Summary
We need to provide HTTPS support to test your rails application on your local server. Sensitive data such as passwords are submitted during login and register stages and we want to encrypt the transmission of this data between the client browser and the server. The HTTPS protocol proves this security.
For developing we currently run the Mongrel server. To achieve HTTPS we need to put an Apache server in front of this Mongrel server. The Apache handles the SSL encryption, certificates etc and acts as a type of proxy to the Mongrel rails server.
The end result of the following steps is a Rails app that works with HTTPS.
Install SSL enabled Apache
Install an SSL enabled Apache. The fastest and most convenient method I’ve found is the XAMPP installer.
It’s a one click installer. Download and run. SSL enabled Apache is one of the programs installed that’s what we’re interested in. Ignore the rest (PHP etc).
WINXP
http://www.apachefriends.org/en/xampp-windows.html
MAC OSX
http://www.apachefriends.org/en/xampp-macosx.html
Or if you’re feeling brave install and configure an SSL enabled Apache yourself.
NOTE: mySQL is also installed with XAMPP. However if it causes confilict with your exisintg mySQL you can turn it off via the provided admin panel/command line and use your existing mySQL.
Configure Apache to work Mongrel
Having insalled the XAMPP you will have an Apache directory conf that contains the Apache configuration files.
Edit the Apache file conf/httpd.conf.
Uncomment the following lines:
LoadModule proxy_module modules/mod_proxy.so
and other proxy modules mentioned.
Also uncomment
LoadModule headers_module modules/mod_headers.so
In the Apache file conf/extra/httpd-vhosts.conf edit the following:
Make sure this line exists
NameVirtualHost *:80
Add the following vhost
<VirtualHost *:80>
ServerName Mydomain
ProxyPass / http://localhost:3002/
ProxyPassReverse / http://localhost:3002
</VirtualHost>
To make the above vhost work for us we also need to edit the hosts file in WinXP. Mydomain
WinXP
C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 Mydomain
And on the MacOSX, add the same to the /etc/hosts
Start the Apache server
At this point you will have Apache server set up. Start the Apache server.
Test your Apache is running, browse to http://localhost, you’ll get the Apache XAMPP page with some useful tools.
Start the mongrel server
At this point you will have Apache running so start Mongrel
ruby script/server -p 3002
Browsing to the URL http://Mydomain takes you to localhost (127.0.0.1) via hosts file you edited and there an Apache vhost checks the URL, and sees that it is Mydomain then passes it onto the Mongrel server running http://localhost:3002
Enable HTTPS
Configure Apache to use SSL and configure Mongrel to know about it
Edit the Apache file conf/extra/httpd-ssl.conf
Inside the vhost <VirtualHost _default_:443>
Comment out
DocumentRoot “C:/xampp/htdocs”
Put in the following
ServerName Mydomain:443
ProxyPass / http://localhost:3002/
ProxyPassReverse / http://localhost:3002
RequestHeader set X_FORWARDED_PROTO “https”
At this stage start your development environment is set up. Just start Apache, and Mysql then run your rails app and browse to http://Mydomain to view it.
Now requests to https:// urls in Rails app should work.
Set up Rails to work with SSL protocol
The following steps were required to set up the rails app to work with the SSL protocol.
Make sure that the SSL plug-in for Rails is installed.
ruby script/plugin install ssl_requirement
Next edit the ApplicationController, add the line ‘include SslRequirement ‘
class ApplicationController < ActionController::Base
include SslRequirement
Now you can set policies for individual actions in each of the controllers.
EG
In the AuthController we want the login and the authenticate action accessible via SSL only.
class AuthController < ApplicationController
ssl_required :login, :authenticate
Now requests to http://Mydomain/login will redirect to https:// Mydomain/login
The End.
References
Mongrel and Rails behind Apache 2.2 and SSL
http://blog.innerewut.de/2006/06/21/mongrel-and-rails-behind-apache-2-2-and-ssl#comment-form
“Agile Web development with Rails”, Page 612
November 7th, 2007 at 5:13 pm
Thanks for that nice HOWTO Jamie.
1 question
Is the Apache config:
RequestHeader set X_FORWARDED_PROTO “https”
required so that Rails will know that SSL has been used?
and 1 typo
Presumably the o2bp names should all be Mydomain
November 8th, 2007 at 1:30 pm
Hi Martin,
yes the config line
RequestHeader set X_FORWARDED_PROTO “https”
seems to pass the https onto the mongrel server, so that server is aware that the https protocol is in use.
Thanks for the correction too
December 14th, 2007 at 11:30 pm
Thanks for the great article! Saved me a ton of time.
December 29th, 2007 at 12:58 pm
I wished I would have seen your website earlier. That would have saved me a lot of time.
My question to you:
Is your https://mydomain.com really reachable from internet?
I tested it with my computer. With localhost or the domainname in the hosts-file everything works fine but not over the internet. I have my domain at dyndns.com
Could that be the reason for the problem?
Your answer is very appreciated
January 3rd, 2008 at 6:02 pm
Hello Anton,
Glad you found it useful.
Regarding your issue.
The above article is geared towards those who want to test there RoR app on their local server that requires https access.
Hence as you have found
“With localhost or the domainname in the hosts-file everything works fine”
It will work from localhost but will not be accessible from the internet.
If you want your app accessible from the internet via your domain name, you would need to set the DNS for that domain to resolve to the IP address of your server vgiven to you by your IP. You’ll really need a static IP address.
However from what you describe you are runninng apache + ruby on rails on a localhost machine. Is this machine your own personal machine or a dedicated server?
If it’s your own personal machine and not a ‘proper’ (for want of a better word) server I’d recommend purchasing ruby on rails enabled hosting package. EG in Ireland, this hosting company call Blackknight offer a RoR package. http://www.blacknight.ie/ruby-on-rails.0.html
You’ll find plenty of other RoR hosting providers on the web.
They provide the server with Apache + https etc and ruby on rails already set up(or maybe just ruby no certain :-/) and you can load your app onto that server. You’ll need to point the DNS of your IP to this new hosting.
Apologises if I have misunderstood your questions!!
How this helps
Jamie
January 5th, 2008 at 10:27 pm
Hi Jamie,
thanks for your thoughts. I found out that my apache is reachable by xxx.dyndns.com from outside as long I dont use the ssl virtual host of my httpd-ssl. By reconfigurating the apache I discovered that my mongrel server, my rails application and my firewall is not reason for situation.
Anton 
So it can only be something in the httpd.conf, the httpd-ssl or something with the ssl-certificate.
Unfortuantely I am not a specialist for apache …
Thanks Jamie, for your suggestions but I will run the application on my homeserver. Thats at least the plan
January 6th, 2008 at 4:09 pm
I found the reason for the problem. It was a tricky router firewall configuration mistake. Now it works
Thanks Jamie,
for the support with your good will to help!
January 7th, 2008 at 12:24 am
Anton, I have the same exact problem as you. Can you please describe exactly what was your problem with your firewall and router and how you solved it!
Thanks in advance
January 7th, 2008 at 1:05 am
LOL, I did look in my router and opend up 443, and everything worked after that. Thanks for the tips!
January 7th, 2008 at 8:38 pm
Hi,
Is it possible to set up rails applications using only Apache web server? Would appreciate any insight into this.
January 9th, 2008 at 8:22 pm
Is it possible to have Apache reverse proxy SSL for 2 different Rails sites running on the same server?
In other words, https://a.domain.com and https://b.domain.com both being served by the same Apache server with a wildcard certificate?