问题
I only found how to start puma using SSL:
$ puma -b 'ssl://127.0.0.1:9292?key=path_to_key&cert=path_to_cert'
However, there is no description about how to include an intermediate CA cert in the documentation. Could someone point me in the right direction? I am using Puma 1.6.3
Thanks!
回答1:
Combining certificate and bundle will work only if you use nginx.
Without nginx, you can use ca and verify_mode options:
rails s puma -b 'ssl://0.0.0.0:9292?key=path_to_key.key&cert=path_to_cert.crt&verify_mode=none&ca=path_to_root_bundle.crt'
Source: https://github.com/puma/puma/blob/master/lib/puma/binder.rb
回答2:
while we are using combo Nginx+PhusionPassenger as well. You cant specify Chain cert file in nginx either. The trick is to bundle all certs within one certificate and then set the new certificate file as a certificate in your server configuration. You will find more information in nginx documentation. Check SLL Certificate Chains section.
cat www.example.com.crt bundle.crt > www.example.com.chained.crt
Hope it helped.
回答3:
rails s puma -b 'ssl://0.0.0.0:9292?key=certkey.key&cert=cert.crt&verify_mode=peer&ca=root_bundle.crt
Just make sure you set the verify_mode=peer.
回答4:
It may be a better idea to use Phusion Passenger + Nginx for SSL support. This combo has widely available documentation and is very easy to setup because it's currently the most popular app server choice, and used by the likes of New York Times, Symantec, AirBnB, etc. Here's how you do it if you have Nginx with Phusion Passenger installed:
server {
listen 443;
server_name yourapp.local;
ssl on;
ssl_certificate ...;
ssl_key ...;
root /path-to-your-app/public;
passenger_enabled on;
}
来源:https://stackoverflow.com/questions/16063117/how-to-configure-rails-with-puma-to-use-ssl