配置WEBrick以使用自动生成的自签名SSL / HTTPS证书 [英] Configure WEBrick to use automatically generated self-signed SSL/HTTPS certificate
问题描述
我想用SSL / HTTPS在本地开发我的Ruby on Rails应用程序,但是我在设置服务器以使用SSL时遇到了麻烦。以下是我到目前为止已经尝试过的事情:
rails server [options]
rails服务器命令没有附带ssl选项( rails server --help ):
用法:rails服务器[mongrel,thin等] [ options]
-p, - port = port在指定端口上运行Rails。
默认值:3000
-b, - binding = ip将Rails绑定到指定的ip。
默认值:0.0.0.0
-c, - config = file使用自定义rackup配置文件
-d, - daemon使服务器作为守护程序运行。
-u, - debug启用调试器
-e, - environment = name指定在
(测试/开发/生产)下运行此服务器的环境。
默认值:开发
-P, - pid = pid指定PID文件。
默认值:tmp / pids / server.pid
-h, - help显示此帮助信息。
自定义WEBrick实例,自动生成自签名SSL证书
我的代码
跟随错误,看起来它可能是由几个不同的东西引起的。也许WEBrick仍在侦听端口80上的HTTP请求,但考虑到我明确将其设置为在端口4430上启用SSL,这似乎很奇怪。
访问日志
此外,当我发出 https:// localhost:4430 / robots.txt 的请求时,这里是来自WEBrick的访问日志内容来自Chrome,但我不知道它的含义是什么(它看起来像十六进制或其他东西):
错误错误的请求行`\x16 \ x03 \ x01 \ x02 \ x00 \ x01 \ x00 \ x01 \\\ x03 \ x03S \x15ußð'|\ x14 ·áÚOá,j\x7FÅ=üüNn#\x02ëý\x0Fø,\ x00 \ x00(À+À/ \x00žÌ\x14Ì\ x13 \x00œÀ'。
localhost - - [ 04 / Mar / 2014:01:42:39 EST]\ x16 \ x03 \ x01 \ x02 \ x00 \ x01 \ x00 \x01ü\ x03 \ x03S \x15ußð'| \\ \\x14·áÚOá,j\x7FÅ=üüNn#\x02ëý\x0Fø, \ x00 \ x00(À+À/\x00žÌ\x14Ì\ x13 \x00œÀ400 417
- - >
ERROR错误请求行`\ x16 \ x03 \x01\x02\x00\x01\x00\x01ü\x03\x02S\x15ußj\x05ç©!€¿AAAE!的...ß\x06pDÒÒ4?»7\x19 \x00\x00\x1EV\x00À。
localhost - - [04 / Mar / 2014:01:42:39 EST]\ x16 \ x03 \ x01 \ x02 \ x00 \ x01 \ x00 \x01ü\ x03 \\x02S\x15ußj\x05ç©!¿Ä?å?t ...ß\x06pDÒÒ4?»7'\\ x19 \ x00 \ x00 \ x1EV \\ \\x00À400 398
- - > ;
ERROR错误请求行`\x16 \ x03 \ x01 \ x02 \ x00 \ x01 \ x00 \x01ü\ x03 \ x01S \x15ußñom¾u< n?'yyy¤Øcƒ {½wh)M @ S1;\x00\x00\x1EV\x00À。
localhost - - [04 / Mar / 2014:01:42:39 EST]\ x16 \ x03 \ x01 \ x02 \ x00 \ x01 \ x00 \x01ü\ x03 \\ x \\ n01x \x15ußñom¾u< n?yyy¤Øcƒ{½wh)M @š1; \ x00 \ x00 \ x1EV \x00À400 392
- - >
ERROR错误的URI` \x04ËB¿É\\2ðiwñ·* \ x02 \ x06 ^'\ x00 @ v \ x00 \ x00 \ x14 \x00ÿV\ x00 \ x009\x005\x003\x002\x00\x05\x00\x04\x00 / \x00' 。
localhost - - [04 / Mar / 2014:01:42:39 EST]\ x16 \ x03 \ x00 \ x00?\ x01 \ x00 \ x00; \ x03 \ x00S\x15uß...N®\r\x04ËB¿É\\2ðiwñ·* \x02\x06 ^'\x00 @v\x00\x00\x14\x00ÿV\ x00\x009 \x005 \ x003 \x002 \x00 \ x05 \ x00 \ x04 \ x00 / \ x00400 389
- - > \x04ËB¿É\\2ðiwñ·* \x02\x06 ^'\x00 @v\x00\x00\x14\x00ÿV\x00\x009\x005\x003\\ \\ x002 \ x00 \ x05 \ x00 \ x04 \ x00 / \ x00
SSL模块的Ruby源
另外,我检查了 SSL模块的Ruby源代码,但我没有看到任何明显的原因可能无法正常工作:
def setup_ssl_context(config)#:nodoc:
除非config [:SSLCertificate]
cn = config [:SSLCertName]
comment = config [:SSLCertComment]
cert,key = Utils :: create_self_signed_cert(1024,cn,comment)#LOOK HERE!
config [:SSLCertificate] = cert
config [:SSLPrivateKey] = key
end
#etc ...
end
#在文件中更高... ...
def create_self_signed_cert(bits,cn,comment)
#etc ...
cert = OpenSSL :: X509 :: Certificate.new
cert .version = 2
cert.serial = 1
name = OpenSSL :: X509 :: Name.new(cn)
cert.subject = name
cert.issuer = name
#etc ...
