1

I have a Ruby web application built with Sinatra, Rack and Puma. I'm using Sinatra to implement the controllers (MVC pattern), each handling a different route, and each controller class extends Sinatra::Base. I'd like to enable TLS so that all connections to the server are served over HTTPS.

My Rack config.ru looks like:

require 'sinatra'
require 'rack'

# Start my database ...

run Rack::URLMap.new(
    '/api/foo' => FooController.new,
    '/api/bar' => BarController.new
)

Puma is picked up automatically by Rack.

How do I enable HTTPS? To start, I'm happy to use a self-signed certificate, but how can I configure the server with a valid cert? None of this seems well-documented at all, which I find quite frustrating. Am I overlooking an option I can just set at the top-level in my Rack config file, something like set :ssl => true maybe?

Similar yet fruitless SO posts: How to make Sinatra work over HTTPS/SSL? How to enable SSL for a standalone Sinatra app?

Community
  • 1
  • 1
Boon
  • 1,073
  • 1
  • 16
  • 42

1 Answers1

3

Since you mentioned that you use Puma, you can find this in their docs:

Need a bit of security? Use SSL sockets!

$ puma -b 'ssl://127.0.0.1:9292?key=path_to_key&cert=path_to_cert'

In production deployments a dedicated load balancer (e.g. nginx, HAProxy, AWS ELB) is usually responsible for SSL termination, and forwards plain HTTP traffic to application servers over the internal network. These heavy duty web servers are usually much faster, more stable, and better audited.

Adam Byrtek
  • 12,011
  • 2
  • 32
  • 32