0

When accessing my ssl certs with nginx from /etc/ssl/, everything works fine. But when I run rails development server (puma) as the normal user, it can't access the key in /etc/ssl/private/ because of permissions.

How can I access /etc/ssl/private from the rails server? Do I need to add my user to a group or run the server with a different command?

user8897013
  • 443
  • 4
  • 15
  • Why does your Rails server need access to your private keys? – anothermh Jun 08 '19 at 22:20
  • To server the site over SSL in development. Something has to perform the handshake. – user8897013 Jun 08 '19 at 22:24
  • Why do you need SSL for your development environment? – anothermh Jun 08 '19 at 22:24
  • To test services that connect to the server that require SSL. I did debate on this as being unnecessary and introducing more things to maintain, but it really is more thorough and production-like. – user8897013 Jun 08 '19 at 22:30
  • That's the way it is now. However, nginx gets them from `/etc/ssl` (standard location), so I'd like it to be as similar as possible... otherwise I'm passing in a file path based on environment, which is messier. – user8897013 Jun 08 '19 at 22:33
  • You're trying to run a Rails test suite that relies on external services connecting to your Rails server by SSL? – anothermh Jun 08 '19 at 22:35
  • Let us [continue this discussion in chat](https://chat.stackoverflow.com/rooms/194648/discussion-between-user8897013-and-anothermh). – user8897013 Jun 08 '19 at 22:43
  • Will the tests work with an anonymous (self-signed) certificate? I think Puma would allow SSL without a valid signed signature (iodine does, so I might be assuming). – Myst Jun 14 '19 at 21:37
  • I don't think the issue is about the certificate being valid, it has to do with where it is located on the server and whether puma/nginx can access it. Nginx can (it runs as www-data), but not puma (runs as a normal user - i.e. `rails server ...`). – user8897013 Jun 14 '19 at 21:49

0 Answers0