views:

243

answers:

3

I use apache/passenger on my development machine, but need to add SSL support (something which isn't exposed through the control panel). I've done this before in production, but for some reason I can't seem to get it work on OSX.

The steps I've followed so far are from a default apache osx install:

  1. Install passenger and passenger preference pane.
  2. Add my rails app (this works)
  3. Create my ca.key, server.crt and server.key as detailed on the apple website.

At this point I need to start editing the apache configs, so I added:

# Apache knows to listen on port 443 for ssl requests.
Listen 443
Listen 80

I thought I'd try editing the passenger pref pane generated config first to get everything working, when I add:

It starts off looking like this

<VirtualHost *:80>
  ServerName myapp.local
  DocumentRoot "/Users/jonnii/programming/ruby/myapp/public"
  RailsEnv development
  <Directory "/Users/jonnii/programming/ruby/myapp/public">
    Order allow,deny
    Allow from all
  </Directory>
</VirtualHost>

I then append this:

<VirtualHost *:443>
  ServerName myapp.local
  DocumentRoot "/Users/jonnii/programming/ruby/myapp/public"
  RailsEnv development
  <directory "/Users/jonnii/programming/ruby/myapp/public">
    Order allow,deny
    Allow from all
  </directory>

  # SSL Configuration
  SSLEngine on
  SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
  SSLOptions +FakeBasicAuth +ExportCertData +StdEnvVars +StrictRequire

  #Self Signed certificates
  SSLCertificateFile /private/etc/apache2/ssl.key/server.crt
  SSLCertificateKeyFile /private/etc/apache2/ssl.key/server.key
  SSLCertificateChainFile /private/etc/apache2/ssl.key/ca.crt

  SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0

</VirtualHost>

The files referenced all exist (I doubled checked that), but now when I restart my apache I can't even get to myapp.local. However apache can still server the default page when I click on it in the sharing preference panel.

Any help would be greatly appreciated.

A: 

I think Apache doesn't support virtual hosts for SSL. You probably have another SSL virtual host entry somewhere, which is getting used instead. Remove that and it should work.

Hongli
A: 

The OS X distribution of Apache includes a sample config file for enabling SSL: see /etc/apache2/extra/httpd-ssl.conf. Just ensure that config is valid for your needs, then find the following line in /etc/apache2/httpd.conf:

#Include /private/etc/apache2/extra/httpd-ssl.conf

and uncomment it by removing the octothorp.

Graham Lee
A: 

instead of defining two virtual hosts, just define one with the header:

<VirtualHost *:443 *:80>
Teflon Ted