结束
我的环境
以下是我用于开发的以下内容:
- OS X Mavericks。
- Ruby 2.1.1。
- Rails 4.0.3。
< h2>摘要
所以这就是我目前所处的位置,我不知道如何继续。我知道我可以将自己的自签名证书文件(用OpenSSL之类的东西生成)传递给WEBrick,但文档说WEBrick可以自动生成自己的,我真的很想让它工作。
我也知道我可以使用不同的网络服务器,例如Thin,其 - ssl 选项,但是再次,我想使用WEBrick,因为它是Rails的开箱即用Web服务器,我希望能够轻松快速地设置开发SSL Web服务器,而无需下载额外的宝石和类似的东西。
我也知道这个解决方案存在,但同样,我有兴趣让WEBrick自动生成自己的证书(此外,对于我来说,这个解决方案似乎有点过于复杂)我试图做。)
所以d oes任何人都有什么可能出错的想法?
好的,我弄清楚出了什么问题,我应该更加关注 WEBrick中的HTTPS说明,这是示例中的确切代码:
require'webrick'
需要'webrick / https'#看到这个?
cert_name = [
%w [CN localhost],
]
server = WEBrick :: HTTPServer.new(:Port => 8000 ,
:SSLEnable => true,
:SSLCertName => cert_name)
看到那行需要'webrick / https'?我在原始配置中没有这个。 我认为我不需要它。
一旦我添加了它,我的脚本开始通过HTTPS服务,我终于可以了连接到 https:// localhost:4430 / robots.txt 。 < face-palm>
I want to develop my Ruby on Rails application locally with SSL/HTTPS, but I'm having trouble trying to setup a server to use SSL. The following are the things I've already tried so far:
rails server [options]
The rails server command doesn't come with an ssl option (rails server --help):
Usage: rails server [mongrel, thin, etc] [options]
-p, --port=port Runs Rails on the specified port.
Default: 3000
-b, --binding=ip Binds Rails to the specified ip.
Default: 0.0.0.0
-c, --config=file Use custom rackup configuration file
-d, --daemon Make server run as a Daemon.
-u, --debugger Enable the debugger
-e, --environment=name Specifies the environment to run this server under
(test/development/production).
Default: development
-P, --pid=pid Specifies the PID file.
Default: tmp/pids/server.pid
-h, --help Show this help message.
Custom WEBrick instance with automatically generated self-signed SSL certificate
My Code
Following along with the WEBrick documentation for HTTPS, I made the following Ruby script that I run as ruby server.rb:
require 'webrick'
include WEBrick
root = File.expand_path './public'
cert_name = [
%w[CN localhost],
]
server = HTTPServer.new(
:BindAddress => '127.0.0.1',
:Port => '4430',
:DocumentRoot => root,
:SSLEnable => true,
:SSLCertName => cert_name # LOOK! SSLCertName IS SET!
)
# Shutdown gracefully on signal interrupt CTRL-C
# http://www.ruby-doc.org/core-2.1.1/Kernel.html#method-i-trap
trap('INT') { server.shutdown }
server.start
According to the documentation I linked to above:
This will start the server with a self-generated self-signed certificate.
and according to the documentation for WEBrick::Config,
WEBrick can automatically create a self-signed certificate if :SSLCertName is set.
The Errors
When I start the server, I get the following output:
INFO WEBrick 1.3.1
INFO ruby 2.1.1 (2014-02-24) [x86_64-darwin13.0]
INFO WEBrick::HTTPServer#start: pid=26059 port=4430
However, when I try to access https://localhost:4430/robots.txt, I get the following error in Chrome 33.0.1750.117:
and the following error when I try the same url in Firefox 27.0.1:
I looked up the ssl_error_rx_record_too_long error, and it looks like it can be caused by a few different things. Maybe WEBrick is still listening for HTTP requests on port 80, but that seems odd considering I explicitly set it to enable SSL on port 4430.
