Note: These instructions are for a quick per-project setup and may require you to change code. If you generally need SSL for development, you probably want to use Passenger.
-
Create a directory
.sslin your home directory. Go there and create a self-signed certificate. It is important to enterlocalhost.sslasCommon Namewhen asked. This is to make your browser believe the certificate is owned by thelocalhostdomain. -
Add localhost.ssl to your hosts file
echo "127.0.0.1 localhost.ssl" | sudo tee -a /etc/hosts -
Put the attached initializer into
config/initializers. It monkey-patches theForceSSLmodule to work in development and incorporates two custom config settings:use_sslandssl_port. -
In your
application.rb, addconfig.use_ssl = false. (Turn off SSL generally.) -
In your
environments/production.rbaddconfig.use_ssl = true. (Turn on SSL in production.) -
In your
environments/development.rbaddconfig.use_ssl = trueandconfig.ssl_port = 3001. (Turn on SSL in development and point your app to port3001.) -
Add
force_sslto any controller you need. You may provide:only => :some_actionand:except => :some_unsafe_actionas options. -
Boot thin
thin start -p 3001 --ssl --ssl-key-file ~/.ssl/server.key --ssl-cert-file ~/.ssl/server.crtThe option
-ptells thin to bind to port3001. To have ahttpdevelopment server running at the same time, start it withthin start -p 3000. (To run your application with thin, addgem 'thin'to your Gemfile.) -
Point your browser to
http://localhost:3000. You should be redirected tohttps://localhost:3001/. Do not expose a client certificate if asked, cancel that alert. It will just work fine without.
Troubleshooting for Mac
All security and password matter is tracked by Keychain Access. When you've messed with your certificates, e.g. exposed a client certificate, start it up and type localhost into the search field. It'll list your self-signed certificate and registered client certificates. Just delete the identity preference item(s) and it should work again.
