WEBrick SSL

2007-04-28 - elm200 の日記
http://lists.rubyonrails.org/pipermail/rails/2006-January/012432.html
↑参考

1.サーバ証明書作成

#!/usr/bin/env ruby
require 'webrick/ssl'
# cn と comment を適当に設定
cn = [ [ "CN", "server_name" ] ]  
comment = "Generated by Ruby/OpenSSL"   
cert, rsa = WEBrick::Utils::create_self_signed_cert(1024, cn, comment)
puts cert.to_s
puts rsa.to_s

↑こちらを実行する。

2.以下のソース(名前は webrick_ssl とする)をrailsプロジェクト(/script/webrick_ssl)に設置

#!/usr/bin/env ruby
require File.dirname(__FILE__) + '/../config/boot'

require 'active_support'
require 'fileutils'

puts "=> Booting WEBrick on SSL..."

%w(cache pids sessions sockets).each { |dir_to_make| FileUtils.mkdir_p(File.join(RAILS_ROOT, 'tmp', dir_to_make)) }

require 'webrick'
require 'webrick/https'
require 'optparse'

OPTIONS = {
  :port            => 3500,
  :ip              => "0.0.0.0",
  :environment     => (ENV['RAILS_ENV'] || "development").dup,
  :server_root     => File.expand_path(RAILS_ROOT + "/public/"),
  :server_type     => WEBrick::SimpleServer,
  :charset         => "UTF-8",
  :mime_types      => WEBrick::HTTPUtils::DefaultMimeTypes
}

ARGV.options do |opts|
  script_name = File.basename($0)
  opts.banner = "Usage: ruby #{script_name} [options]"

  opts.separator ""

  opts.on("-p", "--port=port", Integer,
          "Runs Rails on the specified port.",
          "Default: 3000") { |v| OPTIONS[:port] = v }
  opts.on("-b", "--binding=ip", String,
          "Binds Rails to the specified ip.",
          "Default: 0.0.0.0") { |v| OPTIONS[:ip] = v }
  opts.on("-e", "--environment=name", String,
          "Specifies the environment to run this server under (test/development/production).",
          "Default: development") { |v| OPTIONS[:environment] = v }
  opts.on("-m", "--mime-types=filename", String,
                  "Specifies an Apache style mime.types configuration file to be used for mime types",
                  "Default: none") { |mime_types_file| OPTIONS[:mime_types] = WEBrick::HTTPUtils::load_mime_types(mime_types_file) }

  opts.on("-d", "--daemon",
          "Make Rails run as a Daemon (only works if fork is available -- meaning on *nix)."
          ) { OPTIONS[:server_type] = WEBrick::Daemon }

  opts.on("-c", "--charset=charset", String,
          "Set default charset for output.",
          "Default: UTF-8") { |v| OPTIONS[:charset] = v }

  opts.separator ""

  opts.on("-h", "--help",
          "Show this help message.") { puts opts; exit }

  opts.parse!
end

ENV["RAILS_ENV"] = OPTIONS[:environment]
RAILS_ENV.replace(OPTIONS[:environment]) if defined?(RAILS_ENV)

require RAILS_ROOT + "/config/environment"
require 'webrick_server'

OPTIONS['working_directory'] = File.expand_path(RAILS_ROOT)

puts "=> Rails application started on http://#{OPTIONS[:ip]}:#{OPTIONS[:port]}"
puts "=> Ctrl-C to shutdown server; call with --help for options" if OPTIONS[:server_type] == WEBrick::SimpleServer

class DispatchServlet
  def self.dispatch(options = {})
  
