如何将 SSL 选项传递到“rails 服务器”在 Rails 3.0 中？

发布于 2024-09-16 07:03:14 字数 825 浏览 4 评论 0原文

有没有办法使用自定义机架配置或类似的东西将 SSL 选项传递到“rails 服务器”（在 Rails 3.0.0 上）？我正在尝试做两件事：

使 Cucumber 能够运行涉及安全和非安全 URL 的测试，并使
新开发人员变得简单，这样他们就不必设置 Apache 并配置所有 SSL/证书内容在他们甚至可以编写一行代码之前。

在 2.3.8 上，我们有一个分叉的脚本/服务器，它将在第二个端口上启动一个特殊的 WEBrick，并提供所有适当的 SSL 选项。当然，当我尝试升级到 Rails 3 时，这个问题就爆发了，所以我试图找出如何解决这个问题，并且最好以一种不涉及分叉任何东西的方式来解决。

在我们的分叉脚本/服务器中，我们设置了如下选项：

:SSLEnable        => true,
:SSLVerifyClient    => OpenSSL::SSL::VERIFY_NONE,
:SSLPrivateKey        => OpenSSL::PKey::RSA.new(File.open(current_dir + "/config/certs/server.key").read),
:SSLCertificate         => OpenSSL::X509::Certificate.new(File.open(current_dir + "/config/certs/server.crt").read),
:SSLCertName    => [ [ "CN", WEBrick::Utils::getservername ] ]

但我不知道如何在新框架中执行此操作。

感谢您的帮助！

原文

Is there a way to pass SSL options into "rails server" (on Rails 3.0.0), using a custom Rack config or something similar? I'm trying to do two things:

enable Cucumber to run tests that involve both secure and non-secure URL's, and
make things simple for new developers, so they don't have to set up Apache and configure all the SSL/cert stuff before they can even write a line of code.

On 2.3.8 we had a forked script/server that would start up a special WEBrick on a second port with all the appropriate SSL options. Of course that blew up when I tried upgrading to Rails 3, so I'm trying to figure out how to fix this, and ideally do it in a way that doesn't involve forking anything.

In our forked script/server we were setting options like the following:

:SSLEnable        => true,
:SSLVerifyClient    => OpenSSL::SSL::VERIFY_NONE,
:SSLPrivateKey        => OpenSSL::PKey::RSA.new(File.open(current_dir + "/config/certs/server.key").read),
:SSLCertificate         => OpenSSL::X509::Certificate.new(File.open(current_dir + "/config/certs/server.crt").read),
:SSLCertName    => [ [ "CN", WEBrick::Utils::getservername ] ]

but I don't know how to do that in the new framework.

Thanks for any help!

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

余生共白头 2024-09-23 07:03:14

查看 Thin 服务器来代替 WEBrick。使用 Thin 有很多好处，我无法在这里全部列出，但它应该可以解决您的问题，因为它支持 SSL。

启动 thin 时，传递以下选项：

SSL options:
    --ssl                        Enables SSL
    --ssl-key-file PATH          Path to private key
    --ssl-cert-file PATH         Path to certificate
    --ssl-verify                 Enables SSL certificate verification

在生产中，您理想情况下希望在 Nginx 或 Apache 层处理 SSL，但这应该可以满足您的开发需求。

Take a look at the Thin server in place of WEBrick. There are so many benefits of using Thin that I can't list them all here, but it should address your issue since it supports SSL.

When starting thin, pass the following options:

SSL options:
    --ssl                        Enables SSL
    --ssl-key-file PATH          Path to private key
    --ssl-cert-file PATH         Path to certificate
    --ssl-verify                 Enables SSL certificate verification

In production, you will ideally want to handle SSL at the Nginx or Apache layer, but this should handle your development requirements.

回复收藏 0 原文

五里雾 2024-09-23 07:03:14

这是我想出的解决方案。我将 script/rails 修改为如下所示：

#!/usr/bin/env ruby
# This command will automatically be run when you run "rails" with Rails 3 gems installed from the root of your application.

APP_PATH = File.expand_path('../../config/application',  __FILE__)
require File.expand_path('../../config/boot',  __FILE__)

# Hack our SSL certs into Thin TcpServer, only in development environment
require 'thin'
module Thin
  module Backends
    TcpServer.class_eval do
      def initialize_with_SSL(host, port)
        if Rails.env.development?
          Rails.logger.info "Loading SSL certs from ./ssl_dev..."
          @ssl = true
          @ssl_options = {
            :private_key_file => File.expand_path("../../ssl_dev/server.key", __FILE__),
            :cert_chain_file  => File.expand_path("../../ssl_dev/server.crt", __FILE__),
            :verify_peer => nil
          }
        end

        initialize_without_SSL(host, port)
      end

      alias_method :initialize_without_SSL, :initialize
      alias_method :initialize, :initialize_with_SSL      
    end
  end
end

# Must load 'rails/commands' after Thin SSL hack
require 'rails/commands'

Here's the solution I came up with. I modified script/rails to look like this:

#!/usr/bin/env ruby
# This command will automatically be run when you run "rails" with Rails 3 gems installed from the root of your application.

APP_PATH = File.expand_path('../../config/application',  __FILE__)
require File.expand_path('../../config/boot',  __FILE__)

# Hack our SSL certs into Thin TcpServer, only in development environment
require 'thin'
module Thin
  module Backends
    TcpServer.class_eval do
      def initialize_with_SSL(host, port)
        if Rails.env.development?
          Rails.logger.info "Loading SSL certs from ./ssl_dev..."
          @ssl = true
          @ssl_options = {
            :private_key_file => File.expand_path("../../ssl_dev/server.key", __FILE__),
            :cert_chain_file  => File.expand_path("../../ssl_dev/server.crt", __FILE__),
            :verify_peer => nil
          }
        end

        initialize_without_SSL(host, port)
      end

      alias_method :initialize_without_SSL, :initialize
      alias_method :initialize, :initialize_with_SSL      
    end
  end
end

# Must load 'rails/commands' after Thin SSL hack
require 'rails/commands'

回复收藏 0 原文

~没有更多了~