Welcome to Working With Rails

 

Discussion Forums

Discuss all things Ruby on Rails with perhaps the web's most vibrant group of Ruby on Rails enthusiasts.
5 Posts
SSL with Rails

First you need to make sure ssl is installed on your server.

Kindly note that in oder to access a website via ssl you will need to install ssl for that particular domain. You will have to allocate a dedicated IP address to the domain before installing ssl. I am providing the steps below.

     1- Generate a Certificate Signing Request and Key for the domain at


              WHM>> SSL/TLS >>Generate a SSL Certificate and Signing Request



     2- Purchase a SSL certificate using the CSR from a SSL Vendor.



     3- Install the SSL with the certificate provided by the vendor at


              WHM>>Install a SSL Certificate and Setup the Domain 

Later you must write a code bit in his application which should be called before filter which changes the http request to https and he should add " config.force_ssl = true " to application.rb in config folder this should enable him to access the application with https which verifies SSL certificate

We had gone through this same experience at AisleTen with one of our projects were only part of the needs to be SSL (ie: after login) and so you have to have forms post to the SSL site and then stay on the SSL site. Micah wrote a quick post about it on our blog here: http://blog.aisleten.com/2008/06/02/beware-of-ssl_requirement/. Hope it helps.

Amila,

Unless you're just messing around you, won't want to use webrick as it's rarely, if ever, mentioned in discussions of "production" apps.

Nginx is fairly common and is pretty simple to setup with SSL. "Here's":http://articles.slicehost.com/2007/12/19/ubuntu-gutsy-self-signed-ssl-certificates-and-nginx the general process for creating a self-signed certificate on Ubuntu. The process shouldn't be too different on most linux variants. You can replace the steps for generating the cert with the steps from a number of ssl certificate sellers. "GoDaddy":https://certs.godaddy.com/CSRgeneration.go has a pretty comprehensive list of servers and the instructions for generating the CSR needed to obtain a production-ready certificate for each.

Mongrel doesn't much care about SSL either way when setup behind a proxy/load balancer like Apache or Nginx.

Jason

Amila,

If you're using Mongrel and Apache's mod_proxy_balancer then you can implement SSL at the Apache level. "Here's":http://blog.codahale.com/2006/06/19/time-for-a-grown-up-server-rails-mongrel-apache-capistrano-and-you/ an old howto that should still prove useful.

im just addressing some security aspects that we have to deal with rails web application.. A common implementation which have been using almost every site in the world today is SSL(secure Http).. So could anyone give me some clues to integrate ssl with rails applications using webrick, mongrel or any other well known web servers.... Thanks

5 Posts
Login to add your message