Rails开发环境中启用HTTPS

现今许多公司为了提升安全性,只提供服务给有HTTPS连线的网路应用程式接入。

用 HTTPS
使用具有加密功能的 HTTPS 作为网际网路通讯协定,而非 HTTP。 HTTPS 会维护传送资料的隐私,保护其不受窃听攻击。此外,也能保护资料在传送过程中不遭到置入广告或恶意程式码的窜改。
在 2018 年 10 月 6 日,所有应用程式都必须使用 HTTPS。

这也导致在开发或测试环境时常会,因为开发环境没有设置SSL而出错,本例Facebook中有两种解法:

  1. 建立 development 与 production mode 两种 Facebook 应用程式,development mode 下 Facebook 依然愿意提供服务给开发者。
  2. 开发端使用SSL

本篇文章将介绍比较省事的选项2,让你能够以https:// localhost:3000开发

设定SSL

证书

使用mkcert签证书,没安装者须先进行安装:

$ brew install mkcert nss
$ mkcert -install
Created a new local CA at "/Users/filippo/Library/Application Support/mkcert" 💥
The local CA is now installed in the system trust store! ⚡️

签署凭证:

$ cd project
$ mkcert localhost
Using the local CA at "/Users/username/Library/Application Support/mkcert" ✨
Created a new certificate valid for the following names 📜
 - "localhost"
The certificate is at "./localhost.pem" and the key at "./localhost-key.pem" ✅

把凭证移到config/ssl/

$ mkdir config / ssl 
$ mv localhost-key.pem localhost.pem config / ssl

Rails配置

config/puma.rb中设定SSL服务:

# Remove
port        ENV.fetch("PORT") { 3000 }
environment ENV.fetch("RAILS_ENV") { "development" }
# Add
if ENV.fetch('RAILS_ENV') { 'development' } == 'development'
  # using mkcert self-signed cert enable ssl
  ssl_bind '0.0.0.0', ENV.fetch('PORT') { 3000 }, cert: 'config/ssl/localhost.pem', key: 'config/ssl/localhost-key.pem'
else
  port        ENV.fetch('PORT') { 3000 }
  environment ENV.fetch('RAILS_ENV') { 'development' }
end

config/environments/development.rb中强制所有连线使用SSL连线:

config.force_ssl = true

重启 dev server,开始在开发环境上用HTTPS连线吧!

$ rails s

可能会遇到的问题

Puma没有使用正确的SSL设置

SSL error, peer: 127.0.0.1, peer cert: , #<Puma::MiniSSL::SSLError: OpenSSL error: error:141F7065:SSL routines:final_key_share:no suitable key share - 337604709>
# OR
HTTP parse error, malformed request (): #<Puma::HttpParserError: Invalid HTTP format, parsing fails.>

使用最新的Puma(> 4.2.0)。

无法从webpack-dev-server获取编译后的JavaScript

Failed to load resource: net::ERR_SSL_PROTOCOL_ERROR
:3035/sockjs-node/info?t=1570436373828:1
# OR
GET https://localhost:3035/sockjs-node/info?t=1570436376957 net::ERR_SSL_PROTOCOL_ERROR
sockjs.js:1796
# OR
GET https://localhost:3000/packs/js/application-2be7c5d587f23021bfe9.js net::ERR_ABORTED 500 (Internal Server Error)
localhost/:10
# OR
Failed to load resource: the server responded with a status of 500 (Internal Server Error)
application-2be7c5d587f23021bfe9.js:1
# OR
Rack app error handling request { GET /packs/js/application-47a01f2c35f03c5131aa.js }
#<EOFError: end of file reached>
# OR
Puma caught this error: end of file reached (EOFError)
# OR
Failed to load resource: net::ERR_CERT_AUTHORITY_INVALID
:3035/sockjs-node/info?t=1570452520941:1
GET https://localhost:3035/sockjs-node/info?t=1570452524158 net::ERR_CERT_AUTHORITY_INVALID
# OR
Refused to connect to 'wss://localhost:3035/sockjs-node/661/ghika1m3/websocket' because it violates the following Content Security Policy directive: "connect-src 'self' https: http://localhost:3035 ws://localhost:3035".
sockjs.js:1887

webpack-dev-server也要记得上SSL,提供https://wss://等连接方式。

转载需保留链接来源:软件玩家 » Rails开发环境中启用HTTPS

赞 (0)

评论 0

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址

感谢您的支持!

微信扫一扫打赏