[英]Having trouble setting up Apache for SSL with mongrel and rails 3 in development on ubuntu
I'm trying to setup apache2 so that I can try ssl in development on my rails 3 app on ubuntu. 我正在尝试设置apache2,以便可以在ubuntu上的rails 3应用程序中尝试ssl进行开发。
The rails app works, except for https where in Fire Fox i get: Rails应用程序可以正常工作,除了https在Fire Fox中可以得到:
The connection was interrupted
The connection to localhost:3000 was interrupted while the page was loading.
In the console i get: 在控制台中,我得到:
Thu Oct 14 15:56:28 +1100 2010: HTTP parse error, malformed request (127.0.0.1):
#<Mongrel::HttpParserError: Invalid HTTP format, parsing fails.>
Thu Oct 14 15:56:28 +1100 2010: REQUEST DATA: "\200U\001\003\000\000<\000\000\000\020\000\000\210\000\000\207\000\0008\000\000\204\000\0005\000\0009\000\000E\000\000D\000\0003\000\0002\000\000\226\000\000A\000\000\004\000\000\005\000\000/\000\000\026\000\000\023\000\376\377\000\000\n\000\000\377[������-V\214�e\277P-"
---
PARAMS: {}
---
I get the above console error whether Apache is running or not when using https. 无论使用Apache时Apache是否正在运行,我都会收到上述控制台错误。 Which makes me think https localhost:3000 requests are never passing through Apache and instead going straight to mongrel which can't handle ssl. 这让我觉得https localhost:3000请求从不通过Apache,而是直接转到无法处理ssl的mongrel。
Apache is working because if I go to http://localhost
I get the default 'It Works' web page. Apache之所以有效,是因为如果我访问http://localhost
则会得到默认的“ It Works”网页。 I'm pretty sure the self signed certificates I created are also fine because going to https://localhost
brings up the page in firefox asking if you trust the site and also lets me see the details of the certificate. 我很确定我创建的自签名证书也很好,因为转到https://localhost
会在firefox中打开页面,询问您是否信任该站点,并让我查看证书的详细信息。
I've done a heap of googling and I've read through and tried a bunch of guides but many of them are a few years old and possibly out of date. 我已经进行了大量谷歌搜索,并且阅读并尝试了一些指南,但其中许多指南已有数年之久,可能已经过时。
I ended up uninstalling apache2 and then reinstalling following this ubuntu guide https://help.ubuntu.com/10.04/serverguide/C/httpd.html It has a section on https configuration which I did and it creates this file -> /etc/apache2/site-available/default-ssl. 我最终卸载了apache2,然后按照此ubuntu指南https://help.ubuntu.com/10.04/serverguide/C/httpd.html进行了重新安装。它做了关于https配置的部分,并创建了这个文件-> / etc / apache2 / site-available / default-ssl。 It looks like this 看起来像这样
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster@localhost
DocumentRoot /var/www
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog /var/log/apache2/error.log
LogLevel warn
CustomLog /var/log/apache2/ssl_access.log combined
Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
SSLEngine on
SSLCertificateFile /etc/ssl/certs/server.crt
SSLCertificateKeyFile /etc/ssl/private/server.key
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
# Used by Rails. Mentioned in all the Rails SSL tutorials.
RequestHeader set X_FORWARDED_PROTO "https"
</VirtualHost>
</IfModule>
All I modified in there is the certificate and key locations, made it <VirtualHost *:443>
instead of <VirtualHost _default_:443>
and added the RequestHeader set X_FORWARDED_PROTO "https" line at the end as all the guides said to do. 我在其中进行的所有修改都是证书和密钥位置,将其设置为<VirtualHost *:443>
而不是<VirtualHost _default_:443>
并按照所有指南的说明在末尾添加了RequestHeader集X_FORWARDED_PROTO“ https”行。 I'm not sure what else needs to be changed. 我不确定还需要更改什么。 At one point I did try setting the DocumentRoot to the public folder of my rails app but it didn't make a difference. 有一次,我确实尝试将DocumentRoot设置为我的Rails应用程序的公共文件夹,但没有任何区别。
Apache restarts fine and there are no errors in the log. Apache可以正常重启,并且日志中没有错误。
I'm sure I must be really close to having it working but I've spent many hours over many days and just can't figure it out. 我敢肯定,我真的很想让它正常工作,但是我已经花了很多时间很多天了,只是想不通。 My best guess is that I have something wrong or missing in the apache config file above. 我最好的猜测是我上面的apache配置文件中有什么错误或缺失。
My Questions are: 我的问题是:
I stuffed around for ages and still couldn't get it working with just apache so ended up following parts of this ubuntu rails guide and installing Passenger. 我已经玩了好多年了,但仍然无法使用Apache使其正常工作,因此最终遵循了本ubuntu导轨指南的各个部分并安装了Passenger。 Passenger was nice and quick to install and best of all https works now in development. 乘客非常友善,安装快捷,并且所有https中的最好功能现在都在开发中。
I guess I should put virtualHost *.80 in default and virtualHost *.443 in default-ssl but anyway this is what my sites-available/default-ssl file now looks like(store = rails app name): 我想我应该将virtualHost * .80设置为默认值,并将virtualHost * .443设置为default-ssl,但是无论如何,这就是我的网站可用/ default-ssl文件现在的样子(store = rails app name):
<VirtualHost *:80>
ServerName localhost
DocumentRoot /home/daniel/www/store/public
<Directory /home/daniel/www/store/public>
AllowOverride all
Options -MultiViews
</Directory>
</VirtualHost>
<VirtualHost *:443>
ServerName localhost
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/ssl/certs/server.crt
SSLCertificateKeyFile /etc/ssl/private/server.key
RequestHeader set X_FORWARDED_PROTO 'https'
DocumentRoot /home/daniel/www/store/public
<Directory /home/daniel/www/store/public>
AllowOverride all
Options -MultiViews
</Directory>
</VirtualHost>
my httpd.conf file looks like this with settings for passenger and running rails in development mode using development database: 我的httpd.conf文件如下所示,其中包含使用开发数据库在开发模式下的乘客和运行滑轨的设置:
ServerName localhost
LoadModule passenger_module /usr/lib/ruby/gems/1.8/gems/passenger-3.0.0/ext/apache2/mod_passenger.so
PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-3.0.0
PassengerRuby /usr/bin/ruby1.8
RailsEnv development
RackEnv development
I'm still not 100% sure on how all the ports work but I'm guessing by using http://localhost:3000
the 3000 bit makes it go direct to mongrel and not through apache and therefore why the ssl never worked before. 我仍然不是100%知道所有端口的工作方式,但是我猜测通过使用http://localhost:3000
3000位可以直接进入杂种而不是通过apache,因此为什么ssl以前从未起作用过。 With apache and passenger setup as above I now go to http://localhost
or https://localhost
and it goes through apache and now works. 通过上面的apache和passenger设置,我现在转到http://localhost
或https://localhost
,它通过apache并可以正常工作。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.