Note: These instructions are for a quick per-project setup and may require you to change code. If you generally need SSL for development, you probably want to use Passenger.
Create a directory .ssl
in your home directory. Go there and create a self-signed certificate. It is important to enter localhost.ssl
as Common Name
when asked. This is to make your browser believe the certificate is owned by the localhost
domain.
Add localhost.ssl to your hosts file
echo "127.0.0.1 localhost.ssl" | sudo tee -a /etc/hosts
Put the attached initializer into config/initializers
. It monkey-patches the ForceSSL
module to work in development and incorporates two custom config settings: use_ssl
and ssl_port
.
In your application.rb
, add config.use_ssl = false
. (Turn off SSL generally.)
In your environments/production.rb
add config.use_ssl = true
. (Turn on SSL in production.)
In your environments/development.rb
add config.use_ssl = true
and config.ssl_port = 3001
. (Turn on SSL in development and point your app to port 3001
.)
Add force_ssl
to any controller you need. You may provide :only => :some_action
and :except => :some_unsafe_action
as options.
Boot thin
thin start -p 3001 --ssl --ssl-key-file ~/.ssl/server.key --ssl-cert-file ~/.ssl/server.crt
The option -p
tells thin to bind to port 3001
. To have a http
development server running at the same time, start it with thin start -p 3000
. (To run your application with thin, add gem 'thin'
to your Gemfile.)
Point your browser to http://localhost:3000
. You should be redirected to https://localhost:3001/
. Do not expose a client certificate if asked, cancel that alert. It will just work fine without.
All security and password matter is tracked by Keychain Access. When you've messed with your certificates, e.g. exposed a client certificate, start it up and type localhost
into the search field. It'll list your self-signed certificate and registered client certificates. Just delete the identity preference item(s) and it should work again.