Menu
I only found how to start puma using SSL:
$ puma -b 'ssl://127.0.0.1:9292?key=path_to_key&cert=path_to_cert'
However, there is no description about how to include an intermediate CA cert in the documentation. Could someone point me in the right direction? I am using Puma 1.6.3
Thanks!
403
To serve a Ruby on Rails application via HTTPS, there are three steps that you need to follow: Obtain an SSL certificate. Configure the web server to use the SSL certificate. Configure the Ruby on Rails application for HTTPS.
OK, so if you are like me, who is developing services that shared a cookie between each other and using Ruby on Rails with Puma as your web server you will need to have HTTPS connection.
For Mac users open the Keychain Access and drag the certificate to the Keychain, the localhost.pem file, you could see some error, but it will end up adding it.. And at the When using this certificate: select the Always Trust option. Now the interesting part: In your puma config you will want to have something like this:
Check out the post, it has screenshoots. In resume, you will need to drag the certificate created with mkcert to the Keychain Access. Then in your puma config file, create one if you don't have it and name it puma.rb, you should have something like
The trick is to bundle all certs within one certificate and then set the new certificate file as a certificate in your server configuration. You will find more information in nginx documentation. Check SLL Certificate Chains section. Hope it helped. Show activity on this post.
Combining certificate and bundle will work only if you use nginx.
Without nginx, you can use ca and verify_mode options:
rails s puma -b 'ssl://0.0.0.0:9292?key=path_to_key.key&cert=path_to_cert.crt&verify_mode=none&ca=path_to_root_bundle.crt'
Source: https://github.com/puma/puma/blob/master/lib/puma/binder.rb
78
Kinda late to the party but, I have another solution, you can see my post for more details.
First create the certificate for your localhost using mkcert
mkcert localhost
If you want to have another domain to work on HTTPS, just replace localhost to the one you want, like mkcert mylocalhost-with-a-cool-domain.com
After this, I created a local-certs folder under the config folder and pasted the cert and key there.
Now you should mark these cert as trusted, I’m working on a Mac computer, so not sure how to handle this particular part on Windows or on a Linux distro. Check out the post, it has screenshoots. In resume, you will need to drag the certificate created with mkcert to the Keychain Access.
Then in your puma config file, create one if you don't have it and name it puma.rb, you should have something like
workers Integer(ENV['WEB_CONCURRENCY'] || 2)
threads_count = Integer(ENV['THREAD_COUNT'] || 5)
threads threads_count, threads_count
rackup DefaultRackup
port 3001
environment ENV['RACK_ENV'] || 'production'
if ENV['RACK_ENV'] == 'development'
# If you didn't place the cert and key under `local-certs` you should change this
localhost_key = "#{File.join('config', 'local-certs', 'localhost-key.pem')}"
localhost_crt = "#{File.join('config', 'local-certs', 'localhost.pem')}"
ssl_bind '0.0.0.0', 3000, {
key: localhost_key,
cert: localhost_crt,
verify_mode: 'none'
}
end
Then running bundle exec puma -C puma.rb or bundle exec rails s should do it :D
If anyone has a question, pls let me know. Hope it helps future readers!
40
while we are using combo Nginx+PhusionPassenger as well. You cant specify Chain cert file in nginx either. The trick is to bundle all certs within one certificate and then set the new certificate file as a certificate in your server configuration. You will find more information in nginx documentation. Check SLL Certificate Chains section.
cat www.example.com.crt bundle.crt > www.example.com.chained.crt
Hope it helped.
3
rails s puma -b 'ssl://0.0.0.0:9292?key=certkey.key&cert=cert.crt&verify_mode=peer&ca=root_bundle.crt
Just make sure you set the verify_mode=peer.
3
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
