Deploying Ramaze Controller/Action behind SSL
Fuzzyhead
https://localhost:7000/mappedaction/securecontroller I get
"Data Transfer Interrupted
The connection to localhost:7000 has terminated unexpectedly. Some
data may have been transferred."
Has anyone had any success in creating secure actions accessible via
https?
Michael Fellinger
You have to use a proxy that handles SSL for you, something like
apache, lighttpd,
nginx, or pound should work, neither Rack nor Ramaze/Innate handle this.
You could also try using WEBrick, it also has limited SSL support AFAIK.
--
Michael Fellinger
CTO, The Rubyists, LLC
Clive Crous
> You have to use a proxy that handles SSL for you, something like
> apache, lighttpd,
> nginx, or pound should work, neither Rack nor Ramaze/Innate handle this.
Just remember to then use raw_redirect in all your own code and not
redirect otherwise all your links will break.
Clive
Clive Crous
> ... otherwise all your links will break.
I, of course, meant "redirects", not "links".
Clive
Fuzzyhead
https port is 443, but my application listens on port 7000
So when I do a https request to ramaze, I need to have a redirect_raw
in the action is that right? Where would I redirect to? When I
submit to an action controller I get the following in the logs, it
looks like binary data is being sent to my action:
Mon Oct 19 13:51:51 +0100 2009: HTTP parse error, malformed request
(127.0.0.1): #<Mongrel::HttpParserError: Invalid HTTP format, parsing
fails.>
Mon Oct 19 13:51:51 +0100 2009: REQUEST DATA: "\200O
\001\003\000\0006\000\000\000\020\000\000\210\000\000\207\000\0009\000\0008\000\000\204\000\0005\000\000E
\000\000D\000\0003\000\0002\000\000A
\000\000\004\000\000\005\000\000/\000\000\026\000\000\023\000\376\377\000\000\nC
\334to\321\270\206Of\360\322=\230\304SS"
Also how do I encode the https url. Do I use MyController.r("https://
#{hard_coded_url})
On Oct 19, 4:41 am, Michael Fellinger <m.fellin...@gmail.com> wrote:
>
> > When I use http s for my application with url
Nick Robinson-Wall
I have now put the app behind a proxy. I am a bit puzzled that the
https port is 443, but my application listens on port 7000
So when I do a https request to ramaze, I need to have a redirect_raw
in the action is that right? Where would I redirect to?
Clive Crous
> So when I do a https request to ramaze, I need to have a redirect_raw
> in the action is that right?
Sorry, perhaps my short statement added to the confusion and was
perhaps unintentionally misleading. Only if you are ever using
"redirect" within any action use "raw_redirect" instead. You don't
*need* either. Only if you are already using redirects, for example
after a form post.
Clive
Fuzzyhead
I am using apche web server up front, with mod proxy enabled.
I dont undestand the sequence of events that happens when using
https. Say I am on a normal form page that post some data securely to
the serevr.
1. The encoded URL for the post must be https not http. How do I
achieve this?
2. My action will receive the post and use raw_redirect to another
action under Https?
Sorry I've never dome tghis before and finding it very confusing.
On Oct 19, 4:39 pm, Clive Crous <clive.cr...@gmail.com> wrote:
> 2009/10/19 Fuzzyhead <pdwhites...@googlemail.com>:
Clive Crous
> 1. The encoded URL for the post must be https not http. How do I
> achieve this?
This is done in apache. Ramaze is ignorant of the final connection
type shown to the end-user.
> 2. My action will receive the post and use raw_redirect to another
> action under Https?
Generally this is normal web practice. If you receive a POST you
process it, then redirect to another page to show the result, be it
"success" or "failure" or "whatever".
When (if) you ever use a redirect within your own code then make use
of raw_redirect rather than redirect. The reason I mention this is
because the "redirect" method in ramaze does some magic of it's own,
more so than "raw_redirect". Using the type of setup you have in mind
where a third party server (in this case apache) handles the SSL and
proxies to Ramaze (not running in SSL mode) when you use "redirect"
inside your own source code Ramaze detects that it itself is not in
SSL mode and will change the URIs generated in raw_redirect from https
to http every time you use "redirect". So ... to avoid that use
"raw_redirect" so that Ramaze does not attempt to "fix" what it thinks
is incorrect.
Clive
Nick Robinson-Wall
Hi Clive,
I am using apche web server up front, with mod proxy enabled.
Clive Crous
For clarity with regard to redirect vs raw_redirect:
Regardless of mechanisms to cater for http and https simultaneously
using "redirect" rather than "raw_redirect" will cause redirects to
unexpectedly switch to http even when you explicitly expect it not to
do so. In fact, enabling http is possibly more dangerous in this
situation as you would then enable all pages to work with http even
those meant to be secure only.
Clive
hrnt
> 2009/10/21 Fuzzyhead <pdwhites...@googlemail.com>
> > Hi Clive,
>
> > I am using apche web server up front, with mod proxy enabled.
>
> > As you are using apache, have you considered using passenger? (
>
> Ramaze application. I don't know if Ramaze would become aware that the
> secure connections were secure or not, I haven't tested this before.
and redirects will work properly. If the incoming connection is with
SSL, "redirect" will redirect to https://
In that case, if you have actions that should only work with SSL, you
should use redirect_raw to force the redirect to use https:// to those
actions. In addition, in those actions you should check the request
scheme that the connection was done with https.
Clive Crous
> Ramaze knows about SSL connections if it is running under Passenger
> and redirects will work properly. If the incoming connection is with
> SSL, "redirect" will redirect to https://
if the incoming connection from Apache/nginx/lighttpd/whatever is SSL
then ramaze works fine.
The problem is that most setups do this:
browser <--SSL--> proxy <--NONSSL--> ramaze
so as far as ramaze is concerned it's "not SSL".
Just be aware of your environment.
Also you don't need to specify "http://.." or "https://" within raw_redirect
simply doing:
raw_redirect( r( :action ) )
works fine in all conditions whether you're using http or https
Clive
Nick Robinson-Wall
> browser <--SSL--> proxy <--NONSSL--> ramaze
> so as far as ramaze is concerned it's "not SSL".
>
> Just be aware of your environment.
> Also you don't need to specify "http://.." or "https://" within raw_redirect
> simply doing:
> raw_redirect( r( :action ) )
> works fine in all conditions whether you're using http or https
>
I configured my apache (running mod_rails) to listen for https
connections today, it worked without having to make any changes to my
ramaze (2009.10) app which uses #redirect. It automatically redirects
to the login page if you aren't already and the connection stayed
HTTPS for this.
--Nick