-
Star
(219)
You must be signed in to star a gist -
Fork
(75)
You must be signed in to fork a gist
-
-
Save trcarden/3295935 to your computer and use it in GitHub Desktop.
| # SSL self signed localhost for rails start to finish, no red warnings. | |
| # 1) Create your private key (any password will do, we remove it below) | |
| $ openssl genrsa -des3 -out server.orig.key 2048 | |
| # 2) Remove the password | |
| $ openssl rsa -in server.orig.key -out server.key | |
| # 3) Generate the csr (Certificate signing request) (Details are important!) | |
| $ openssl req -new -key server.key -out server.csr | |
| # IMPORTANT | |
| # MUST have localhost.ssl as the common name to keep browsers happy | |
| # (has to do with non internal domain names ... which sadly can be | |
| # avoided with a domain name with a "." in the middle of it somewhere) | |
| Country Name (2 letter code) [AU]: | |
| ... | |
| Common Name: localhost.ssl | |
| ... | |
| # 4) Generate self signed ssl certificate | |
| $ openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt | |
| # 5) Finally Add localhost.ssl to your hosts file | |
| $ echo "127.0.0.1 localhost.ssl" | sudo tee -a /private/etc/hosts | |
| # 6) Boot thin | |
| $ thin start --ssl --ssl-verify --ssl-key-file server.key --ssl-cert-file server.crt | |
| # 7) Add server.crt as trusted !!SYSTEM!! (not login) cert in the mac osx keychain | |
| # Open keychain tool, drag .crt file to system, and trust everything. | |
| # Notes: | |
| # 1) Https traffic and http traffic can't be served from the same thin process. If you want | |
| # both you need to start two instances on different ports. | |
| # | |
| # |
Cool, it was finally the only detailed solution on the web that worked for me.
Ain't there a way to add the thin start --ssl --ssl-verify --ssl-key-file server.key --ssl-cert-file server.crt somewhere in the development.rb file to being able to keep using rails server as a start command?
Thanks
it appears --ssl-verify option can be removed (it is the default) in later versions of thin (~ 1.6)
thin start --ssl -p 3001 worked for me!
Can you explain more about "echo "127.0.0.1 localhost.ssl" | sudo tee -a /private/etc/hosts" ?
Hi @wangbourne, it's a way to pipe output into a file that requires sudo privileges. You can't pipe output of a sudo'd command with >. It's basically appending the echo command to the end of the file /private/etc/hosts.
This worked for me (Rails 4.2)
$ thin start --ssl
>> Using rack adapter
>> Thin web server (v1.5.1 codename Straight Razor)
>> Maximum connections set to 1024
>> Listening on 0.0.0.0:3000, CTRL+C to stop
rceee, I got the same issue. I suspect it has to do with permissions, but I was not able to fix it with chown unfortunately (could just be my incompetence).