4

I have been looking all over and either I can't find anything or I can't find anything that works... so here I am.

How can I go about setting up SSL/HTTPS with regards to Mongrel?

Thanks in advance!

womble
  • 95,029
  • 29
  • 173
  • 228
Tom
  • 161
  • 4

3 Answers3

1

You run it through a real webserver first, like nginx or Apache, which does the SSL work for you, and then passes back a header saying whether or not the connection was made via SSL (only important if you're doing things like redirecting if a needs-to-be-secure page was accessed without SSL).

In theory, I guess you could stick stunnel in front of mongrel and do it that way, but the reasons not to are huge and scary, so just don't.

womble
  • 95,029
  • 29
  • 173
  • 228
  • 1
    so.... how do you do it? There is a total lack of tutorials on how to do this, and I'm getting frustrated, to say the least. – mmr Feb 03 '10 at 05:26
1

It should of course be noted that Mongrel simply "doesn't do" SSL itself.

Dan Carley
  • 25,189
  • 5
  • 52
  • 70
0

I struggled with this for a while. Mongrel prefers 'The Ruby Way' which is different then the Apache way.

Configure Apache HTTP to serve HTTPS traffic. Then proxy the plaintext/HTTP connections on the backend.

  1. Install mod_proxy. I actually had to recompile httpd to include proxy support.

    LoadModule proxy_module modules/mod_proxy.so

    LoadModule proxy_http_module modules/mod_proxy_http.so

    LoadModule proxy_connect_module modules/mod_proxy_connect.so

  2. Use mod_rewrite's [proxy] parameter to rewrite all traffic to the Mongrel host. My host is a VirtualHost, with a name like 'ruby.example.org'.

    RewriteRule ^/(.*) http://127.0.0.1:3000/$1 [proxy]

  3. Restrict access to the proxy. See httpd.apache.org/docs/2.2/mod/mod_proxy.html#access


    <Proxy *>
 Order Deny,Allow
 Deny from all
 # Restrict access from my local network
 Allow from 192.168.0
    </Proxy>
Stefan Lasiewski
  • 22,949
  • 38
  • 129
  • 184