Easily build a great vocabulary without studying! Now on the App Store!
Click here for more info about the app
Here are all the commands for setting up your Rails application to server requests over SSL -on Ubuntu, of course.
There are great resources and tutorials at these websites. http://www.tc.umn.edu/~brams006/selfsign.html http://www.tc.umn.edu/~brams006/selfsign_ubuntu.html https://help.ubuntu.com/7.10/server/C/httpd.html#https-configuration
The first thing, of course, is that you need OpenSSL installed.
Once you have it installed, you can use this program to generate certificates. The generation process is interactive. It will prompt you for your name, company details, domain etc. It will also prompt for a passphrase for your certificate. Remember this because you'll be prompted for it when restarting your webserver. If your doing this to test things out, you can make stuff up. If you are doing this for real, and will eventually want to have a certificate authority (CA) validate your generated certs, this information needs to be accurate. This is the purpose of a CA, to validate the identity of companies using certificates!
apt-get install openssl
The program will output certificate files. I assumed you were in your home directory when you generated them. It doesn't really matter where they are located, but for purposes of organization, let's move them to a location that makes sense.
openssl genrsa -des3 -out server.key 1024 openssl rsa -in server.key -out server.key.insecure openssl req -new -key server.key -out server.csr openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
We'll need to install two modules for apache to use Rails over SSL. If you don't have them installed already, run these commands.
cp server.crt /etc/ssl/certs cp server.key /etc/ssl/private
The headers module for apache lets us pass the https:// protocol to our Rails application so that it knows to use https.
sudo a2enmod ssl sudo a2enmod headers
The next step involves creating a VirtualHost that is listening on port 443. Port 443, is the standard port that https:// runs on.
You'll also need to tell Apache to listen on port 443, if SSL module is loaded. This logic should be included out of the box. Take a look in /etc/apache2/ports.conf. If you don't see Listen 443, wrapped in a conditional if mod statement... add Listen 443 to that file.
ServerName secure.example.com DocumentRoot /var/www/secure_website/public SSLEngine On RequestHeader set X_FORWARDED_PROTO "https" #note some tuts mention the +CompatEnvVars options here... ignore it b/c it doesn't work SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire #you'll recog these paths, where we stored the certs here SSLCertificateFile /etc/ssl/certs/server.crt SSLCertificateKeyFile /etc/ssl/private/server.key #force app into production mode... RailsEnv production </VirtualHost>
Force a complete reload of Apache so your certs and modules will be loaded.
You'll want to restart your Rails application as well.
/etc/init.d/apache2 force-reload /etc/init.d/apache2 restart
cd path/to/rails/root/app #if using phusion passenger touch tmp/restart.txt
Now visit your website https://my-ssl.example.railswebsite.com (or whatever it is) and confirm that it is working. You'll be forced to add an exception to your browsers security checks for the domain that is running a self signed certificate. Add the exception and test out your Rails application.