WEBrick SSL
2007-04-28 - elm200 の日記
http://lists.rubyonrails.org/pipermail/rails/2006-January/012432.html
↑参考
1.サーバ証明書作成
#!/usr/bin/env ruby require 'webrick/ssl' # cn と comment を適当に設定 cn = [ [ "CN", "server_name" ] ] comment = "Generated by Ruby/OpenSSL" cert, rsa = WEBrick::Utils::create_self_signed_cert(1024, cn, comment) puts cert.to_s puts rsa.to_s
↑こちらを実行する。
2.以下のソース(名前は webrick_ssl とする)をrailsプロジェクト(/script/webrick_ssl)に設置
#!/usr/bin/env ruby
require File.dirname(__FILE__) + '/../config/boot'
require 'active_support'
require 'fileutils'
puts "=> Booting WEBrick on SSL..."
%w(cache pids sessions sockets).each { |dir_to_make| FileUtils.mkdir_p(File.join(RAILS_ROOT, 'tmp', dir_to_make)) }
require 'webrick'
require 'webrick/https'
require 'optparse'
OPTIONS = {
:port => 3500,
:ip => "0.0.0.0",
:environment => (ENV['RAILS_ENV'] || "development").dup,
:server_root => File.expand_path(RAILS_ROOT + "/public/"),
:server_type => WEBrick::SimpleServer,
:charset => "UTF-8",
:mime_types => WEBrick::HTTPUtils::DefaultMimeTypes
}
ARGV.options do |opts|
script_name = File.basename($0)
opts.banner = "Usage: ruby #{script_name} [options]"
opts.separator ""
opts.on("-p", "--port=port", Integer,
"Runs Rails on the specified port.",
"Default: 3000") { |v| OPTIONS[:port] = v }
opts.on("-b", "--binding=ip", String,
"Binds Rails to the specified ip.",
"Default: 0.0.0.0") { |v| OPTIONS[:ip] = v }
opts.on("-e", "--environment=name", String,
"Specifies the environment to run this server under (test/development/production).",
"Default: development") { |v| OPTIONS[:environment] = v }
opts.on("-m", "--mime-types=filename", String,
"Specifies an Apache style mime.types configuration file to be used for mime types",
"Default: none") { |mime_types_file| OPTIONS[:mime_types] = WEBrick::HTTPUtils::load_mime_types(mime_types_file) }
opts.on("-d", "--daemon",
"Make Rails run as a Daemon (only works if fork is available -- meaning on *nix)."
) { OPTIONS[:server_type] = WEBrick::Daemon }
opts.on("-c", "--charset=charset", String,
"Set default charset for output.",
"Default: UTF-8") { |v| OPTIONS[:charset] = v }
opts.separator ""
opts.on("-h", "--help",
"Show this help message.") { puts opts; exit }
opts.parse!
end
ENV["RAILS_ENV"] = OPTIONS[:environment]
RAILS_ENV.replace(OPTIONS[:environment]) if defined?(RAILS_ENV)
require RAILS_ROOT + "/config/environment"
require 'webrick_server'
OPTIONS['working_directory'] = File.expand_path(RAILS_ROOT)
puts "=> Rails application started on http://#{OPTIONS[:ip]}:#{OPTIONS[:port]}"
puts "=> Ctrl-C to shutdown server; call with --help for options" if OPTIONS[:server_type] == WEBrick::SimpleServer
