I’m currently building a website with Ruby on Rails that requires SSL to secure a few web pages such as the login page while leaving the rest of the site SSL free. It took me a few hours to figure it out and the information on this subject is somewhat sparse. I thought I’d write down the information in case someone needs it.
I’m using WEBrick for my development work because it’s quick and easy. Normally, WEBrick isn’t in ssl mode and it wasn’t obvious to me as to how to run an ssl version of it. After looking around, I found the script mentioned in this mailing list. Simply save the script as server_ssl in the script directory of your RoR project and then:
chmod +x script/server_ssl
Be sure to change the ‘ip’ in the script.
SSL requires the use of a server certificate. The logical question is then how does one create and install a server certificate? Normally, you would purchase a certificate from a Certificate Authority or create one by using a tool like openssl(see HTTPS Configuration in the Ubuntu Server Guide). However, it seems the server_ssl script tells WEBrick to create a server certificate on-the-fly and so there is no need to create and install a certificate. One side effect is that Firefox will warn you the certificate is not authentic. Another side effect is that if you stop and restart WEBrick without restarting Firefox, Firefox will tell you the certificate has the same serial number as another certificate and will simply refuse to use the certificate. If that happens, just restart Firefox. These are inconveniences but are ok while you’re still in the development phase.
The trick to have both ssl and non-ssl webpages running on your site is to have two copies of WEBrick running, one running SSL and one running regular HTTP. Each needs to run on its respective standard port(ssl – port 443, non-ssl – port 80). So edit your server_ssl to change the port to 443. You also need to make sure there isn’t another webserver running on port 80 and so stop Apache or IIS on the box if you need to.
Now, run the WEBrick’s:
sudo ruby script/server --port=80
In another terminal, run an ssl’ed WEBrick:
sudo ruby script/server_ssl
That’s pretty much it! To make it easier to ensure certain web pages on your site use SSL, you might want to check out the excellent ssl_requirement plugin from 37Signals.
Update: the result of this work is now live at UberSquare.com.