want to use a pre generated certificate, you can use WEBrick's Utils::create_self_signed_cert, as outlined in this answer:

如果您不想使用预生成的证书,可以使用WEBrick的Utils :: create_self_signed_cert,如下面的答案所示:

Configure WEBrick to use automatically generated self-signed SSL/HTTPS certificate

配置WEBrick以使用自动生成的自签名SSL / HTTPS证书

#2

20  

An Alternative to SSL/HTTPS on WEBrick: SSL/HTTPS on Thin

As an alternative to trying to set up WEBrick to use HTTPS/SSL for your Rails app, you can try switching to using the Thin server instead, because it comes with convenient options for setting up HTTPS/SSL out-of-the-box.

作为尝试设置WEBrick为您的Rails应用程序使用HTTPS / SSL的替代方法,您可以尝试切换到使用Thin服务器,因为它提供了方便的选项来设置开箱即用的HTTPS / SSL。

Installing Thin

First, add Thin as a gem to your Gemfile:

首先,将Thin作为gem添加到Gemfile中:

gem 'thin'

Then run bundle install from the command line.

然后从命令行运行bundle install。

Using Thin HTTPS/SSL for Development Environments

If you just want to test your Rails app using HTTPS/SSL in your local development environment, then you simply run

如果您只想在本地开发环境中使用HTTPS / SSL测试Rails应用程序,那么您只需运行即可

thin start --ssl

I have to emphasize that this is not suitable for production environments, because you need to use a valid SSL certificate from a Certificate Authority in order for SSL/HTTPS connections to be verifiable and secure.

我必须强调,这不适用于生产环境,因为您需要使用来自证书颁发机构的有效SSL证书才能使SSL / HTTPS连接可验证且安全。

Additional Options

There are also other options that you can pass to Thin. You can get a full list of them by running thin --help. For example, I like to specify my own ip-address and port, as well as daemonizing Thin into a background process:

还有其他选项可以传递给Thin。您可以通过运行thin --help来获取它们的完整列表。例如,我喜欢指定自己的ip-address和端口,以及将后台进程守护瘦进程:

thin start --ssl \
  --address <ip-address> \
  --port <port> \
  --daemonize

Using Thin HTTPS/SSL with an SSL Certificate

If you want to tell Thin to use an SSL certificate (for example, one that you've obtained from a valid Certificate Authority), then you can use these options:

如果您想告诉Thin使用SSL证书(例如,您从有效的证书颁发机构获得的证书),那么您可以使用以下选项:

thin start --ssl \
  --ssl-cert-file <path-to-public-certificate> \
  --ssl-key-file <path-to-private-key>
标签:

相关文章