Introduction

I’ve been working on a Ruby on Rails app recently that requires a little bit of ecommerce. Obviously, one of the first things I have to setup is an SSL to secure communication of sensitive customer data between my server and the credit card processor. I was able to snag a good deal and get a SSL with GoDaddy for $12.99 / year and set it up on my MediaTemple (dv) with relative ease. However, I first needed to test the app in development using SSL. I’ve been running Ruby on Rails via Passenger on my Mac OS X Snow Leopard with the help of the Passenger PrefPane and it’s been like a dream come true. If you’re doing Rails development on OS X, this is a must have.

Step 1: Create keys

After doing some research, I came across a pretty thorough how-to on Apple’s developer site. The document is a few years old and a little out of date, but the instructions on how to generate the keys was spot on. Go there now and follow the directions up until the point where it has you editing the httpd.conf file. Basically you’ll want to just follow the instructions on how to generate and sign the certificate. (Download the latest copy of SSL here—you’ll only need this for sign.sh.) Note: Where this article says to use 127.0.0.1 or localhost, you should use the name that you input in the Address field in the Passenger PrefPane or the string you use for ServerName in your vhost declaration.

Step 2: Editing httpd.conf

The biggest discrepancy between the previously linked Apple article is that the apache directory has moved. It’s now in /etc/apache2. First you’ll want to make a backup of httpd.conf. You can do this with the following command:

sudo cp httpd.conf httpd.conf.backup

Now open httpd.conf for editing (use sudo vim /etc/apache2/httpd.conf or sudo mate /etc/apache2/httpd.conf if you have Textmate—and you should).

There should be only one edit here, possibly two. First find line 40 (or where you find the Listen directives including Listen 80). Add this to the line below it (line 41):

Listen 443

This tells apache to listen for connections on port 443, the default port for SSL connections.

mod_ssl should already be enabled, so if you have disabled it go ahead and reenable it by uncommenting the line that reads:

LoadModule ssl_module libexec/apache2/mod_ssl.so

It’s around line 97.

Step 3: Editing vhost file

The next step is to open up the vhost file that the PrefPane sets up and edit it to allow for SSL. use the following command:

with Textmate: sudo mate /etc/apache2/passenger_pane_vhosts/ADDRESS.vhost.conf
without: sudo vim /etc/apache2/passenger_pane_vhosts/ADDRESS.vhost.conf

Replace ADDRESS with the string used for the Address field in the preference pane. Now, you have two options. The first will allow both http and https to work; the second allows only https. Either work just as well. Just copy the code, replace everything in the vhost file with it and then replace ADDRESS.

Option 1: http and https enabled


<VirtualHost *:443 *:80>
ServerName 2s
DocumentRoot "/Users/loganleger/Sites/2s/public"
RailsEnv development
<Directory "/Users/loganleger/Sites/2s/public">
Order allow,deny
Allow from all
</Directory>

</VirtualHost>


Option 2: only https enabled


<VirtualHost *:443>
ServerName 2s
DocumentRoot "/Users/loganleger/Sites/2s/public"
RailsEnv development
<Directory "/Users/loganleger/Sites/2s/public">
Order allow,deny
Allow from all
</Directory>

</VirtualHost>


Conclusion

More than likely, you’ll be using the ssl_requirement plugin and generally http will still be enabled, so option 1 is probably better suited for you.

Because of the preference pane, setting up vhosts and the like is super simple, and this made adding SSL support very easy. I’m hoping that the developers will add this option in the future.

¶