3

I'm very surprised to find such little documentation on this topic which quite many developers must have faced before me.

We're changing our app to 100% HTTPS/SSL (as partial SSL doesn't make sense).

That's cool but before that, we need to migrate to it, hence to test it. Of course I found some basic information (here and here).

As I'd like my local environment to be as close as possible to the other ones in order to avoid unexpected errors, those solutions are not satisfying to me : they are ok for short time testing a feature, not more.

Here are the problems/questions I have:

  • Can I get a valid certificate for my local machine, to avoid the ugly warning step I can't even accept definitively on chrome?
  • Booting server with thin (thin start --ssl --ssl-verify --ssl-key-file server.key --ssl-cert-file server.crt), can I get same log messages as from rails server?
  • Can't I keep using rails server as a booting command (except by writing an dirty ALIAS ...)

Summary question is can I make a config so that it is transparent for anybody to run the instance of our app locally in https?

I mean, absolutely everything's done in rails to make development easy, and production robust, but here, there would be such a lack of good tools? I hardly can believe it ... or let's do it now!

Thanks for support! I'm using rails 3.2 with ruby 1.9.

Community
  • 1
  • 1
Augustin Riedinger
  • 20,909
  • 29
  • 133
  • 206

1 Answers1

3

Can I get a valid certificate for my local machine, to avoid the ugly warning step I can't even accept definitively on chrome?

This depends if you're using the actual certificate for your domain (eg. example.com), or generating one just for development. If you are using the actual certificate from production, you could simply edit your hosts file to have example.com resolve to localhost. Then visiting https://example.com should load your Rails app.

You'll probably also need to include this in your application.rb:

config.force_ssl = true

If you're generating your own certificate you'll need to go through the motions of creating a private Certificate Authority to avoid the SSL warning in Chrome. This is a lot more work and probably not worth it.

Booting server with thin (thin start --ssl --ssl-verify --ssl-key-file server.key --ssl-cert-file server.crt), can I get same log messages as from rails server?

You should be able to tail -f log/development.log from the root of your Rails app.

Can't I keep using rails server as a booting command (except by writing an dirty ALIAS ...)

This one is trickier as the server that runs when using rails s is WebBrick. You could try what's listed in this post here: Configuring WEBrick to use SSL in Rails 4

As an aside the typical setup for a Rails app is to proxy it behind say an SSL terminated nginx server. This way your Rails app doesn't need to know anything about SSL, as well as giving you a number of other benefits like being able to serve assets from nginx, load-balancing, virtual hosts etc.

If you're interested in setting up an environment that is identical to production I'd look into Vagrant.

Community
  • 1
  • 1
Soliah
  • 1,376
  • 2
  • 13
  • 24