#357 Adding SSL pro

Jun 08, 2012 | 14 minutes | Security

It is important to protect a user's private information with HTTPS. Here you will learn how to get it working on your local machine, configure Rack SSL, install certificates for production, and more.

Click to Play Video ▶

Download:
source codeProject Files in Zip (99.9 KB)
mp4Full Size H.264 Video (38.9 MB)
m4vSmaller H.264 Video (17.7 MB)
webmFull Size VP8 Video (19.4 MB)
ogvFull Size Theora Video (38.8 MB)

Browse Source Code

Resources

          terminal
        
curl get.pow.cx | sh
cd ~/.pow
ln -s ~/code/todo .
brew install nginx
cd /usr/local/etc/nginx
openssl req -new -nodes -keyout server.key -out server.csr
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
mate nginx.conf
mate ~/.powconfig
launchctl stop cx.pow.powd
ENABLE_HTTPS=yes rake middleware
touch tmp/restart.txt
cat example.com.crt example.com-intermediate.crt > example.com-chain.crt
chmod 400 *.key *.crt
sudo chown root *.key *.crt

          ~/.powconfig
        
export ENABLE_HTTPS="yes"
export POW_TIMEOUT=3600

          /usr/local/etc/nginx/nginx.conf
        
server {
  listen       443;
  server_name  *.dev;

  ssl                  on;
  ssl_certificate      server.crt;
  ssl_certificate_key  server.key;

  ssl_session_timeout  5m;

  ssl_protocols  SSLv2 SSLv3 TLSv1;
  ssl_ciphers  HIGH:!aNULL:!MD5;
  ssl_prefer_server_ciphers   on;

  location / {
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto https;
    proxy_redirect off;
    proxy_pass http://127.0.0.1;
  }
}

          config/application.rb
        
config.force_ssl = (ENV["ENABLE_HTTPS"] == "yes")
config.ssl_options = {hsts: {expires: 3600}}

          application_controller.rb
        
before_filter :https_redirect

private

def https_redirect
  if ENV["ENABLE_HTTPS"] == "yes"
    if request.ssl? && !use_https? || !request.ssl? && use_https?
      protocol = request.ssl? ? "http" : "https"
      flash.keep
      redirect_to protocol: "#{protocol}://", status: :moved_permanently
    end
  end
end

def use_https?
  true # Override in other controllers
end

          home_controller.rb
        
private

def use_https?
  false
end

          home/index.html.erb
        
<%= link_to "Log In", login_url(protocol: "https") %>

          apache.conf
        
# Enable mod_ssl: sudo a2enmod ssl
SSLEngine on
SSLCertificateFile /path/to/example.com.crt
SSLCertificateKeyFile /path/to/example.com-private.key
SSLCertificateChainFile /path/to/example.com-intermediate.crt

          nginx.conf
        
ssl                  on;
ssl_certificate      /path/to/example.com-chain.crt;
ssl_certificate_key  /path/to/example.com-private.key;