为瘦服务器和sinatra启用SSL [英] Enabling SSL for a thin server and sinatra

查看:69
本文介绍了为瘦服务器和sinatra启用SSL的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在尝试为我的瘦服务器Web应用程序启用SSL,以便它可以在HTTPS上运行.

I'm trying to enable SSL for my thin server web app so that it can work over HTTPS.

我已经完成以下工作:-

I have done the following:-

启动瘦Web服务器 MyApp.run! :host =>'127.0.0.1',:port => 9090,:sslenable => true,:sslverifyclient => OpenSSL :: SSL :: VERIFY_NONE, :sslcertificate =>'.ssl/server_key.pem',:sslprivatekey =>'.ssl/key.pem'

launching of thin web server MyApp.run! :host => '127.0.0.1', :port => 9090, :sslenable => true, :sslverifyclient => OpenSSL::SSL::VERIFY_NONE, :sslcertificate => '.ssl/server_key.pem', :sslprivatekey => '.ssl/key.pem'

我使用Ruby中的openssl模块生成了一个自签名证书和私钥,创建了一个名为.ssl的目录,并将它们存储为pem文件.

I generated a self signed certificate and private key using the openssl module in Ruby, created a directory called .ssl and stored them there as pem files.

我用于Web应用程序的Web框架是Sinatra.我还通过以下方式使用了rack-ssl gem.

The web framework I'm using for my web app is Sinatra. I'm also using the rack-ssl gem in the following way..

require 'rack/ssl'

class MyApp < Sinatra ::Base
use Rack::SSL
use Rack::Session::Cookie,
        :key => '_rack_session', 
        :path => '/',
        :expire_after => 2592000, 
        :secret => ''

...
end

当我转到 http://localhost:9090 时,我希望看到我的应用显示为正常但显示为挂锁和通过它的交叉,因为任何http请求都被重定向到https,我看到错误网页不可用".但是,当我删除ssl-rack ruby​​ gem并重新启动应用程序并转到 https://localhost:9090,i 出现ssl连接错误,并包含以下详细信息:

When I go to http://localhost:9090, I would expect to see my app displayed as normal but with a padlock and a cross through it as any http request is being redirected to https and I see the error "webpage is not available". However when I remove ssl-rack ruby gem and restart my app and go to https://localhost:9090,i get an ssl connection error with the following details:

无法与服务器建立安全连接.这可能是服务器出现问题,或者可能需要您没有的客户端身份验证证书. 错误代码:ERR_SSL_PROTOCOL_ERROR

Unable to make a secure connection to the server. This may be a problem with the server, or it may be requiring a client authentication certificate that you don't have. Error code: ERR_SSL_PROTOCOL_ERROR

有人可以建议我如何最好地配置瘦服务器以启用SSL吗?

Can anyone please advise me on how best to configure a thin server to enable SSL?

推荐答案

我正在使用此文件应该在文件中之前.因此,在配置应用程序时,需要将Rack :: SslEnforcer放置在会话部分上方.

This should be before you enable :sessions in your file. So, Rack::SslEnforcer needs to be placed above the session part when you configure your app.

有些不相关,但也许仍然相关,您可以考虑添加:

Somewhat unrelated, but perhaps still relevant, you might consider adding:

require 'encrypted_cookie'

cookie_config = {        
  :key          => 'usr',
  :path         => "/",
  :expire_after => 86400, # one day in seconds
  :secret       => ENV["COOKIE_KEY"], 
  :httponly     => true
  }
cookie_config.merge!( :secure => true ) if production?

use Rack::Session::EncryptedCookie, cookie_config

您还需要将环境中的COOKIE_KEY设置为秘密且冗长的内容.

You also need to set the COOKIE_KEY in your environment to something secret and long-ish.

这篇关于为瘦服务器和sinatra启用SSL的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