http://blog.csdn.net/wangjingfei/article/details/5609483
来由:
Redmine默认采用了Webrick服务器,默认启动只支持http服务,但在某些时候,项目管理有较高的保密要求(这里暂且不考虑效率问题),需要开启https服务。网络上介绍开启Redmine https的文章并不少,但是由于软件和操作系统的版本区别,修改方式各不相同,甚至需要修改的文件名称都不相同。这样,与其照网络上的文章修改,不如自己写一个服务脚本。
软件列表:
Ruby,Gem,rails,openssl等依赖软件。
Ruby快速入门:
http://tech.ddvip.com/2008-01/120059715340597.html
(假设redmine放在/home/fify/redmine目录下)
0. 首先将pwd定位到/home/fify/redmine/config/certs目录下
- mkdir /home/fify/redmine/config/certs
- cd /home/fify/redmine/config/certs
1. 创建RSA私钥
- openssl genrsa -des3 -out server.key 1024
2. 创建CSR(Certificate signing request)
- openssl req -new -key server.key -out server.csr
3. 去掉私钥中的passphrase
- cp server.key server.key.org
- openssl rsa -in server.key.org -out server.key
4. 创建自签名认证证书
- openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
此时,改目录下的工作已经完成,转移到redmine目录:
- cd /home/fify/redmine
5. 创建Webrick启动脚本
- vi script/server_ssl
以下是ruby脚本代码:
- #!/usr/bin/env ruby
- require File.dirname(__FILE__) + '/../config/boot'
- require 'webrick'
- # 包含必须的库
- require 'webrick/https'
- require 'optparse'
- puts "=> Booting WEBrick..."
- OPTIONS = {
- # 端口号
- :port => 3001,
- # 监听主机地址
- :Host => "0.0.0.0",
- :environment => (ENV['RAILS_ENV'] || "development").dup,
- # 存放redmine中public的路径,这里采用相对路径,保证可移植性
- :server_root => File.expand_path(File.dirname(__FILE__) + "/../public/"),
- # 存放私钥的地址
- :pkey => OpenSSL::PKey::RSA.new(
- File.open(File.dirname(__FILE__) + "/../config/certs/server.key").read),
- # 存放签名证书的地址
- :cert => OpenSSL::X509::Certificate.new(
- File.open(File.dirname(__FILE__) + "/../config/certs/server.crt").read),
- :server_type => WEBrick::SimpleServer,
- :charset => "UTF-8",
- :mime_types => WEBrick::HTTPUtils::DefaultMimeTypes,
- :config => RAILS_ROOT + "/config.ru",
- :detach => false,
- :debugger => false,
- :path => nil
- }
- # 以下读入命令行参数
- ARGV.clone.options do |opts|
- opts.on("-p", "--port=port", Integer,
- "Runs Rails on the specified port.", "Default: 3001") { |v| OPTIONS[:Port] = v }
- opts.on("-b", "--binding=ip", String,
- "Binds Rails to the specified ip.", "Default: 0.0.0.0") { |v| OPTIONS[:Host] = v }
- opts.on("-d", "--daemon", "Make server run as a Daemon.") { OPTIONS[:detach] = true }
- opts.on("-u", "--debugger", "Enable ruby-debugging for the server.") { OPTIONS[:debugger] = true }
- opts.on("-e", "--environment=name", String,
- "Specifies the environment to run this server under (test/development/production).",
- "Default: development") { |v| OPTIONS[:environment] = v }
- opts.separator ""
- opts.on("-h", "--help", "Show this help message.") { puts opts; exit }
- opts.parse!
- end
- # 设置启动环境,production或development等
- ENV["RAILS_ENV"] = OPTIONS[:environment]
- RAILS_ENV.replace(OPTIONS[:environment]) if defined?(RAILS_ENV)
- # 读取redmine配置文件
- require File.dirname(__FILE__) + "/../config/environment"
- require 'webrick_server'
- require 'webrick/https'
- OPTIONS['working_directory'] = File.expand_path(File.dirname(__FILE__))
- # 初始化带SSL的webrick服务器
- class SSLDispatchServlet < DispatchServlet
- def self.dispatch(options)
- Socket.do_not_reverse_lookup = true
- server = WEBrick::HTTPServer.new(
- :Port => options[:port].to_i,
- :ServerType => options[:server_type],
- :BindAddress => options[:Host],
- :SSLEnable => true,
- :SSLVerifyClient => OpenSSL::SSL::VERIFY_NONE,
- :SSLCertificate => options[:cert],
- :SSLPrivateKey => options[:pkey],
- :SSLCertName => [ [ "CN", WEBrick::Utils::getservername ] ]
- )
- server.mount('/', DispatchServlet, options)
- trap("INT") { server.shutdown }
- server.start
- end
- end
- # 输出启动提示
- puts "=> Rails #{Rails.version} application starting on https://#{OPTIONS[:Host]}:#{OPTIONS[:port]}"
- # 如果用户在命令行输入“-d”参数,则程序将在后台运行
- if OPTIONS[:detach]
- Process.daemon
- pid = "#{RAILS_ROOT}/tmp/pids/server.pid"
- File.open(pid, 'w'){ |f| f.write(Process.pid) }
- at_exit { File.delete(pid) if File.exist?(pid) }
- end
- # 没有“-d”参数时在终端输出提示,此时可以通过“ctrl+c”关闭服务器
- puts "=> Call with -d to detach"
- trap(:INT) { exit }
- puts "=> Ctrl-C to shutdown"
- # 启动webrick服务器
- SSLDispatchServlet.dispatch(OPTIONS)
6. 将脚本参数设置为可执行
- chmod +x script/server_ssl
7. 启动Ruby脚本
- ruby script/server_ssl -e production // 在终端运行
- 或
参考:
1. http://www.zunisoft.com/?p=740&cpage=1
2. (CentOS5)/usr/lib/ruby/gems/1.8/gems/rails-2.3.5/lib/commands/server.rb