Monday, February 23, 2009

SSL and RubyonRails

Hi guys and gals too :),

Am back after a fair long interval this time, ya ya same old reason was busy with office and all. But recently did something good(if not unusual).
And the heading is telling it very correct, did implemented the SSL and used https for some of my pages in rubyonrails.

As many of my readers know, i am new to ubuntu so is new to apache too(initially i used to think, these dealings are sort of system admin stuff) but hey after all it is a software and some bit of configurations.. so i thought lets do it.. and i did it...

So now trimming all the conversation.. the aim of my application was to implement https(SSL) for the "payment gateway" and "pick package" page
and here is the solution
for the prerequisite purpose i assume that you have apache and ruby on rails setup in your system and you have an ROR application which needs https protocol for some of the pages

Step 00: Create a ssl certificate signed by yourself (by following these steps)
install the ssl-cert package
sudo aptitude install ssl-cert

# to create a self-signed certificate.. it will open several dialog boxes, keep on answering the question in correct format(some 7-8 inquiries are there) and at the end you will have your self-signed certificate
sudo make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /path/to/ssl/certictare/selfsigned.pem

Step 01: first of all enable the modes(for apache)
sudo a2enmod ssl
sudo a2enmod proxy
sudo a2enmod rewrite
sudo a2enmod proxy_balancer
sudo a2enmod proxy_http
sudo a2enmod headers

Step 02: set the virtual host
goto apache root directory(which is at /etc/apache2 in my case) and execute following commands
#to switch to apache directory
cd /etc/apache2

#to disable the default site(which have the default configuration of apache)
sudo a2dissite default
#create a new configuration for virtual host by copying the default site configuration and (rename 'ourapplication' with your application name)
sudo cp sites-available/default sites-available/ourapplication
#to enable our application site configuration in apache
sudo a2ensite ourapplication

Step 03: edit the newly created ourapplication configuration, which is available at /etc/apache2/sites-available/ourapplication using any of your favorite editor
sudo gedit /etc/apache2/sites-available/ourapplication

and it should look something lie this
<VirtualHost *:80>
ServerName ourapplication
ProxyPass /
ProxyPassReverse /

<VirtualHost *:443>
ServerName ourapplication
ProxyPass /
ProxyPassReverse /
ProxyPreserveHost On
RequestHeader set X_FORWARDED_PROTO 'https'

SSLEngine On
SSLProxyEngine On
SSLCertificateFile /path/to/self/signed/certificate/selfsigned.pem
SSLProxyMachineCertificateFile /path/to/self/signed/certificate/selfsigned.pem

Step 04: We also have to change the proxy configuration, so that proxy request can be handled as we desire it to do
sudo gedit /etc/apache2/mods-available/proxy.conf

change the setting from
previous proxy setting
AddDefaultCharset off
Order deny,allow
Deny from all
Allow from
to new proxy setting
AddDefaultCharset off
Order deny,allow
Allow from all

Step 05: To reload the new setting so that apache can follow our rule..
sudo /etc/init.d/apache2 force-reload
(but it should not give any error, and it will not if no wrong is done to it form the above mentioned procedures)
if it gives some ouitpit like this
* Reloading web server config apache2
apache2: Could not reliably determine the server's fully qualified domain name, using for ServerName

Step 06: Now all apache work is done, you had to do small amount of effort in your rails application and here they
a) install a plugin
ruby script/plugin install ssl_requirement

b) include it in the application controller so that it can use ssl using
include SslRequirement

c) to use https on any particular action of some controller use
class EcommerceController < ApplicationController
ssl_required :action_name_1, :action_name_2, :action_name_3
# some more codes..............

if you have any query just drop me a comment, otherwise all is well as expected :)

1 comment:

  1. For SSL support on ubuntu 11.10 with apache2 you also have to mention the directory root path under virtual port : 443

    ServerName localhost
    DocumentRoot /path/to/application/public/directory/public
    SSLEngine on
    SSLCertificateFile /path/of/ssl/self-signed-cert/selfsigned.pem