1. 技术文章
  2. Enabling SSL for a thin server and sinatra

Enabling SSL for a thin server and sinatra

混江龙づ霸主 提交于 2019-12-12 14:31:48

问题


I'm trying to enable SSL for my thin server web app so that it can work over HTTPS.

I have done the following:-

launching of thin web server MyApp.run! :host => '127.0.0.1', :port => 9090, :sslenable => true, :sslverifyclient => OpenSSL::SSL::VERIFY_NONE, :sslcertificate => '.ssl/server_key.pem', :sslprivatekey => '.ssl/key.pem'

I generated a self signed certificate and private key using the openssl module in Ruby, created a directory called .ssl and stored them there as pem files.

The web framework I'm using for my web app is Sinatra. I'm also using the rack-ssl gem in the following way..

myapp.rb

require 'rack/ssl'

class MyApp < Sinatra ::Base
use Rack::SSL
use Rack::Session::Cookie,
        :key => '_rack_session', 
        :path => '/',
        :expire_after => 2592000, 
        :secret => ''

...
end

When I go to http://localhost:9090, I would expect to see my app displayed as normal but with a padlock and a cross through it as any http request is being redirected to https and I see the error "webpage is not available". However when I remove ssl-rack ruby gem and restart my app and go to https://localhost:9090,i get an ssl connection error with the following details:

Unable to make a secure connection to the server. This may be a problem with the server, or it may be requiring a client authentication certificate that you don't have. Error code: ERR_SSL_PROTOCOL_ERROR

Can anyone please advise me on how best to configure a thin server to enable SSL?


回答1:


I'm running Sinatra and Thin on Heroku with SSL using the Rack::SslEnforcer, doing this:

if production?
    require 'rack/ssl-enforcer'
    use Rack::SslEnforcer
end

This should be before you enable :sessions in your file. So, Rack::SslEnforcer needs to be placed above the session part when you configure your app.

Somewhat unrelated, but perhaps still relevant, you might consider adding: 

require 'encrypted_cookie'

cookie_config = {        
  :key          => 'usr',
  :path         => "/",
  :expire_after => 86400, # one day in seconds
  :secret       => ENV["COOKIE_KEY"], 
  :httponly     => true
  }
cookie_config.merge!( :secure => true ) if production?

use Rack::Session::EncryptedCookie, cookie_config

You also need to set the COOKIE_KEY in your environment to something secret and long-ish.



来源:https://stackoverflow.com/questions/28432921/enabling-ssl-for-a-thin-server-and-sinatra

标签
ruby
ssl
https
sinatra
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!