Problem with SSL

casper_the_ghost · February 23, 2007, 11:11pm

Hello all,

I am really in a pickle, and I need some help. I am running a small
internal app on RoR and our network guy needs all authentication to
run over SSL.

I have read some docs online, but there are very few examples
involving my setup. I could install mongrel and follow some better
examples, but I am hesitant because this app is in a production
environment

I have the SSL portion running fine, however trying to access my app
barfs out 404 errors. I do however get the “Welcome to Rails screen”
but the following error pops up when clicking the “About your
application’s environment”

Not Found

The requested URL /rails/info/properties was not found on this server.
Apache/2.0.52 (Red Hat) Server at Port 443

The non-SSL is working fine. Here’s my apache conf file

NameVirtualHost *:80
NameVirtualHost *:443

VirtualHost example:

Almost any Apache directive may go into a VirtualHost container.

The first VirtualHost section is used for requests without a known

#lHost *:80>
<VirtualHost *:80>
ServerName servername
DocumentRoot /var/www/html/kryptonite/public
ErrorLog logs/error_log
CustomLog logs/access_log combined
<Directory /var/www/html/kryptonite >
Options ExecCGI FollowSymLinks
AddHandler cgi-script .cgi
AddHandler cgi-script .fcgi
AllowOverride all
Order allow,deny
Allow from all

<VirtualHost *:443>
ServerName servername:443
DocumentRoot /var/www/html/kryptonite/public
TransferLog logs/apache_ssl_transfer_log
ErrorLog logs/error_log
CustomLog logs/access_log combined

<Directory /var/www/html/kryptonite >
  Options ExecCGI FollowSymLinks
  AddHandler cgi-script .cgi
  AddHandler cgi-script .fcgi
  AllowOverride all

AllowOverride all
Order allow,deny
Allow from all

SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:
+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key

RequestHeader set X_FORWARDED_PROTO ‘https’

<FilesMatch “.(cgi|shtml|phtml|php)$”>
SSLOptions +StdEnvVars

BrowserMatch “.MSIE.”
nokeepalive ssl-unclean-shutdown
downgrade-1.0 force-response-1.0

The details:
Apache 2.0
FastCGI
Red Hat EL 4.0

My gut feeling is it may be a permission issue, but would like a
second opinion.

Any and all help is greatly appreciated and let me know if you require
anything else

Thanks,

Seth.

casper_the_ghost · February 24, 2007, 5:17am

UPDATE: Please ignore. I got it to work. Find below my revised
VirtualHost setup. Seems I might have had the wrong name for the
servername. DOH!
Now it matches what is in the certificate.

ServerName servername:443 DocumentRoot /var/www/html/kryptonite/public TransferLog logs/apache_ssl_transfer_log ErrorLog logs/error_log CustomLog logs/access_log combined

<Directory /var/www/html/kryptonite >
  Options ExecCGI FollowSymLinks
  AddHandler cgi-script .cgi
  AddHandler cgi-script .fcgi
  AllowOverride all
  Order allow,deny
  Allow from all
</Directory>

SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:
+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/httpd/conf/public_ssl.cert
SSLCertificateKeyFile /etc/httpd/conf/private_ssl.key

RequestHeader set X_FORWARDED_PROTO “https”

<FilesMatch “.(cgi|shtml|phtml|php)$”>
SSLOptions +StdEnvVars

BrowserMatch “.MSIE.”
nokeepalive ssl-unclean-shutdown
downgrade-1.0 force-response-1.0

Thanks,

Seth.