Access Logs
Additionally, here are the access log contents from WEBrick when I make the request for https://localhost:4430/robots.txt from Chrome, but I have no idea what any of it means (it looks like it's encoded in hex or something):
ERROR bad Request-Line `\x16\x03\x01\x02\x00\x01\x00\x01ü\x03\x03S\x15ußð'¦\x14·áÚOá,j\x7FÅ=üüNn#\x02ëý\x0Fø‚\x00\x00(À+À/\x00žÌ\x14Ì\x13\x00œÀ'.
localhost - - [04/Mar/2014:01:42:39 EST] "\x16\x03\x01\x02\x00\x01\x00\x01ü\x03\x03S\x15ußð'¦\x14·áÚOá,j\x7FÅ=üüNn#\x02ëý\x0Fø‚\x00\x00(À+À/\x00žÌ\x14Ì\x13\x00œÀ" 400 417
- ->
ERROR bad Request-Line `\x16\x03\x01\x02\x00\x01\x00\x01ü\x03\x02S\x15ußj\x05ç©!€¿'ÄÃåë!t…ß\x06pDÒÒ4?"»7\x19\x00\x00\x1EV\x00À'.
localhost - - [04/Mar/2014:01:42:39 EST] "\x16\x03\x01\x02\x00\x01\x00\x01ü\x03\x02S\x15ußj\x05ç©!€¿'ÄÃåë!t…ß\x06pDÒÒ4?"»7\x19\x00\x00\x1EV\x00À" 400 398
- ->
ERROR bad Request-Line `\x16\x03\x01\x02\x00\x01\x00\x01ü\x03\x01S\x15ußñom¾u<n¨ý9yö"¤Øcƒ{½wh)M@š1;\x00\x00\x1EV\x00À'.
localhost - - [04/Mar/2014:01:42:39 EST] "\x16\x03\x01\x02\x00\x01\x00\x01ü\x03\x01S\x15ußñom¾u<n¨ý9yö"¤Øcƒ{½wh)M@š1;\x00\x00\x1EV\x00À" 400 392
- ->
ERROR bad URI `\x04ËB¿É\\ ˆ2ðiwñ·*\x02\x06^´\x00@v\x00\x00\x14\x00ÿV\x00\x009\x005\x003\x002\x00\x05\x00\x04\x00/\x00'.
localhost - - [04/Mar/2014:01:42:39 EST] "\x16\x03\x00\x00?\x01\x00\x00;\x03\x00S\x15uß…N®ˆ\r\x04ËB¿É\\ ˆ2ðiwñ·*\x02\x06^´\x00@v\x00\x00\x14\x00ÿV\x00\x009\x005\x003\x002\x00\x05\x00\x04\x00/\x00" 400 389
- -> \x04ËB¿É\\ ˆ2ðiwñ·*\x02\x06^´\x00@v\x00\x00\x14\x00ÿV\x00\x009\x005\x003\x002\x00\x05\x00\x04\x00/\x00
Ruby Source for SSL Module
Also, I checked the Ruby source code for the SSL module, but I don't see anything obvious in there for why this might not be working:
def setup_ssl_context(config) # :nodoc:
unless config[:SSLCertificate]
cn = config[:SSLCertName]
comment = config[:SSLCertComment]
cert, key = Utils::create_self_signed_cert(1024, cn, comment) # LOOK HERE!
config[:SSLCertificate] = cert
config[:SSLPrivateKey] = key
end
# etc...
end
# Higher up in the file...
def create_self_signed_cert(bits, cn, comment)
# etc ...
cert = OpenSSL::X509::Certificate.new
cert.version = 2
cert.serial = 1
name = OpenSSL::X509::Name.new(cn)
cert.subject = name
cert.issuer = name
# etc ...
end
My Environment
Here are the following things I'm using for development:
- OS X Mavericks.
- Ruby 2.1.1.
- Rails 4.0.3.
Summary
So this is where I'm at currently, and I'm not sure how to proceed. I'm aware that I can just pass my own self-signed certificate file (generated with something like OpenSSL) to WEBrick, but the documentation says that WEBrick can automatically generate its own, and I'm really interested in getting that to work.
I'm also aware that I can use a different webserver like Thin with its --ssl option, but again, I wanted to use WEBrick, because it's the "out-of-the-box" web server for Rails, I want to be able to easily and quickly setup a development SSL web server without having to download additional gems and stuff like that.
I'm also aware that this solution exists, but again, I'm interested in having WEBrick automatically generate its own certificate (and besides, that solution seems to be a little overly complicated for what I'm trying to do).
So does anyone have any ideas of what might be wrong?
Okay, I figured out what was wrong, I should've paid closer attention to the instructions for HTTPS in WEBrick, this is the exact code from the example:
require 'webrick'
require 'webrick/https' # SEE THIS?
cert_name = [
%w[CN localhost],
]
server = WEBrick::HTTPServer.new(:Port => 8000,
:SSLEnable => true,
:SSLCertName => cert_name)
See that line that says require 'webrick/https'? I didn't have that in my original config. I didn't think that I'd need it.
Once I added it, my script started serving over HTTPS, and I could finally connect to https://localhost:4430/robots.txt. <face-palm>
这篇关于配置WEBrick以使用自动生成的自签名SSL / HTTPS证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
