http://blog.csdn.net/wangjingfei/article/details/5609483
來由:
Redmine默認採用了Webrick服務器,默認啓動只支持http服務,但在某些時候,項目管理有較高的保密要求(這裏暫且不考慮效率問題),需要開啓https服務。網絡上介紹開啓Redmine https的文章並不少,但是由於軟件和操作系統的版本區別,修改方式各不相同,甚至需要修改的文件名稱都不相同。這樣,與其照網絡上的文章修改,不如自己寫一個服務腳本。
軟件列表:
Ruby,Gem,rails,openssl等依賴軟件。
Ruby快速入門:
http://tech.ddvip.com/2008-01/120059715340597.html
(假設redmine放在/home/fify/redmine目錄下)
0. 首先將pwd定位到/home/fify/redmine/config/certs目錄下
- mkdir /home/fify/redmine/config/certs
- cd /home/fify/redmine/config/certs
1. 創建RSA私鑰
- openssl genrsa -des3 -out server.key 1024
2. 創建CSR(Certificate signing request)
- openssl req -new -key server.key -out server.csr
3. 去掉私鑰中的passphrase
- cp server.key server.key.org
- openssl rsa -in server.key.org -out server.key
4. 創建自簽名認證證書
- openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
此時,改目錄下的工作已經完成,轉移到redmine目錄:
- cd /home/fify/redmine
5. 創建Webrick啓動腳本
- vi script/server_ssl
以下是ruby腳本代碼:
- #!/usr/bin/env ruby
- require File.dirname(__FILE__) + '/../config/boot'
- require 'webrick'
- # 包含必須的庫
- require 'webrick/https'
- require 'optparse'
- puts "=> Booting WEBrick..."
- OPTIONS = {
- # 端口號
- :port => 3001,
- # 監聽主機地址
- :Host => "0.0.0.0",
- :environment => (ENV['RAILS_ENV'] || "development").dup,
- # 存放redmine中public的路徑,這裏採用相對路徑,保證可移植性
- :server_root => File.expand_path(File.dirname(__FILE__) + "/../public/"),
- # 存放私鑰的地址
- :pkey => OpenSSL::PKey::RSA.new(
- File.open(File.dirname(__FILE__) + "/../config/certs/server.key").read),
- # 存放簽名證書的地址
- :cert => OpenSSL::X509::Certificate.new(
- File.open(File.dirname(__FILE__) + "/../config/certs/server.crt").read),
- :server_type => WEBrick::SimpleServer,
- :charset => "UTF-8",
- :mime_types => WEBrick::HTTPUtils::DefaultMimeTypes,
- :config => RAILS_ROOT + "/config.ru",
- :detach => false,
- :debugger => false,
- :path => nil
- }
- # 以下讀入命令行參數
- ARGV.clone.options do |opts|
- opts.on("-p", "--port=port", Integer,
- "Runs Rails on the specified port.", "Default: 3001") { |v| OPTIONS[:Port] = v }
- opts.on("-b", "--binding=ip", String,
- "Binds Rails to the specified ip.", "Default: 0.0.0.0") { |v| OPTIONS[:Host] = v }
- opts.on("-d", "--daemon", "Make server run as a Daemon.") { OPTIONS[:detach] = true }
- opts.on("-u", "--debugger", "Enable ruby-debugging for the server.") { OPTIONS[:debugger] = true }
- opts.on("-e", "--environment=name", String,
- "Specifies the environment to run this server under (test/development/production).",
- "Default: development") { |v| OPTIONS[:environment] = v }
- opts.separator ""
- opts.on("-h", "--help", "Show this help message.") { puts opts; exit }
- opts.parse!
- end
- # 設置啓動環境,production或development等
- ENV["RAILS_ENV"] = OPTIONS[:environment]
- RAILS_ENV.replace(OPTIONS[:environment]) if defined?(RAILS_ENV)
- # 讀取redmine配置文件
- require File.dirname(__FILE__) + "/../config/environment"
- require 'webrick_server'
- require 'webrick/https'
- OPTIONS['working_directory'] = File.expand_path(File.dirname(__FILE__))
- # 初始化帶SSL的webrick服務器
- class SSLDispatchServlet < DispatchServlet
- def self.dispatch(options)
- Socket.do_not_reverse_lookup = true
- server = WEBrick::HTTPServer.new(
- :Port => options[:port].to_i,
- :ServerType => options[:server_type],
- :BindAddress => options[:Host],
- :SSLEnable => true,
- :SSLVerifyClient => OpenSSL::SSL::VERIFY_NONE,
- :SSLCertificate => options[:cert],
- :SSLPrivateKey => options[:pkey],
- :SSLCertName => [ [ "CN", WEBrick::Utils::getservername ] ]
- )
- server.mount('/', DispatchServlet, options)
- trap("INT") { server.shutdown }
- server.start
- end
- end
- # 輸出啓動提示
- puts "=> Rails #{Rails.version} application starting on https://#{OPTIONS[:Host]}:#{OPTIONS[:port]}"
- # 如果用戶在命令行輸入“-d”參數,則程序將在後臺運行
- if OPTIONS[:detach]
- Process.daemon
- pid = "#{RAILS_ROOT}/tmp/pids/server.pid"
- File.open(pid, 'w'){ |f| f.write(Process.pid) }
- at_exit { File.delete(pid) if File.exist?(pid) }
- end
- # 沒有“-d”參數時在終端輸出提示,此時可以通過“ctrl+c”關閉服務器
- puts "=> Call with -d to detach"
- trap(:INT) { exit }
- puts "=> Ctrl-C to shutdown"
- # 啓動webrick服務器
- SSLDispatchServlet.dispatch(OPTIONS)
6. 將腳本參數設置爲可執行
- chmod +x script/server_ssl
7. 啓動Ruby腳本
- ruby script/server_ssl -e production // 在終端運行
- 或
參考:
1. http://www.zunisoft.com/?p=740&cpage=1
2. (CentOS5)/usr/lib/ruby/gems/1.8/gems/rails-2.3.5/lib/commands/server.rb