Mike Ray Arriaga

XGITHUBLINKEDINEMAIL
HOMEABOUTPOSTS

How to: Run Rails Development Mode in SSL/HTTPS for Testing Secure Apis

September 01, 2019 / 60 min read

Rails

Security

Sometimes we might need to test an Api in HTTPS on our local network using another device like a phone or tablet. We could deploy our App to a our preferred cloud service that provides free HTTPS encryption, but in order to debug or iterate, we would need to deploy our app after every change. Not only is that not efficient, but it is prone to build errors. Luckily we can generate our own SSL Certificate using the OPENSSL Library

  1. add the following line to development.rb
Copy 
#development.rb
.
.
.
config.force_ssl = true
.
.
.
  1. Navigate to the root of the project and run the following command to generate an SSL certificate (may need to install OPENSSL)
Copy 
openssl req -x509 -sha256 -nodes -newkey rsa:2048 -days 365 -keyout localhost.key -out localhost.crt
  1. Start the rails server with parameters that includes the SSL certificate 0.0.0.0 tells the server to run at our base ip 192.16…
Copy 
rails s -b 'ssl://0.0.0.0?key=./localhost.key&cert=./localhost.crt'
  1. Go into the command line and find the IP address for the machine that is running the development server
Copy 
ifconfig | grep inet
>>
.
.
.
#inet 192.168.5.5 netmask 0xffffff00 broadcast 192.168.0.555 // this line #192.168.5.5
.
.
.
  1. Now this url will allow us to access our app via our local network using a different device.
https://192.168.5.5:3000

The browser will say that it doesn't trust the site. Go to advanced and then 'continue anyway'

Hopefully all of that worked.

Test local server in HTTP Only

rails s -b 0.0.0.0

set the base request url to be 'http://192.168.5.5:3000/

Recover from forced SSL (Chrome)

  1. Make sure that config.force_ssl is commented out
  2. Make sure that the development server is not running!
  3. navigate to chrome://net-internals/#hsts in chrome
  4. in the last field Delete domain security policies add the following lines:
    1. localhost
    2. localhost:3000
    3. https://localhost
    4. https://localhost:3000
  5. Navigate to chrome://settings/clearBrowserData in chrome and delete everything from all time
  6. Close chrome
  7. Restart dev server
  8. Restart chrome
  9. Hopefully it works now.

Thanks for reading! 👋

Did you find this article useful?

Follow me on Twitter