如何配置 WEBrick 以在 Rails 中使用 SSL?

发布于 2024-09-17 20:13:07 字数 113 浏览 12 评论 0原文

在 Rails 3 之前,您可以修改脚本/服务器文件以添加 SSL 参数并告诉服务器命令使用 HTTPS 版本的 WEBrick。现在所有这些脚本都消失了,有谁知道如何让它与 Rails 3 或 4 一起工作吗?

Prior to Rails 3, you could modify the script/server file to add in SSL parameters and tell the server command to use the HTTPS version of WEBrick. Now that all of those scripts are gone, does anyone know how to get this to work with Rails 3 or 4?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

蹲在坟头点根烟 2024-09-24 20:13:07

虽然 Rails 4 中的 scripts 目录消失了,但 bin 目录仍然存在。您可以通过编辑 bin/rails 脚本让 WEBrick 使用 SSL 证书。在 Rails 4 和 Ruby 2.1.1 上测试,使用 rbenv 安装。

其中大部分来自 这篇博文这个 Stack Overflow 问题

#!/usr/bin/env ruby

require 'rails/commands/server'
require 'rack'
require 'webrick'
require 'webrick/https'

if ENV['SSL'] == "true"
  module Rails
      class Server < ::Rack::Server
          def default_options
              super.merge({
                  :Port => 3001,
                  :environment => (ENV['RAILS_ENV'] || "development").dup,
                  :daemonize => false,
                  :debugger => false,
                  :pid => File.expand_path("tmp/pids/server.pid"),
                  :config => File.expand_path("config.ru"),
                  :SSLEnable => true,
                  :SSLVerifyClient => OpenSSL::SSL::VERIFY_NONE,
                  :SSLPrivateKey => OpenSSL::PKey::RSA.new(
                                   File.open("certs/server.key").read),
                  :SSLCertificate => OpenSSL::X509::Certificate.new(
                                   File.open("certs/server.crt").read),
                  :SSLCertName => [["CN", WEBrick::Utils::getservername]],
              })
          end
      end
  end
end

APP_PATH = File.expand_path('../../config/application',  __FILE__)
require_relative '../config/boot'
require 'rails/commands'

当 SSL 环境变量设置为 true 时,从应用程序目录启动 Rails 服务器现在可以启动启用 SSL 的服务器,并且当省略环境变量时保留默认的 Rails 设置。

$ SSL=true rails s
=> Booting WEBrick
=> Rails 4.1.0 application starting in development on https://0.0.0.0:3001
=> Run `rails server -h` for more startup options
=> Notice: server is listening on all interfaces (0.0.0.0). Consider using 127.0.0.1 (--binding option)
=> Ctrl-C to shutdown server
[2014-04-24 22:59:10] INFO  WEBrick 1.3.1
[2014-04-24 22:59:10] INFO  ruby 2.1.1 (2014-02-24) [x86_64-darwin13.0]
[2014-04-24 22:59:10] INFO  
Certificate:
    Data:
...

如果您不想使用预先生成的证书,可以使用 WEBrick 的 Utils::create_self_signed_cert,如本答案所述:

将 WEBrick 配置为使用自动生成的自签名 SSL/HTTPS 证书

While the scripts directory in Rails 4 is gone, the bin directory remains. You can get WEBrick working with an SSL certificate by editing the bin/rails script. Tested on Rails 4 and Ruby 2.1.1, installed with rbenv.

Much of this is from this blog post and this Stack Overflow question.

#!/usr/bin/env ruby

require 'rails/commands/server'
require 'rack'
require 'webrick'
require 'webrick/https'

if ENV['SSL'] == "true"
  module Rails
      class Server < ::Rack::Server
          def default_options
              super.merge({
                  :Port => 3001,
                  :environment => (ENV['RAILS_ENV'] || "development").dup,
                  :daemonize => false,
                  :debugger => false,
                  :pid => File.expand_path("tmp/pids/server.pid"),
                  :config => File.expand_path("config.ru"),
                  :SSLEnable => true,
                  :SSLVerifyClient => OpenSSL::SSL::VERIFY_NONE,
                  :SSLPrivateKey => OpenSSL::PKey::RSA.new(
                                   File.open("certs/server.key").read),
                  :SSLCertificate => OpenSSL::X509::Certificate.new(
                                   File.open("certs/server.crt").read),
                  :SSLCertName => [["CN", WEBrick::Utils::getservername]],
              })
          end
      end
  end
end

APP_PATH = File.expand_path('../../config/application',  __FILE__)
require_relative '../config/boot'
require 'rails/commands'

Starting the rails server from the app directory works to start an SSL enabled server now when the SSL environment variable is set to true, and the default rails settings are retained when the environment variable is omitted.

