I recently integrated a payment processing module using stripe on our website (readypulse.com). For which, I need to make the payment pages secure and served over HTTPS.
However, setting it up in the development environment in Rails was something not working out of the box. My requirement was to make WEBrick (the default rails server) listen on two different ports, one for HTTP and the other for HTTPS. Following steps worked for me.
On a high level, following steps need to be done.
- Create a Certificate
- Setup WEBrick to use the Certificate
- Test
1. Create a Certificate
You can skip this step and go on to section 2 if you already have a Certificate that you can use. I didn’t have one and I created a self-signed certificate. Follow the steps below to create one for yourself.
Note: I ran these commands on a Linux server, but the certificate itself can be used on any operating system – I am currently using it on Windows 7.
- Open Terminal
- Install openssl if you don’t already have it
yum install openssl
- Generate a RSA Private Key
openssl req -new > yourcompany.cert.csrIt will generate the following Output
1: Generating a 2048 bit RSA private key2: ................................................................................3: ...+++4: writing new private key to 'privkey.pem'5: Enter PEM pass phrase:6: Verifying - Enter PEM pass phrase:7: -----8: You are about to be asked to enter information that will be incorporated9: into your certificate request.10: What you are about to enter is what is called a Distinguished Name or a DN.11: There are quite a few fields but you can leave some blank12: For some fields there will be a default value,13: If you enter '.', the field will be left blank.14: -----15: Country Name (2 letter code) [XX]:US16: State or Province Name (full name) []:Washington17: Locality Name (eg, city) [Default City]:Sammamish18: Organization Name (eg, company) [Default Company Ltd]:Your Company Inc19: Organizational Unit Name (eg, section) []:20: Common Name (eg, your name or your server's hostname) []:*.yourcompany.com21: Email Address []:22:23: Please enter the following 'extra' attributes24: to be sent with your certificate request25: A challenge password []:26: An optional company name []:As a result of this command, you will have two files generated – privkey.pem and yourcompany.cert.csr
- Create a RSA Key
openssl rsa -in privkey.pem -out yourcompany.cert.key
1: Enter pass phrase for privkey.pem:2: writing RSA key - Create a Certificate
openssl x509 -in yourcompany.cert.csr -out yourcompany.cert.crt -req -signkey yourcompany.cert.key -days 365
1: Signature ok2: subject=/C=US/ST=Washington/L=Sammamish/O=Your Company Inc/CN=*.yourcompany.com3: Getting Private key
You should now have following files in your directory
- privkey.pem
- yourcompany.cert.crt
- yourcompany.cert.csr
- yourcompany.cert.key
2. Setup WEBrick to use the Certificate
Now that you have your certificate ready, next step is to configure WEBrick to use it.
Copy the certificate files generated to config/cert/ss directory of your Rails 3.1 project. You will have to create the cert/ss directory structure.
Copy the script/rails file to script/secure_rails file. Note you are duplicating the file.
Edit the secure_rails file to look like the following.
1: #!/usr/bin/env ruby.exe
2: # This command will automatically be run when you run "rails" with Rails 3 gems installed from the root of your application.
3: require 'rubygems' # if ruby 1.8.7
4: require 'rails/commands/server'
5: require 'rack'
6: require 'webrick'
7: require 'webrick/https'
8:
9: module Rails
10: class Server < ::Rack::Server
11: def default_options
12: super.merge({
13:ort => 3001,
14: :environment => (ENV['RAILS_ENV'] || "development").dup,
15: :daemonize => false,
16: :debugger => false,
17: :config => File.expand_path("config.ru"),
18: :SSLEnable => true,
19: :SSLVerifyClient => OpenSSL::SSL::VERIFY_NONE,
20: :SSLPrivateKey => OpenSSL::PKey::RSA.new(
21: File.open("config/cert/ss/yourcompany.cert.key").read),
22: :SSLCertificate => OpenSSL::X509::Certificate.new(
23: File.open("config/cert/ss/yourcompany.cert.crt").read),
24: :SSLCertName => [["CN", WEBrick::Utils::getservername]],
25: })
26: end
27: end
28: end
29:
30: APP_PATH = File.expand_path('../../config/application', __FILE__)
31: require File.expand_path('../../config/boot', __FILE__)
32: require 'rails/commands'
This config file instructs WEBrick to use the installed certificate and listen on port 3001 for secure connections.
3. Test
All configurations are done. Open two command prompts (terminals) and start two instances of WEBrick using the following commands
Plain (HTTP) on port 3000
bundle exec ruby script/rails s
Secure (HTTPS) on port 3001
bundle exec ruby script/secure_rails s
Open a browser and ensure it all works. Navigate to http://localhost:3000 and https://localhost:3001 URLs. The first one should give you the regular website, while the second one will give you a secure site.
Note: If you are using a self signed certificate, browsers will warn you that the certificate is not trusted. Please ignore that warning and instruct the browser to proceed. This works great on your development machine. However, for production, you should have a certificate signed by a well known Certificate Authority.
Have Fun !
Comments are closed.