How to make Sinatra work over HTTPS/SSL?

Question

As the title says, Google doesn't give anything useful concerning this.

How do I set up and configure HTTPS/SSL for Sinatra apps?

How do I create a HTTPS route?

I have never used HTTPS for my apps before and have no experience tweaking Rack/whatever, so I appreciate detailed answers.

score 23 · Answer 1 · answered Feb 24 '11 at 02:05

this seems to do it for me:

require 'sinatra/base'
require 'webrick'
require 'webrick/https'
require 'openssl'

CERT_PATH = '/opt/myCA/server/'

webrick_options = {
        :Port               => 8443,
        :Logger             => WEBrick::Log::new($stderr, WEBrick::Log::DEBUG),
        :DocumentRoot       => "/ruby/htdocs",
        :SSLEnable          => true,
        :SSLVerifyClient    => OpenSSL::SSL::VERIFY_NONE,
        :SSLCertificate     => OpenSSL::X509::Certificate.new(  File.open(File.join(CERT_PATH, "my-server.crt")).read),
        :SSLPrivateKey      => OpenSSL::PKey::RSA.new(          File.open(File.join(CERT_PATH, "my-server.key")).read),
        :SSLCertName        => [ [ "CN",WEBrick::Utils::getservername ] ]
}

class MyServer  < Sinatra::Base
    post '/' do
      "Hellow, world!"
    end            
end

Rack::Handler::WEBrick.run MyServer, webrick_options

[hat tip to http://www.networkworld.com/columnists/2007/090507-dr-internet.html]

want to give some tips on [a similar question](http://stackoverflow.com/questions/14462558/error-bad-uri-when-trying-to-get-webrick-to-accept-https)? — rampion, Jan 22 '13 at 17:48
Works as intended but how do you set the bind address? :BindAddress doesn't seem to stick. — Tim, May 19 '15 at 01:19

score 16 · Answer 2 · answered Dec 20 '12 at 21:40

16

I think using rack-ssl is the best option.

Then you just do:

class Application < Sinatra::Base
  use Rack::SSL

  get '/' do
    'SSL FTW!'
  end
end

and all http:// calls are redirected to https://

answered Dec 20 '12 at 21:40

Tomek Wałkuski

989
12
22

This only works if you have an SSL certificate installed – Josh Crowder Sep 17 '14 at 13:00
1

Well, you always should, I'm not talking about "VERIFY_NONE" option here :) – Tomek Wałkuski Sep 18 '14 at 06:49

score 15 · Accepted Answer · answered Sep 12 '10 at 21:12

15

I guess you need to setup your Web-server, not Sinatra, to work with SSL. In Sinatra you can use the request.secure? method to check for the SSL usage.

SSL + Nginx: the first article, the second one.

answered Sep 12 '10 at 21:12

Daniel O'Hara

13,307
3
46
68

score 11 · Answer 4 · edited May 23 '17 at 10:30

11

I modified code of richard_bw as to be able close or restart it with Ctrl+C:

require 'sinatra/base'
require 'webrick'
require 'webrick/https'
require 'openssl'

class MyServer  < Sinatra::Base
    post '/' do
      "Hello, world!\n"
    end            
end

CERT_PATH = '/opt/myCA/server/'

webrick_options = {
  :Port               => 8443,
  :Logger             => WEBrick::Log::new($stderr, WEBrick::Log::DEBUG),
  :DocumentRoot       => "/ruby/htdocs",
  :SSLEnable          => true,
  :SSLVerifyClient    => OpenSSL::SSL::VERIFY_NONE,
  :SSLCertificate     => OpenSSL::X509::Certificate.new(  File.open(File.join(CERT_PATH, "server.crt")).read),
  :SSLPrivateKey      => OpenSSL::PKey::RSA.new(          File.open(File.join(CERT_PATH, "server.key")).read),
  :SSLCertName        => [ [ "CN",WEBrick::Utils::getservername ] ],
  :app                => MyServer
}
Rack::Server.start webrick_options

edited May 23 '17 at 10:30

Community

1
1

answered Sep 11 '12 at 16:18

Dmitriy Budnik

1,467
13
22

How do I generate a certificate for Webrick? – Alan Coromano Nov 01 '12 at 11:40
2

Depens on reasons why you need it. If it's just testing you may issue self-signed one. This is way to do it on ubuntu: http://askubuntu.com/questions/49196/how-do-i-create-a-self-signed-ssl-certificate – Dmitriy Budnik Nov 01 '12 at 15:57
If you need it for production, I would check your domain registrar for such service. Ussualy you have to pay for it. – Dmitriy Budnik Nov 01 '12 at 16:00
1

which one should I use: /etc/ssl/certs/ssl-cert-snakeoil.pem or /etc/ssl/private/ssl-cert-snakeoil.key? – Alan Coromano Nov 06 '12 at 08:24
2

I used the `:Host` Rack option to be able to listen to the public interface otherwise it was always only localhost : `:Host => "0.0.0.0"`. Cfr. [Class: Rack::Server](http://www.rubydoc.info/gems/rack/Rack/Server#initialize-instance_method). `:BindAddress` Webrick option did not work as expected. – Ludovic Kuty Apr 01 '17 at 14:46

score 0 · Answer 5 · answered Feb 25 '19 at 11:04

The easiest solution I could find after a broad search, is the solution posted by Frank here.

Simply place the following at the top of your Sinatra classic app to force your application to use HTTPS:

require 'rack/ssl-enforcer'
use Rack::SslEnforcer

byteit101 · Answer 6 · 2022-01-12T21:53:51.937

0

For avoiding multiple servers, the webrick specific answers here are fine, but webrick specific.

When using Puma, the configuration can be simplified:

require 'sinatra/base'

class MyServer  < Sinatra::Base
    post '/' do
      "Hello, world!\n"
    end
end

Rack::Server.start app: MyServer, Host: "ssl://0.0.0.0:8443?key=privkey.pem&cert=cert.pem"

edited Jan 12 '22 at 21:53

answered Jan 12 '22 at 21:28

byteit101

3,910
2
20
29

How to make Sinatra work over HTTPS/SSL?

6 Answers6

Linked