1

Specs: Rails 4.2.4, Ruby 2.1.9, running puma, EC2 instance in production mode

I have an SSL certificate that I want to install on my server but using techniques like this one yields no results 

rails s puma -b 'ssl://0.0.0.0:9292?key=path_to_key.key&cert=path_to_cert.crt&verify_mode=none&ca=path_to_root_bundle.crt'

https://stackoverflow.com/questions/16063117/how-to-configure-rails-with-puma-to-use-ssl

Instead of a functioning server I get 

Puma starting in single mode...
* Version 3.2.0 (ruby 2.1.9-p490), codename: Spring Is A Heliocentric Viewpoint
* Min threads: 0, max threads: 16
* Environment: production
* Listening on tcp://ssl://0.0.0.0:9292?key=~/evslideshow.key&cert=~/e3b162f57ea48f91.crt&verify_mode=peer&ca=~/gd_bundle-g2-g1.crt:80
* Exiting /home/ec2-user/.rvm/gems/ruby-2.1.9@slideshow/gems/puma-3.2.0/lib/puma/binder.rb:240:in
`initialize': getaddrinfo: Name or service not known (SocketError)

Now my mind is playing with different options. I could continue using puma and somehow make it work. I could switch to a different server gem. Or I could use Amazon's certificate management system (though I'm guessing there are some costs involved with that).

Any help is greatly appreciated, I'm trying to save myself a long and wild goose chase.

jm3
  • 2,405
  • 1
  • 14
  • 10
Randall Coding
  • 121
  • 3
  • 2
    ACM (AWS Certificate Manager) doesn't charge for standard certificates. They won't attach to an instance AFAIK, but are easy to associate with an AWS load balancer. I use Let's Encrypt certificates. – Tim Feb 14 '19 at 19:55

2 Answers2

1

The obvious thing to do is to fix the errors in the paths to the certificates. You have used a symbol ~, which has no special meaning in pathnames in Linux. Instead, this is a shortcut used by the Bash shell to substitute the user's home directory. But because you have single quoted the parameter, Bash does not perform the substitution.

You need to specify the path explicitly, not using ~.

And of course, you need to not have TLS certificates or web applications in a user's home directory, but that's another discussion.

Michael Hampton
  • 237,123
  • 42
  • 477
  • 940
  • I appreciate that, I actually fixed the ~ issue shortly after posting this. Still had the same problem. What solved the issue was dropping the `rails server` command and just running via `puma...` command. – Randall Coding Feb 18 '19 at 15:59
1

Found the solution by reading through some of the issue pages on puma's Github page. Apparently we must call puma directly, and not through rails server, despite what was said here in this old stackoverflow answer

The working code is 

RAILS_ENV=production rvmsudo -E puma -d -b "ssl://0.0.0.0:443?key=${KEY_PATH}&       
cert=${CERT_PATH}&verify_mode=peer&ca=${CERT_BUNDLE_PATH}" -p 80

Make sure to turn on config.force_ssl in your production config file as well.

Randall Coding
  • 121
  • 3