How can I pass SSL options into “rails server” in Rails 3.0?

Question

Is there a way to pass SSL options into "rails server" (on Rails 3.0.0), using a custom Rack config or something similar? I'm trying to do two things:

1. enable Cucumber to run tests that involve both secure and non-secure URL's, and
2. make things simple for new developers, so they don't have to set up Apache and configure all the SSL/cert stuff before they can even write a line of code.

On 2.3.8 we had a forked script/server that would start up a special WEBrick on a second port with all the appropriate SSL options. Of course that blew up when I tried upgrading to Rails 3, so I'm trying to figure out how to fix this, and ideally do it in a way that doesn't involve forking anything.

In our forked script/server we were setting options like the following:

:SSLEnable        => true,
:SSLVerifyClient    => OpenSSL::SSL::VERIFY_NONE,
:SSLPrivateKey        => OpenSSL::PKey::RSA.new(File.open(current_dir + "/config/certs/server.key").read),
:SSLCertificate         => OpenSSL::X509::Certificate.new(File.open(current_dir + "/config/certs/server.crt").read),
:SSLCertName    => [ [ "CN", WEBrick::Utils::getservername ] ]

but I don't know how to do that in the new framework.

Thanks for any help!

Answer 1

Take a look at the Thin server in place of WEBrick. There are so many benefits of using Thin that I can't list them all here, but it should address your issue since it supports SSL.

When starting thin, pass the following options:

SSL options:
    --ssl                        Enables SSL
    --ssl-key-file PATH          Path to private key
    --ssl-cert-file PATH         Path to certificate
    --ssl-verify                 Enables SSL certificate verification

In production, you will ideally want to handle SSL at the Nginx or Apache layer, but this should handle your development requirements.

Answer 2

Here's the solution I came up with. I modified script/rails to look like this:

#!/usr/bin/env ruby
# This command will automatically be run when you run "rails" with Rails 3 gems installed from the root of your application.

APP_PATH = File.expand_path('../../config/application',  __FILE__)
require File.expand_path('../../config/boot',  __FILE__)

# Hack our SSL certs into Thin TcpServer, only in development environment
require 'thin'
module Thin
  module Backends
    TcpServer.class_eval do
      def initialize_with_SSL(host, port)
        if Rails.env.development?
          Rails.logger.info "Loading SSL certs from ./ssl_dev..."
          @ssl = true
          @ssl_options = {
            :private_key_file => File.expand_path("../../ssl_dev/server.key", __FILE__),
            :cert_chain_file  => File.expand_path("../../ssl_dev/server.crt", __FILE__),
            :verify_peer => nil
          }
        end

        initialize_without_SSL(host, port)
      end

      alias_method :initialize_without_SSL, :initialize
      alias_method :initialize, :initialize_with_SSL      
    end
  end
end

# Must load 'rails/commands' after Thin SSL hack
require 'rails/commands'