Developing SSL Rails Applications using LightTPD on OSX (Tiger) 1

Posted by Trey Mon, 03 Apr 2006 21:31:00 GMT

Developing SSL Rails Applications using LightTPD on OSX (Tiger)

This morning I began development on Dimewise’s credit card processing. The first requirement I met was communicating with Authorize.net over a secure socket layer (SSL). I wasn’t able to find a detailed step-by-step guide to developing ssl rails applications like Dan Benjamin’s tutorial on setting up the basics for rails development on osx. After piecing together various forum posts and a few documentation articles, I decided to put it all together for future reference.

LightTPD with SSL

If you’ve already completed Dan Benjamin’s tutorial, you will need to recompile LightTPD with ssl support. If you’re starting fresh, just replace his LightTPD section with the following:

  1. sudo kill bob
  2. curl -O http://lighttpd.net/download/lighttpd-1.4.11.tar.gz
  3. tar xzvf lighttpd-1.4.11.tar.gz
  4. cd lighttpd-1.4.11
  5. ./configure—prefix=/usr/local—with-pcre=/usr/local—with-openssl=/usr/include/openssl
  6. make
  7. sudo make install
  8. cd ..

Creating Self-Signed Certificates

Now that you have LightTPD installed and able to support SSL, let’s create a certificate to use for local development. Note: this is not for use in a production environment. When you are ready to deploy, request a signature from a proper Certificate Authority.

  1. cd /your_application_directory/config
  2. openssl req -new -x509 -keyout server.pem -out server.pem -days 365 -nodes

You will be prompted to enter information about yourself. Since this is for development, enter whatever you like, or simply accept the defaults by hitting ‘enter’ for each line, e.g.

  1. Country Name (2 letter code) [AU]:
  2. State or Province Name (full name) [Some-State]:
  3. Locality Name (eg, city) []:
  4. Organization Name (eg, company) [Internet Widgits Pty Ltd]:
  5. Organizational Unit Name (eg, section) []:
  6. Common Name (eg, YOUR name) []:
  7. Email Address []:

Configuring LightTPD for use with SSL

If this is a new application that hasn’t already been launched with script/server do that now, so rails will generate a lighttpd.conf file for you. Then open config/lighttpd.conf in TextMate (you are using TextMate, right?) and add the following to the end of the file.

  1. $SERVER[“socket”] == “127.0.0.1:443” {
  2. ssl.engine = “enable”
  3. ssl.pemfile = CWD + ”/config/server.pem”
  4. }

Starting LightTPD and testing SSL

Now if you try to start up LightTPD normally, it will exit claiming it “can’t bind to port: 127.0.0.1 443 / Permission denied / Exiting”. To remedy this, start it with sudo and voila.

  1. sudo script/server
  2. Password:
  3. => Booting lighttpd (use ‘script/server webrick’ to force WEBrick)
  4. => Rails application started on http://0.0.0.0:3000
  5. => Call with -d to detach
  6. => Ctrl-C to shutdown server (see config/lighttpd.conf for options)

Browse to https://127.0.0.1 and after a few warnings that the certificate wasn’t signed by a known authority, you will be browsing your application using SSL. Now on to talking to authorize.net.

Comments

Leave a response

  1. Avatar
    Tieg 2 months later:

    I have yet to try this, but first you need a secure (https) connection. Second, RoR lets you change a few session options in the app using an ActionController method named session_options. Fortunately the example used in the API is what you’re looking for:

    http://api.rubyonrails.com/classes/ActionController/SessionManagement/ClassMethods.html#M000101

Comments