class DispatchServlet
def self.dispatch(options = {})
ssl_certificate =<<-EOS
-----BEGIN CERTIFICATE-----
MIICSjCCAbOgAwIBAwIBADANBgkqhkiG9w0BAQUFADAQMQ4wDAYDVQQDDAVmdW5r
eTAeFw0wNzA0MjgwNzA5NDdaFw0wODA0MjcwNzA5NDdaMBAxDjAMBgNVBAMMBWZ1
bmt5MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDj1KnSH9E34aKFbIbRdL/d
ZSK6u+kTKPq4ZXGuxuvY0qP7geye/uCRZqdJWq4uwja/PiMpT/Hvz4xSydW94Cxi
x3Km6e2Yg1CbcAaj8ctT2BVaMpVXDXtw5z7/OGyokRllSCQWLkvoKzmZTcwNkA3L
QhzcroXybmkP20URQcrT2wIDAQABo4GzMIGwMAkGA1UdEwQCMAAwCwYDVR0PBAQD
AgUgMB0GA1UdDgQWBBRwbDNU99ejg8VFZC0FL5NwG5dx7DATBgNVHSUEDDAKBggr
BgEFBQcDATAoBglghkgBhvhCAQ0EGxYZR2VuZXJhdGVkIGJ5IFJ1YnkvT3BlblNT
TDA4BgNVHSMEMTAvgBRwbDNU99ejg8VFZC0FL5NwG5dx7KEUpBIwEDEOMAwGA1UE
AwwFZnVua3mCAQAwDQYJKoZIhvcNAQEFBQADgYEAP+isplcC6AOHpZK3bf58kELP
t89+xLP0x0BUGpMW4vQPwsG898VCLQ5NstwOc/dewGh4NWPyy7LUQe1wF6QWjIf/
wJO2ZoH+vKi3fu+nmG/xbyl056PRvqsyWwe+1O5JWe1JQ/Zhna0cDZhoYpUdE1/l
Gr3R7knmq+CfxH+dGmk=
-----END CERTIFICATE-----
EOS
ssl_private_key =<<-EOS
-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQDj1KnSH9E34aKFbIbRdL/dZSK6u+kTKPq4ZXGuxuvY0qP7geye
/uCRZqdJWq4uwja/PiMpT/Hvz4xSydW94Cxix3Km6e2Yg1CbcAaj8ctT2BVaMpVX
DXtw5z7/OGyokRllSCQWLkvoKzmZTcwNkA3LQhzcroXybmkP20URQcrT2wIDAQAB
AoGASRj7X4qL0vUW8t4OJ3fg80S2rtkJf/c+8hjCL8Rs+UUkDdbyt1Spcp1QAQ4S
Irh3Xkaue1vGER4zNIDDjkc1leSvBMqfS3WAjZGoEXHmhGpwhZsQQ1tdN8l3iYYx
r4orcnWB3f1Amle7TKoufKDrILZwOicJ0ov2UkjKp+0k+1ECQQD8V3tm7VPOUbqW
cJMWgT/Mle3QAnjS72gNCtEOdXmqQwMYwJyFZDcfeD9WYOsZVoCpzgo/+fCvna36
1r7uNs9zAkEA5yI2obeST9KcG7yGXk2XzSa3kdNm1bIqDpNyy/LzGcoK8/vQECPs
5K2vLBW+I2T7XdIeygElVb1RQbVglet/+QJBAKFRqAFYDbCjjR5p346OmGPJIZxO
SEHJbYKQ/K86qMoRRySG1klslNTYgd1N3l53b4+euezGc3lB25y1tqABiEMCQQDP
LDyZ0chkohvpRJ+QMa6qZVTPchTP4OWPsRyJsJe0ewQ8U27YuMri4seMFWUbpq0l
GG0elc5YPtxxsFkFqFRJAkAXaY3hnkwmj7/+Bhg1JG5t0B1NURKdj79gpS3DV8y6
pXtjPCIm3f2Rlnc6Pc5ECNV9vfBt+Ij/7g52zGyQYEkU
-----END RSA PRIVATE KEY-----
EOS
Socket.do_not_reverse_lookup = true # patch for OS X
params = { :Port => options[:port].to_i,
:ServerType => options[:server_type],
:BindAddress => options[:ip],
:SSLEnable => true,
:SSLCertificate => OpenSSL::X509::Certificate.new(ssl_certificate),
:SSLPrivateKey => OpenSSL::PKey::RSA.new(ssl_private_key)
}
params[:MimeTypes] = options[:mime_types] if options[:mime_types]
server = WEBrick::HTTPServer.new(params)
server.mount('/', DispatchServlet, options)
trap("INT") { server.shutdown }
server.start
end
end
DispatchServlet.dispatch(OPTIONS)3.起動する
[root@lv8195 /]# ruby script/webrick_ssl
もちろん、
[root@lv8195 /]# ruby script/webrick_ssl -d -p 443
でもOK.
※試したマシン
[root@lv8195 /]# less /etc/redhat-release Red Hat Enterprise Linux ES release 4 (Nahant Update 4)
