Setting Up SSL For Your Local Development Environment

The web server Mongrel does not support SSL on its own, in Production we would use something like Apache, Passenger and a Mongrel Cluster. Apache would deal with the SSL and then pass on a header to each Mongrel server, this allows for many benefits, including performance. However this is not really a lightweight enough for agile development. Instead we can use an Apache server as a proxy server to deal with SSL and to pass on the correct header for Mongrel to understand. Once we have configured our proxy server it sits in front and just passes on all requests, the server can start on a local machines system at bootup and should not need to be restarted, so essentially it is invisible to the developer.

We can still continue to use our Mongrel server by itself with no additional configuration, but we can now configure any API URL calls to the new proxy, normal testing can continue with just the normal Mongrel server for our application.

Creating a Self Signed Certificate

The easiest way to create our certificate and key files is with the following command:

openssl req -new -x509 -nodes -out server.crt -keyout server.key

make sure to add the servername '''localhost''' when it asks for your name (e.g. YOURNAME)

These files can be kept anywhere, for example I keep mine in /home//SSL/

Setting up Apache and Creating our Proxy Virtual Host

First we must make sure Apache2 is installed run the command:

sudo apt-get install Apache2

First lets enable all the modules we will need by running the following commands:

sudo a2enmod proxy
sudo a2enmod headers
sudo a2enmod ssl


Now we must update the proxy module to allow proxy requests from localhost by changing the following lines in /etc/apache2/mods-enabled/proxy.conf


<proxy>
AddDefaultCharset off
Order deny,allow
Allow from localhost
</proxy>


Next we can add a file with the following virtual host in it to /etc/apache2/sites-available

<ifmodule c="">

SSLCertificateFile <path to="" certificate="">/server.crt
SSLCertificateKeyFile <path to="" key="">/server.key

SSLSessionCache none

<virtualhost 443="">
SSLEngine on
SSLProxyEngine on
# This is required to set the header for Mongrel to treat it as the correct request
RequestHeader set X_FORWARDED_PROTO 'https'


ProxyPass / http://localhost:3001/
ProxyPassReverse / http://localhost:3001/
ProxyPreserveHost on

BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown

</virtualhost>

</path></path></ifmodule>



We should disable the default site using:

sudo a2dissite default

and enable the new one using:

sudo a2ensite sitename

We can run the following commands to start and stop the Apache server
/etc/init.d/apache2 start
/etc/init.d/apache2 stop
/etc/init.d/apache2 restart

We should be able to view the error logs at:

/var/log/apache2/

Pointing the Application to a local URL

If we want an application, such as the whitelabel application to make secure HTTPS API calls to our main platform locally then we can now configure the API URL as follows:

API_URL = https://localhost:443