pow 很棒,但是我的应用程序中的许多内容都假设 https,并且遍历所有内容并添加将是一件痛苦的事情“如果不是开发环境”。是否可以使用 pow 服务 https?
pow is great, but many things in my app assume https, and it would be a pain to go through them all and add "if not dev environment". Is it possible to have pow serve https?
发布评论
评论(7)
选项 1:使用 Pow noreferrer">隧道
我一直遇到隧道解决方案的问题,该解决方案很棒,但会被浏览器认为不安全,这会导致您头痛时例如使用 CORS。
我已经测试了 PowSSL 解决方案(使用 Stud 的解决方案),但它缺少
HTTP_X_FORWARDED_PROTO,当您的应用程序需要知道是否它是通过 HTTP 或 HTTPS 请求的(好吧,它永远不会知道它是 HTTPS)。但是后面的方法非常棒,因为它为所有配置的 POW
.dev域生成了有效的证书!所以我构建了tunnelss 结合了两种方法:它是隧道的分支,并且添加了证书生成!
我希望你会喜欢它,如果你想完成它,请随时发送拉取请求,这只是目前在 MacOS X 上工作的快速破解...
选项 2:切换到 Invoker (使用 我的fork... 暂时)
Invoker 是 Pow 的一个很好的替代品,因为它本身就包含 HTTPS 支持。您无需在 Pow 之上添加另一个解决方案即可获得 HTTPS!
然而,与 Pow 相比,我发现它有两个限制:
这些限制并不难克服,我提出了一个拉取请求,其中包含两项更改。在它被接受之前,您可以使用以下命令安装分叉版本:
通过此分叉,您将能够使用全局配置,例如
~/.invoker.ini,如下所示:...并使用以下命令将 Invoker 作为代理运行:
Option 1: Complete Pow with Tunnelss
I've been having issue with the Tunnels solution, which is great but will be noticed as insecure by the browser, which will cause you headaches when playing with CORS for example.
I've tested the PowSSL solution (the one using Stud), but it was missing the
HTTP_X_FORWARDED_PROTO, which will cause you another set of headaches when your app needs to know if it has been requested through HTTP or HTTPS (well, it will never know it was HTTPS).But this later approach was great because it was generating a valid certificate for all the configured POW
.devdomains!So I built tunnelss which combines the two approaches: it's a fork of tunnels, and it adds certificate generation!
I hope you'll enjoy it, feel free to send pull requests if you want to complete it, it's just a fast hack working on MacOS X for now...
Option 2: Switch to Invoker (using my fork... for now)
Invoker is a great replacement to Pow since it natively includes HTTPS support. You won't have to add another solution on top of Pow to get HTTPS!
However, in comparison with Pow, I found it had 2 limitations:
These limitations were not difficult to overcome and I made a pull request with the 2 changes. Until it's accepted, you can install the forked version using this:
With this fork, you'll be able to use a global config, for example
~/.invoker.inilike this one:...and run Invoker as a proxy with this command:
使用 stunnel 创建到 pow 服务器的隧道。
喜欢:
Use stunnel to create a tunnel to the pow server.
Like:
POW 目前不支持 SSL (https://github.com/37signals/pow/issues/5 )。然而,许多其他人也有同样的愿望,因此希望它将包含在未来的版本中!
如果您不想经历修改代码的麻烦,最好的替代解决方案是设置 Apache 并生成开发 SSL 证书。不幸的是,这需要修改你的主机文件,并且不像 POW 那样“灵活”,但从好的方面来说,它避免了讨厌的环境特定条件。
编辑:
最新更新是可以使用 Nginx 使用 SSL 配置 POW,如以下指南所述:
https://gist.github.com/gvarela/928606/
POW currently does not support SSL (https://github.com/37signals/pow/issues/5). However, a number of other people have your same desire so hopefully it will be included in a future release!
Your best alternative solution if you don't want to go through the hassle of modifying your code is to setup Apache and generate a development SSL certificate. This will require modifying your hosts file and isn't as 'slick' as POW unfortunately, but on the plus side it avoids pesky environment specific conditionals.
Edit:
The latest update is that POW can be configured with SSL using Nginx as outlined by the following guide:
https://gist.github.com/gvarela/928606/
我最近创建了一个使用螺柱隧道的脚本。
https://gist.github.com/2050941#file_gistfile1.md
I recently created a script that uses the stud tunnel for this.
https://gist.github.com/2050941#file_gistfile1.md
目前有一种方法可以在使用 SSL 的同时仍然使用 POW,即通过 nginx 设置 SSL 代理。
看看:http://shiny- Bits-of-code.tumblr.com/post/4749553253/ssl-proxy-with-nginx
There is currently a way to use SSL while still using POW by setting up an SSL proxy through nginx.
Take a look at: http://shiny-bits-of-code.tumblr.com/post/4749553253/ssl-proxy-with-nginx
这里也很好地介绍了这一点:
http://railscasts.com/episodes/352-securing- an-api
This is also covered nicely here:
http://railscasts.com/episodes/352-securing-an-api
我发现最简单的方法是使用隧道: https://github.com/jugyo/tunnels
无配置必需的。
The easiest way I found was to use Tunnels: https://github.com/jugyo/tunnels
No configuration required.