Ruby-on-rails 您如何配置 WEBrick 以在 Rails 中使用 SSL?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/3640993/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How do you configure WEBrick to use SSL in Rails?
提问by Chris
Prior to Rails 3, you could modify the script/server file to add in SSL parameters and tell the server command to use the HTTPS version of WEBrick. Now that all of those scripts are gone, does anyone know how to get this to work with Rails 3 or 4?
在 Rails 3 之前,您可以修改脚本/服务器文件以添加 SSL 参数并告诉服务器命令使用 WEBrick 的 HTTPS 版本。现在所有这些脚本都消失了,有谁知道如何让它与 Rails 3 或 4 一起工作?
回答by JustinParker
While the scriptsdirectory in Rails 4 is gone, the bindirectory remains. You can get WEBrick working with an SSL certificate by editing the bin/railsscript. Tested on Rails 4 and Ruby 2.1.1, installed with rbenv.
虽然scriptsRails 4 中的bin目录消失了,但目录仍然存在。您可以通过编辑bin/rails脚本使 WEBrick 使用 SSL 证书。在 Rails 4 和 Ruby 2.1.1 上测试,安装了 rbenv。
Much of this is from this blog postand this Stack Overflow question.
其中大部分来自这篇博文和这个 Stack Overflow 问题。
#!/usr/bin/env ruby
require 'rails/commands/server'
require 'rack'
require 'webrick'
require 'webrick/https'
if ENV['SSL'] == "true"
module Rails
class Server < ::Rack::Server
def default_options
super.merge({
:Port => 3001,
:environment => (ENV['RAILS_ENV'] || "development").dup,
:daemonize => false,
:debugger => false,
:pid => File.expand_path("tmp/pids/server.pid"),
:config => File.expand_path("config.ru"),
:SSLEnable => true,
:SSLVerifyClient => OpenSSL::SSL::VERIFY_NONE,
:SSLPrivateKey => OpenSSL::PKey::RSA.new(
File.open("certs/server.key").read),
:SSLCertificate => OpenSSL::X509::Certificate.new(
File.open("certs/server.crt").read),
:SSLCertName => [["CN", WEBrick::Utils::getservername]],
})
end
end
end
end
APP_PATH = File.expand_path('../../config/application', __FILE__)
require_relative '../config/boot'
require 'rails/commands'
Starting the rails server from the app directory works to start an SSL enabled server now when the SSL environment variable is set to true, and the default rails settings are retained when the environment variable is omitted.
当 SSL 环境变量设置为 true 时,从 app 目录启动 rails 服务器可以启动启用 SSL 的服务器,并且在省略环境变量时保留默认的 rails 设置。
$ SSL=true rails s
=> Booting WEBrick
=> Rails 4.1.0 application starting in development on https://0.0.0.0:3001
=> Run `rails server -h` for more startup options
=> Notice: server is listening on all interfaces (0.0.0.0). Consider using 127.0.0.1 (--binding option)
=> Ctrl-C to shutdown server
[2014-04-24 22:59:10] INFO WEBrick 1.3.1
[2014-04-24 22:59:10] INFO ruby 2.1.1 (2014-02-24) [x86_64-darwin13.0]
[2014-04-24 22:59:10] INFO
Certificate:
Data:
...
If you don't want to use a pre generated certificate, you can use WEBrick's Utils::create_self_signed_cert, as outlined in this answer:
如果您不想使用预先生成的证书,则可以使用 WEBrick 的Utils::create_self_signed_cert,如本答案所述:
Configure WEBrick to use automatically generated self-signed SSL/HTTPS certificate
回答by JustinParker
An Alternative to SSL/HTTPS on WEBrick: SSL/HTTPS on Thin
WEBrick 上 SSL/HTTPS 的替代方案:Thin 上的 SSL/HTTPS
As an alternative to trying to set up WEBrick to use HTTPS/SSL for your Rails app, you can try switching to using the Thin serverinstead, because it comes with convenient options for setting up HTTPS/SSL out-of-the-box.
作为尝试将 WEBrick 设置为对 Rails 应用程序使用 HTTPS/SSL 的替代方法,您可以尝试改用瘦服务器,因为它提供了用于设置 HTTPS/SSL 开箱即用的便捷选项。
Installing Thin
安装瘦
First, add Thin as a gem to your Gemfile:
首先,将 Thin 作为 gem 添加到您的 Gemfile 中:
gem 'thin'
Then run bundle installfrom the command line.
然后从命令行运行bundle install。
Using Thin HTTPS/SSL for Development Environments
在开发环境中使用 Thin HTTPS/SSL
If you just want to test your Rails app using HTTPS/SSL in your local development environment, then you simply run
如果您只想在本地开发环境中使用 HTTPS/SSL 测试您的 Rails 应用程序,那么您只需运行
thin start --ssl
I have to emphasize that this is not suitable for production environments, because you need to use a valid SSL certificate from a Certificate Authority in order for SSL/HTTPS connections to be verifiable and secure.
我必须强调,这不适合生产环境,因为您需要使用来自证书颁发机构的有效 SSL 证书,以便 SSL/HTTPS 连接可验证且安全。
Additional Options
其他选项
There are also other options that you can pass to Thin. You can get a full list of them by running thin --help. For example, I like to specify my own ip-address and port, as well as daemonizing Thin into a background process:
还有其他选项可以传递给 Thin。您可以通过运行获得它们的完整列表thin --help。例如,我喜欢指定我自己的 ip-address 和 port,以及将 Thin 守护进程到后台进程:
thin start --ssl \
--address <ip-address> \
--port <port> \
--daemonize
Using Thin HTTPS/SSL with an SSL Certificate
将瘦 HTTPS/SSL 与 SSL 证书结合使用
If you want to tell Thin to use an SSL certificate (for example, one that you've obtained from a valid Certificate Authority), then you can use these options:
如果您想告诉 Thin 使用 SSL 证书(例如,您从有效的证书颁发机构获得的证书),则可以使用以下选项:
thin start --ssl \
--ssl-cert-file <path-to-public-certificate> \
--ssl-key-file <path-to-private-key>
