Using Thin for development (with SSL)

Updated . Posted . Visible to the public.

Note: These instructions are for a quick per-project setup and may require you to change code. If you generally need SSL for development, you probably want to use Passenger.


  1. Create a directory .ssl in your home directory. Go there and create a self-signed certificate. It is important to enter localhost.ssl as Common Name when asked. This is to make your browser believe the certificate is owned by the localhost domain.

  2. Add localhost.ssl to your hosts file

     echo "127.0.0.1 localhost.ssl" | sudo tee -a /etc/hosts
    
  3. Put the attached initializer into config/initializers. It monkey-patches the ForceSSL module to work in development and incorporates two custom config settings: use_ssl and ssl_port.

  4. In your application.rb, add config.use_ssl = false. (Turn off SSL generally.)

  5. In your environments/production.rb add config.use_ssl = true. (Turn on SSL in production.)

  6. In your environments/development.rb add config.use_ssl = true and config.ssl_port = 3001. (Turn on SSL in development and point your app to port 3001.)

  7. Add force_ssl to any controller you need. You may provide :only => :some_action and :except => :some_unsafe_action as options.

  8. Boot thin

       thin start -p 3001 --ssl --ssl-key-file ~/.ssl/server.key --ssl-cert-file ~/.ssl/server.crt
    

    The option -p tells thin to bind to port 3001. To have a http development server running at the same time, start it with thin start -p 3000. (To run your application with thin, add gem 'thin' to your Gemfile.)

  9. Point your browser to http://localhost:3000. You should be redirected to https://localhost:3001/. Do not expose a client certificate if asked, cancel that alert. It will just work fine without.

Troubleshooting for Mac

All security and password matter is tracked by Keychain Access. When you've messed with your certificates, e.g. exposed a client certificate, start it up and type localhost into the search field. It'll list your self-signed certificate and registered client certificates. Just delete the identity preference item(s) and it should work again.

Dominik Schöler
Last edit
License
Source code in this card is licensed under the MIT License.
Posted by Dominik Schöler to makandra dev (2013-05-03 08:19)