How to make Sinatra work over HTTPS/SSL?

Question

As the title says, Google doesn't give anything useful concerning this.

How do I set up and configure HTTPS/SSL for Sinatra apps?

How do I create a HTTPS route?

I have never used HTTPS for my apps before and have no experience tweaking Rack/whatever, so I appreciate detailed answers.

Answer 1

The handler has been moved from the rack library to rackup. Below is what worked for me

#!/usr/bin/env ruby

require 'sinatra'
require 'slim'
require 'webrick'
require 'openssl'

script_root = File.expand_path(File.dirname(__FILE__))

webrick_options = { 
  :Port               => 8443,
  :Logger             => WEBrick::Log::new($stderr, WEBrick::Log::DEBUG),
  :DocumentRoot       => "/ruby/htdocs",
  :SSLEnable          => true,
  :SSLVerifyClient    => OpenSSL::SSL::VERIFY_NONE,
  :SSLCertificate     => OpenSSL::X509::Certificate.new(File.open("#{script_root}/ssl/public.crt").read),
  :SSLPrivateKey      => OpenSSL::PKey::RSA.new(File.open("#{script_root}/ssl/private.key").read),
  :SSLCertName        => [ [ "CN",WEBrick::Utils::getservername ] ] 
}

class WebServer  < Sinatra::Base
  get('/') { slim :index }
end

Rackup::Handler::WEBrick.run(WebServer, **webrick_options)

Answer 2

For avoiding multiple servers, the webrick specific answers here are fine, but webrick specific.

When using Puma, the configuration can be simplified:

require 'sinatra/base'

class MyServer  < Sinatra::Base
    post '/' do
      "Hello, world!\n"
    end
end

Rack::Server.start app: MyServer, Host: "ssl://0.0.0.0:8443?key=privkey.pem&cert=cert.pem"

Answer 3

The easiest solution I could find after a broad search, is the solution posted by Frank here.

Simply place the following at the top of your Sinatra classic app to force your application to use HTTPS:

require 'rack/ssl-enforcer'
use Rack::SslEnforcer

Answer 4

I think using rack-ssl is the best option.

Then you just do:

class Application < Sinatra::Base
  use Rack::SSL

  get '/' do
    'SSL FTW!'
  end
end

and all http:// calls are redirected to https://

Answer 5

I modified code of richard_bw as to be able close or restart it with Ctrl+C:

require 'sinatra/base'
require 'webrick'
require 'webrick/https'
require 'openssl'

class MyServer  < Sinatra::Base
    post '/' do
      "Hello, world!\n"
    end            
end

CERT_PATH = '/opt/myCA/server/'

webrick_options = {
  :Port               => 8443,
  :Logger             => WEBrick::Log::new($stderr, WEBrick::Log::DEBUG),
  :DocumentRoot       => "/ruby/htdocs",
  :SSLEnable          => true,
  :SSLVerifyClient    => OpenSSL::SSL::VERIFY_NONE,
  :SSLCertificate     => OpenSSL::X509::Certificate.new(  File.open(File.join(CERT_PATH, "server.crt")).read),
  :SSLPrivateKey      => OpenSSL::PKey::RSA.new(          File.open(File.join(CERT_PATH, "server.key")).read),
  :SSLCertName        => [ [ "CN",WEBrick::Utils::getservername ] ],
  :app                => MyServer
}
Rack::Server.start webrick_options

Answer 6

this seems to do it for me:

require 'sinatra/base'
require 'webrick'
require 'webrick/https'
require 'openssl'

CERT_PATH = '/opt/myCA/server/'

webrick_options = {
        :Port               => 8443,
        :Logger             => WEBrick::Log::new($stderr, WEBrick::Log::DEBUG),
        :DocumentRoot       => "/ruby/htdocs",
        :SSLEnable          => true,
        :SSLVerifyClient    => OpenSSL::SSL::VERIFY_NONE,
        :SSLCertificate     => OpenSSL::X509::Certificate.new(  File.open(File.join(CERT_PATH, "my-server.crt")).read),
        :SSLPrivateKey      => OpenSSL::PKey::RSA.new(          File.open(File.join(CERT_PATH, "my-server.key")).read),
        :SSLCertName        => [ [ "CN",WEBrick::Utils::getservername ] ]
}

class MyServer  < Sinatra::Base
    post '/' do
      "Hellow, world!"
    end            
end

Rack::Handler::WEBrick.run MyServer, webrick_options

[hat tip to http://www.networkworld.com/columnists/2007/090507-dr-internet.html]

Answer 7

I guess you need to setup your Web-server, not Sinatra, to work with SSL. In Sinatra you can use the request.secure? method to check for the SSL usage.

SSL + Nginx: the first article, the second one.