[Rails] 如何在 development 環境使用 https

1. 產生ssl證書

先將 ssl 證書 產生到指定的地方( 此例為 ~/.ssh ) 備用

$ openssl req -x509 -sha256 -nodes -newkey rsa:2048 -days 365 -keyout ~/.ssh/localhost.key -out ~/.ssh/localhost.crt

2. 使用相應的指令啟動 rails

這邊需要寫絕對路徑，請把YourName換成自己的名稱

$ rails s -b "ssl://127.0.0.1:3000?key=/Users/YourName/.ssh/localhost.key&cert=/Users/YourName/.ssh/localhost.crt"

備註 1. 開放對外連線

如果要對外開放連線，可以把 127.0.0.1 改寫為 0.0.0.0

$ rails s -b "ssl://0.0.0.0:3000?key=/Users/YourName/.ssh/localhost.key&cert=/Users/YourName/.ssh/localhost.crt"

備註 2. 懶得寫這麼長

可以把參數直接寫在 puma.rb 之中 (SSL_KEY_PATH、SSL_CERT_PATH 請寫到環境變數中)

if ENV.fetch("RAILS_ENV") == 'development'
  ssl_bind '127.0.0.1', '3000', {
    key: ENV.fetch("SSL_KEY_PATH"),
    cert: ENV.fetch("SSL_CERT_PATH"),
    verify_mode: 'none'
  }
end

參考

1. https://www.devmynd.com/blog/rails-local-development-https-using-self-signed-ssl-certificate/
2. https://github.com/puma/puma/issues/1128
3. https://gist.github.com/tadast/9932075
4. https://ihower.tw/blog/archives/8861

TODO

https://github.com/jugyo/tunnels https://mozilla.github.io/server-side-tls/ssl-config-generator/