为瘦服务器和sinatra启用SSL [英] Enabling SSL for a thin server and sinatra
问题描述
我正在尝试为我的瘦服务器Web应用程序启用SSL,以便它可以在HTTPS上运行.
I'm trying to enable SSL for my thin server web app so that it can work over HTTPS.
我已经完成以下工作:-
I have done the following:-
启动瘦Web服务器 MyApp.run! :host =>'127.0.0.1',:port => 9090,:sslenable => true,:sslverifyclient => OpenSSL :: SSL :: VERIFY_NONE, :sslcertificate =>'.ssl/server_key.pem',:sslprivatekey =>'.ssl/key.pem'
launching of thin web server MyApp.run! :host => '127.0.0.1', :port => 9090, :sslenable => true, :sslverifyclient => OpenSSL::SSL::VERIFY_NONE, :sslcertificate => '.ssl/server_key.pem', :sslprivatekey => '.ssl/key.pem'
我使用Ruby中的openssl模块生成了一个自签名证书和私钥,创建了一个名为.ssl的目录,并将它们存储为pem文件.
I generated a self signed certificate and private key using the openssl module in Ruby, created a directory called .ssl and stored them there as pem files.
我用于Web应用程序的Web框架是Sinatra.我还通过以下方式使用了rack-ssl gem.
The web framework I'm using for my web app is Sinatra. I'm also using the rack-ssl gem in the following way..
require 'rack/ssl'
class MyApp < Sinatra ::Base
use Rack::SSL
use Rack::Session::Cookie,
:key => '_rack_session',
:path => '/',
:expire_after => 2592000,
:secret => ''
...
end
当我转到 http://localhost:9090 时,我希望看到我的应用显示为正常但显示为挂锁和通过它的交叉,因为任何http请求都被重定向到https,我看到错误网页不可用".但是,当我删除ssl-rack ruby gem并重新启动应用程序并转到 https://localhost:9090,i 出现ssl连接错误,并包含以下详细信息:
When I go to http://localhost:9090, I would expect to see my app displayed as normal but with a padlock and a cross through it as any http request is being redirected to https and I see the error "webpage is not available". However when I remove ssl-rack ruby gem and restart my app and go to https://localhost:9090,i get an ssl connection error with the following details:
无法与服务器建立安全连接.这可能是服务器出现问题,或者可能需要您没有的客户端身份验证证书. 错误代码:ERR_SSL_PROTOCOL_ERROR
Unable to make a secure connection to the server. This may be a problem with the server, or it may be requiring a client authentication certificate that you don't have. Error code: ERR_SSL_PROTOCOL_ERROR
有人可以建议我如何最好地配置瘦服务器以启用SSL吗?
Can anyone please advise me on how best to configure a thin server to enable SSL?
推荐答案
我正在使用此文件应该在文件中之前.因此,在配置应用程序时,需要将Rack :: SslEnforcer放置在会话部分上方.
This should be before you enable :sessions
in your file. So, Rack::SslEnforcer needs to be placed above the session part when you configure your app.
有些不相关,但也许仍然相关,您可以考虑添加:
Somewhat unrelated, but perhaps still relevant, you might consider adding:
require 'encrypted_cookie'
cookie_config = {
:key => 'usr',
:path => "/",
:expire_after => 86400, # one day in seconds
:secret => ENV["COOKIE_KEY"],
:httponly => true
}
cookie_config.merge!( :secure => true ) if production?
use Rack::Session::EncryptedCookie, cookie_config
您还需要将环境中的COOKIE_KEY设置为秘密且冗长的内容.
You also need to set the COOKIE_KEY in your environment to something secret and long-ish.
这篇关于为瘦服务器和sinatra启用SSL的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!