My client wants her entire app (all links) to run over HTTPS/SSL.
I put
config.force_ssl = true
in config/application.rb. However, now Safari and Firefox and Opera are all griping about app, with different errors.
(From Firefox, "ssl_error_rx_record_too_long")
Do I need a certificate? Or is there a simpler solution?
It turned out that I needed to do the following to make the entire Rails 3.2 app run over SSL:
1) In config/application.rb, instead of 'config.force_ssl', use the gem 'rack-ssl-enforcer', and
config.middleware.use Rack::SslEnforcer
2) Create a certificate using openssl/mod-ssl (CentOS)
3) Use "thin" instead of WEBrick - thin seems easier to configure for SSL.
Thin gets configured to use the certificate files generated in Step 2.
Related
I have an OpenShift environment built with an Apache AAA Pod (service and route) that allows external (to OpenShift) https requests via an intranet browser (yes, I mean intranet and not internet). Apache is setup as a proxy server for multiple pods/services inside of OpenShift. I also have a new pod that was recently created that runs Jenkins. Jenkins has a web interface built in. I am able to get to the Jenkins web GUI by setting up a ProxyPass and ProxyPassReverse for the default Jenkins web address.
Now here comes the problem...
When I go to example.com/jenkins, Apache sees the request and passes it to the Jenkins Pod but the Pod returns another address example.com/login. For this I have to enter another ProxyPass and Reverse into Apache. I then get that in and find that every link on the presented Jenkins Web GUI has another link that seems to present https://example.com/*. This is a problem because there are dozens of sub links and sub pages that each seem to require a separate ProxyPass and Reverse entry.
To add to this, I cannot simply pass "/" to the Jenkins pod because there are other pods and services that are being passed through the Apache server. My department does not have access to create new URLs on a whim so I have to stick with example.com/ as my only path into my OpenShift setup.
How can I do one of the following:
Change Jenkins to force the presented URL to include a header for every link. Like putting .../jenkins/* in front of every link so that I can use .../jenkins/ as my ProxyPass & Reverse to cover all jenkins web GUI URLs.
Configure Apache to convert the URLs coming from the Jenkins Pod into a URL that is presented to the web browser in such a way that .../jenkins/ is added between & /login or any other jenkins web links.
Some other option that I have not thought of yet that may have worked for others with similar setups.
(Sorry for the long question but there are a lot of details that needed to be included as this is a complex issue.)
You could startup jenkins at a different context path: java -jar jenkins.war --prefix=/jenkins, or start it up behind tomcat with a different context path.
Have you set the Jenkins URL in the Jenkins->Manage Jenkins->Configure System?
you can achieve this in two steps
implement the route changes at proxy level
implement the route changes at app level
I have implemented the same with Openshift environment.
Thanks.
I've been trying to deploy kandan to my home server, on a subdirectory, let's say it's example.com.
I have a few constraints I'd like to see met:
must not be at website root (I'm hosting other stuff and apps)
must be secured by SSL (already implemented on example.com but not for subdomains, which I would have to pay for)
kandan does not support being hosted on subdirectories (you can't tell to it that it's hosted on example.com/kandan and have it automatically update its links)
I have listed my attempts here, but here's the gist of it:
tweakings to nginx
adding --prefix=/kandan to thin start
RAILS_RELATIVE_URL_ROOT="/kandan"
map Kandan::Application.config.relative_url_root before run Rack::URLMap... in config.ru
tweaking the content of run Rack::URLMap... in config.ru
scope "/kandan" in routes.rb
config.relative_url_root = "/kandan" in production.rb
many combinations of all the above
None of it did the job.
Currently I can show the main page with some missing elements (JS, API calls failing..) and some working elements (CSS is there..)
Is there a way to fully achieve what I want?
We are trying to use composite templates (fillable PDFs) and embedded signing using the REST API. We are using the docusign_rest gem in conjuction with our custom code to create composite templates and embedded signing. The docusign_rest gem is used for authentication and is giving the following error:
OpenSSL::SSL::SSLError (SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed)
On the local dev machine, we simply provided path to a certificate file at the time of starting the dev server, but on a remote machine this is not feasible.
Is it possible to skip the SSL check for a demo purpose? This SO link seems to suggest that it is possible. If yes, then how can we achieve that?
If not, then is there a quick way to fix it or do we have to install SSL certificates and configure the server to read those?
We are using ruby 1.9.3 , rails 3.2.11 and Apache2 (so that would mean enabling the SSL module).
I believe for demo (demo.docusign.net) you can use https OR http. What happens if you simply use http? Does that resolve your SSL error?
In either case, you'll eventually need to resolve this though because for production (www.docusign.net) you need to use https. The problem is most likely in your Ruby code or with your certificate. For testing purposes I'd try making a cURL request through the command line to see if that works.
See here for some examples of making DocuSign REST API calls using cURL
I am relatively inexperienced in rails and I am confused by where Capistrano fits into the rails app life cycle.
From my understanding the following steps are involved in getting a rails app completed.
Select and set up a host (e.g linode)
Install apache2
Install rvm
Install ruby and install rails
Install passenger
Create an application and test at domain.com:3000 by using 'rails s' command
However it is not clear to me how the next steps work. In particular:
a) The live rails app needs to run in production mode at domain.com, I presume passenger does this?
b) If I have created the app at domain.com:3000 do I need to do anything in the rails config before it works at domain.com?
c) Where does capistrano fit in? If passenger can make my app work at domain.com, what does capistrano do?
a) Exactly, passenger working with a web server like Apache does this for you.
b) Your local web server is not the same with Passenger. To set it up in your domain, you would need to normally create your domain and set a website as you normally set a website in your apache(or other) configuration.
c) Capistrano is a gem that allows you to write scripts which automate things, like restarting the web server, or setting particular production versions and so on.
For more information on Capistrano :
http://railscasts.com/episodes/133-capistrano-tasks
I am using Memcached in my Ruby on Rails 3 app. It works great with action and fragment caching, but when I try to use page caching, the page is stored in the filesystem instead of in Memcached. How can I tell Rails to use Memcached for page caching too?
In my development.rb file:
config.action_controller.perform_caching = true
config.cache_store = :mem_cache_store
You cant. The equivalent of page caching in memcached is action caching, because the request must be served through Rails. Page caching is meant to bypass Rails, so the data must be stored in a file that can be served from the server, like Nginx or Apache. The reason page caching is so fast is that it does bypass Rails entirely. Here is what the Rails documentation says:
Page caching is a Rails mechanism
which allows the request for a
generated page to be fulfilled by the
webserver (i.e. apache or nginx),
without ever having to go through the
Rails stack at all. Obviously, this is
super-fast. Unfortunately, it can’t be
applied to every situation (such as
pages that need authentication) and
since the webserver is literally just
serving a file from the filesystem,
cache expiration is an issue that
needs to be dealt with.
You can find more information here.
check this :
http://globaldev.co.uk/2012/06/serving_memcached_pages_from_nginx/
Cutting it shortly, install "memcaches_page" gem (add it to GemFile then bundle), then change caches_page directive to memcaches_page, then configure Nginx to serve page memcached server before hitting the application (described in the article) .