Thin with SSL support and ruby-debug

Question

Does anyone know of a way to run the ruby debugger and SSL at the same time with Thin?

I've been using Thin successfully with Rails 3.0.10.

I start it using rails server --debugger, and I can debug my code.

Recently, I have also needed to add SSL support to my application, and I'd like to be able to test it locally with a self-signed certificate.

Unfortunately, I have not found a way to start Thin with SSL support when using rails server.

I can successfully start Thin with SSL support by using:

thin start --ssl --ssl-verify --ssl-key-file ssllocal/server.key
    --ssl-cert-file ssllocal/server.crt

However, I have not found a way to activate the debugger using thin start.

So it seems like I have the choice of running the debugger (rails server) or SSL (thin start), but not both.

It seems possible to get Webrick to run SSL using rails server by modifying the rails/script file (see here). I experimented with this approach, but I have not had success. Here's one of the attempts:

#!/usr/bin/env ruby
# This command will automatically be run when you run "rails" with Rails 3
# gems installed from the root of your application.

APP_PATH = File.expand_path('../../config/application',  __FILE__)
require File.expand_path('../../config/boot',  __FILE__)


# THIS IS NEW:
require "rails/commands/server"
require 'rack'
require 'thin'
module Rails
  class Server
    def default_options
      super.merge({
        :Port        => 3000,
        :environment => (ENV['RAILS_ENV'] || "development").dup,
        :daemonize   => false,
        :debugger    => false,
        :pid         => File.expand_path("tmp/pids/server.pid"),
        :config      => File.expand_path("config.ru"),
        :SSLEnable   => true
        :ssl => true,
        "ssl-verify" => true,
        "ssl-key-file" => File.expand_path("ssllocal/server.key"),
        "ssl-cert-file" => File.expand_path("ssllocal/server.crt")       
      })
    end
  end
end


require 'rails/commands'

Note: for those who might be wondering, I created an 'ssllocal' directory off my root application directory, and that's where I store the ssl keys and certs.

Answer 1

You could try just requiring the debugger yourself in your development environment.

In your Gemfile:

if RUBY_VERSION =~ /^1.9/
  gem "ruby-debug19", :group => :development
else
  gem "ruby-debug", :group => :development
end

And within the config block of your config/environments/development.rb:

require 'ruby-debug'
Debugger.start

This permits you to place the debugger statement anywhere in your code.

Answer 2

Here's my solution - I hacked the Thin TcpServer to load my self-signed SSL certs, only in the development environment. My script/rails looks like this:

#!/usr/bin/env ruby
# This command will automatically be run when you run "rails" with Rails 3 gems installed from the root of your application.

APP_PATH = File.expand_path('../../config/application',  __FILE__)
require File.expand_path('../../config/boot',  __FILE__)

# Hack our SSL certs into Thin TcpServer, only in development environment
require 'thin'
module Thin
  module Backends
    TcpServer.class_eval do
      def initialize_with_SSL(host, port)
        if Rails.env.development?
          Rails.logger.info "Loading SSL certs from ./ssl_dev..."
          @ssl = true
          @ssl_options = {
            :private_key_file => File.expand_path("../../ssl_dev/server.key", __FILE__),
            :cert_chain_file  => File.expand_path("../../ssl_dev/server.crt", __FILE__),
            :verify_peer => nil
          }
        end

        initialize_without_SSL(host, port)
      end

      alias_method :initialize_without_SSL, :initialize
      alias_method :initialize, :initialize_with_SSL      
    end
  end
end

# Must load 'rails/commands' after Thin SSL hack
require 'rails/commands'

Answer 3

Here's how I got it to finally work on production using Thin:

rvmsudo thin start -p 443 --ssl --ssl-key-file ssl/server.key --ssl-cert-file ssl/server.crt

If you are having issues with your KEY file, make sure you validate the CSR by using a site like:

https://ssl-tools.verisign.com

If your CSR fails, then the certificate you receive from your signing authority will fail too. My site would refuse to load with the SSL certs, only to find out that I abbreviated my State name to "TX" instead of "Texas" while creating my private key. That was the reason it wasn't working all along! SSL certs are a pain in the ass!