Rack Web Server and https: tutorial?

Question

Can anyone provide a link to a description or tutorial dealing with the setup of https and installint certs etc using the Ruby RACK webserver?

Thanks

Answer 1

Rack isn't a webserver, it's an interface between webservers (like Apache, nginx) and applications middleware.

If you're wanting to deploy a Rails application behind SSL, it's as easy as setting up SSL in your web server software. There are special things you can do in your app (such as forcing login pages to always use SSL), but they're outside of the scope of the deployment itself.

For example, to set up SSL with Apache and passenger, you would just configure your vhost as you'd configure any vhost with SSL:

<VirtualHost *:443>
  RailsEnv production
  PassengerRuby /opt/ruby-enterprise-1.8.6-20080810/bin/ruby
  ServerName www.domain.com

  SSLEngine on
  SSLCertificateFile /etc/certs/appname.crt
  SSLCertificateKeyFile /etc/private/appname.key
  SSLCertificateChainFile /etc/certs/CompanyIssuingCA1.crt
  SSLProtocol all -SSLv2

  DocumentRoot /var/www/rails/appname/public/
  ErrorLog /var/www/rails/ccell/log/apache.log

  <Directory /var/www/rails/appname/public/>
    Options ExecCGI FollowSymLinks
    AddHandler cgi-script .cgi
    AllowOverride all
    Order allow,deny
    Allow from all
  </Directory>
</VirtualHost> 

The webserver itself handles all of the SSL work before it ever gets to the app. Rails (and Rack) don't need to anything special to run on a secured SSL connection; you'd just point your users to https://yourdomain.com and it works.

If you need help installing certificates for your server, try the links below:

• Apache: http://www.digicert.com/ssl-certificate-installation-apache.htm
• nginx: http://www.digicert.com/ssl-certificate-installation-nginx.htm