$ SSL=true rails s
=> Booting WEBrick
=> Rails 4.1.0 application starting in development on https://0.0.0.0:3001
=> Run `rails server -h` for more startup options
=> Notice: server is listening on all interfaces (0.0.0.0). Consider using 127.0.0.1 (--binding option)
=> Ctrl-C to shutdown server
[2014-04-24 22:59:10] INFO  WEBrick 1.3.1
[2014-04-24 22:59:10] INFO  ruby 2.1.1 (2014-02-24) [x86_64-darwin13.0]
[2014-04-24 22:59:10] INFO  
Certificate:
    Data:
...

If you don't want to use a pre generated certificate, you can use WEBrick's Utils::create_self_signed_cert, as outlined in this answer:

Configure WEBrick to use automatically generated self-signed SSL/HTTPS certificate

始终不够 2024-09-24 20:13:07

WEBrick 上 SSL/HTTPS 的替代方案:Thin 上的 SSL/HTTPS

作为尝试设置 WEBrick 为 Rails 应用程序使用 HTTPS/SSL 的替代方案,您可以尝试切换到使用 瘦服务器,因为它提供了开箱即用的设置 HTTPS/SSL 的便捷选项。

安装 Thin

首先,将 Thin 作为 gem 添加到 Gemfile 中:

gem 'thin'

然后从命令行运行 bundle install

在开发环境中使用瘦 HTTPS/SSL

如果您只想在本地开发环境中使用 HTTPS/SSL 测试 Rails 应用程序,那么您只需运行

thin start --ssl

我必须强调的一点: 这不适合生产环境,因为您需要使用来自证书颁发机构的有效 SSL 证书,以使 SSL/HTTPS 连接可验证且安全。

其他选项

您还可以将其他选项传递给 Thin。您可以通过运行 Thin --help 来获取它们的完整列表。例如,我喜欢指定我自己的 IP 地址和端口,以及将 Thin 守护进程化为后台进程:

thin start --ssl \
  --address <ip-address> \
  --port <port> \
  --daemonize

将 Thin HTTPS/SSL 与 SSL 证书结合使用

如果您想告诉 Thin 使用 SSL 证书(例如,一个您从有效的证书颁发机构获得的证书),那么您可以使用以下选项:

thin start --ssl \
  --ssl-cert-file <path-to-public-certificate> \
  --ssl-key-file <path-to-private-key>

An Alternative to SSL/HTTPS on WEBrick: SSL/HTTPS on Thin

As an alternative to trying to set up WEBrick to use HTTPS/SSL for your Rails app, you can try switching to using the Thin server instead, because it comes with convenient options for setting up HTTPS/SSL out-of-the-box.

Installing Thin

First, add Thin as a gem to your Gemfile:

gem 'thin'

Then run bundle install from the command line.

Using Thin HTTPS/SSL for Development Environments

If you just want to test your Rails app using HTTPS/SSL in your local development environment, then you simply run

thin start --ssl

I have to emphasize that this is not suitable for production environments, because you need to use a valid SSL certificate from a Certificate Authority in order for SSL/HTTPS connections to be verifiable and secure.

Additional Options

There are also other options that you can pass to Thin. You can get a full list of them by running thin --help. For example, I like to specify my own ip-address and port, as well as daemonizing Thin into a background process:

thin start --ssl \
  --address <ip-address> \
  --port <port> \
  --daemonize

Using Thin HTTPS/SSL with an SSL Certificate

If you want to tell Thin to use an SSL certificate (for example, one that you've obtained from a valid Certificate Authority), then you can use these options:

thin start --ssl \
  --ssl-cert-file <path-to-public-certificate> \
  --ssl-key-file <path-to-private-key>
~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文