In this third part of a five-part series on deploying an ecommerce application with Ruby on Rails, you will learn how to configure access to the application so that it is properly secured, and more. This article is excerpted from chapter 12 of the book Practical Rails Projects, written by Eldon Alameda (Apress; ISBN: 1590597818).
Secure Application Deployment with Ruby on Rails - SSL Configuration (Page 2 of 4 )
The communication between a browser and an e-commerce site needs to be secured through encryption to prevent theft of sensitive information like credit card numbers and login credentials. The SSL protocol is the de facto standard for secure communication on the Internet. SSL uses public-key encryption and requires that you acquire an SSL certificate from a certified issuer like VeriSign (www.verisign.com) or Thawte (www.thawte.com). To apply for an SSL certificate, go to the issuerís website and select the appropriate SSL certificate.
The part of the configuration file (Listing 12-2) that enables SSL is shown here:
The IP and port is specified with$SERVER["socket"]. The HTTPS port should always be 443. Note that specifying0.0.0.0configures LightTPD to listen to all network interfaces, which might not be desired. Instead, you could set it to the public IP of your server. Thessl.pemfileconfiguration property should point to your SSL certificate file that you received from the issuer.
Before starting LightTPD, you need to acquire the SSL certificate or remove the SSL part from the configuration; otherwise, you will get an error when you try to start LightTPD.
Tip If you donít want to buy a certificate immediately, you can generate a self-signed SSL certificate, which is valid for 365 days, with this OpenSSL command:openssl req -new -x509 -keyout server.pem -out server.pem -days 365 -nodes. A self-signed certificate is not very useful in a production environment, because users will receive a warning when accessing your site, saying that the certificate was not created by a trusted issuer. However, such a certificate is handy for development and testing purposes.