Sunday 20 December 2009

SSL_Requirement

I use the ssl_requirement plugin to let me specify what actions need to be secure.

But - I found it limiting. I needed to:

  1. Specify what the secure domain was - we only have a certificate on the base domain, not all the subdomains

  2. Be able to easily turn it off in different environments


So, I forked a version off that does that. If you have the same needs (and, like me, prefer a plugin over a gem) check mine out!

Saturday 19 December 2009

Apache + Passenger + SSL + OSX

Recently I wanted to do some work on parameter passing and also how to keep parameters passed to SSL pages through redirects.
The first stumbling block was to get passenger and apache to play nice with SSL on OSX

I am running Leopard (not SNOW Leopard) and here is what I did to get it to work. I couldn't find anything specific on the net about this, so I thought I'd chuck this up here. There may be nicer, better ways of doing this.

1 - Create the cert


Apple has a page on creating a cert. This all worked fine except the locations aren't right. This page must be for Tiger.
For Leopard apache is in /etc/apache2 (or /private/etc/apache2 depending on your installation).
It all seemed to work fine for me as written apart from that.
You end up with a ssl.key directory in your apache2 directory. You may wish to rename this domain.ssl.key if you are doing multi domain development. I am, but this is the only domain I wanted to check ssl on.

2 - Apache and SSL


This turned out to be easier than expected, but everything's easy when you know how!
Edit /etc/apache2/httpd.conf
All I needed to do is put this line around line 40:
Listen 80
Listen 443


You add the Listen 443

3 - Passenger files


I did this by hand. As far as I know you can't do this via the prefpane,
I have used the PrefPane to create the vhosts file.
sudo vi passenger_pane_vhosts/mydomain.local.vhost.conf

Then add:

<VirtualHost *:443>
ServerName mydomain.local
ServerAlias mydomain.local es.mydomain.local en.mydomain.local
DocumentRoot "/Users/smyp/development/mydomain/public"
RailsEnv development
<directory "/Users/smyp/development/mydomain/public">
Order allow,deny
Allow from all
</directory>

# SSL Configuration
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
SSLOptions +FakeBasicAuth +ExportCertData +StdEnvVars +StrictRequire

#Self Signed certificates
SSLCertificateFile /private/etc/apache2/ssl.key/server.crt
SSLCertificateKeyFile /private/etc/apache2/ssl.key/server.key
SSLCertificateChainFile /private/etc/apache2/ssl.key/ca.crt

SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0

</VirtualHost>


Basically what you do is copy all the stuff from the area and then add in the extra SSL config.
Just point the crt, key and ca.crt files to the ones you created in step 1 from the apple doc.

That's it! You should be ready to go!

Let me know if there are any errors in this and I'll correct them... I wasn't making notes as I went along, so this is done from looking back, so maybe I've left something out.

Wednesday 16 December 2009

redirect_to : pass all parameters

On filmamora we redirect people to the language version we think they want. This is done with a subdomain for the language.
As if that wasn't painful enough, it now seems I was stripping out additional parameters - like the parameters passed in from our mailings that triggered Google Analytics campaigns.
Doh!

So this:
  def language_redirect
redirect_to :subdomain => session[:language] unless RAILS_ENV == 'staging'
end


Needed to become this:
  def language_redirect
p2 = params.merge({:subdomain => session[:language]})
redirect_to p2 unless RAILS_ENV == 'staging'
end


Such a small change - such a big difference! Marketing types appeased!