      ssl_certificate =<<-EOS
-----BEGIN CERTIFICATE-----
MIICSjCCAbOgAwIBAwIBADANBgkqhkiG9w0BAQUFADAQMQ4wDAYDVQQDDAVmdW5r
eTAeFw0wNzA0MjgwNzA5NDdaFw0wODA0MjcwNzA5NDdaMBAxDjAMBgNVBAMMBWZ1
bmt5MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDj1KnSH9E34aKFbIbRdL/d
ZSK6u+kTKPq4ZXGuxuvY0qP7geye/uCRZqdJWq4uwja/PiMpT/Hvz4xSydW94Cxi
x3Km6e2Yg1CbcAaj8ctT2BVaMpVXDXtw5z7/OGyokRllSCQWLkvoKzmZTcwNkA3L
QhzcroXybmkP20URQcrT2wIDAQABo4GzMIGwMAkGA1UdEwQCMAAwCwYDVR0PBAQD
AgUgMB0GA1UdDgQWBBRwbDNU99ejg8VFZC0FL5NwG5dx7DATBgNVHSUEDDAKBggr
BgEFBQcDATAoBglghkgBhvhCAQ0EGxYZR2VuZXJhdGVkIGJ5IFJ1YnkvT3BlblNT
TDA4BgNVHSMEMTAvgBRwbDNU99ejg8VFZC0FL5NwG5dx7KEUpBIwEDEOMAwGA1UE
AwwFZnVua3mCAQAwDQYJKoZIhvcNAQEFBQADgYEAP+isplcC6AOHpZK3bf58kELP
t89+xLP0x0BUGpMW4vQPwsG898VCLQ5NstwOc/dewGh4NWPyy7LUQe1wF6QWjIf/
wJO2ZoH+vKi3fu+nmG/xbyl056PRvqsyWwe+1O5JWe1JQ/Zhna0cDZhoYpUdE1/l
Gr3R7knmq+CfxH+dGmk=
-----END CERTIFICATE-----
      EOS

      ssl_private_key =<<-EOS
-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQDj1KnSH9E34aKFbIbRdL/dZSK6u+kTKPq4ZXGuxuvY0qP7geye
/uCRZqdJWq4uwja/PiMpT/Hvz4xSydW94Cxix3Km6e2Yg1CbcAaj8ctT2BVaMpVX
DXtw5z7/OGyokRllSCQWLkvoKzmZTcwNkA3LQhzcroXybmkP20URQcrT2wIDAQAB
AoGASRj7X4qL0vUW8t4OJ3fg80S2rtkJf/c+8hjCL8Rs+UUkDdbyt1Spcp1QAQ4S
Irh3Xkaue1vGER4zNIDDjkc1leSvBMqfS3WAjZGoEXHmhGpwhZsQQ1tdN8l3iYYx
r4orcnWB3f1Amle7TKoufKDrILZwOicJ0ov2UkjKp+0k+1ECQQD8V3tm7VPOUbqW
cJMWgT/Mle3QAnjS72gNCtEOdXmqQwMYwJyFZDcfeD9WYOsZVoCpzgo/+fCvna36
1r7uNs9zAkEA5yI2obeST9KcG7yGXk2XzSa3kdNm1bIqDpNyy/LzGcoK8/vQECPs
5K2vLBW+I2T7XdIeygElVb1RQbVglet/+QJBAKFRqAFYDbCjjR5p346OmGPJIZxO
SEHJbYKQ/K86qMoRRySG1klslNTYgd1N3l53b4+euezGc3lB25y1tqABiEMCQQDP
LDyZ0chkohvpRJ+QMa6qZVTPchTP4OWPsRyJsJe0ewQ8U27YuMri4seMFWUbpq0l
GG0elc5YPtxxsFkFqFRJAkAXaY3hnkwmj7/+Bhg1JG5t0B1NURKdj79gpS3DV8y6
pXtjPCIm3f2Rlnc6Pc5ECNV9vfBt+Ij/7g52zGyQYEkU
-----END RSA PRIVATE KEY-----
      EOS

      Socket.do_not_reverse_lookup = true # patch for OS X

      params = { :Port        => options[:port].to_i,
                 :ServerType  => options[:server_type],
                 :BindAddress => options[:ip],
                 :SSLEnable        => true,
                 :SSLCertificate => OpenSSL::X509::Certificate.new(ssl_certificate),
                 :SSLPrivateKey  => OpenSSL::PKey::RSA.new(ssl_private_key)
               }
      params[:MimeTypes] = options[:mime_types] if options[:mime_types]

      server = WEBrick::HTTPServer.new(params)
      server.mount('/', DispatchServlet, options)

      trap("INT") { server.shutdown }
      
      server.start
  end
end

DispatchServlet.dispatch(OPTIONS)

3.起動する

[root@lv8195 /]# ruby script/webrick_ssl

もちろん、

[root@lv8195 /]# ruby script/webrick_ssl -d -p 443

でもOK.


※試したマシン

[root@lv8195 /]# less /etc/redhat-release 
Red Hat Enterprise Linux ES release 4 (Nahant Update 4)


RubyƒŠƒtƒ@ƒŒƒ“ƒXƒ}ƒjƒ ƒAƒ‹