I want to write a quick server app in Sinatra. It has to be self-contained (i.e. not use apache/nginx/passenger) but also has to support SSL.
Is there an easy way to enable SSL support for Sinatra (using WEBRick for example)?
To do this with MRI ruby, use the following monkeypatch:
sinatra_ssl.rb:
require 'webrick/https'
module Sinatra
class Application
def self.run!
certificate_content = File.open(ssl_certificate).read
key_content = File.open(ssl_key).read
server_options = {
:Host => bind,
:Port => port,
:SSLEnable => true,
:SSLCertificate => OpenSSL::X509::Certificate.new(certificate_content),
:SSLPrivateKey => OpenSSL::PKey::RSA.new(key_content)
}
Rack::Handler::WEBrick.run self, server_options do |server|
[:INT, :TERM].each { |sig| trap(sig) { server.stop } }
server.threaded = settings.threaded if server.respond_to? :threaded=
set :running, true
end
end
end
end
Then, in your standalone application:
app.rb
require 'sinatra'
require 'sinatra_ssl'
set :port, 8443
set :ssl_certificate, "server.crt"
set :ssl_key, "server.key"
get "/" do
"Hello world!"
end
Use JRuby interpreter + jetty-rackup gem (http://github.com/geekq/jetty-rackup)
Edit jetty-rackup file in the jetty-rackup gem and add a SslSocketConnector, some code to help you:
security_connector = Jetty::Security::SslSocketConnector.new
security_connector.set_acceptors(config[:acceptor_size])
security_connector.port = config[:port]
security_connector.confidential_port = config[:port]
security_connector.keystore = keystore
security_connector.password = config[:password]
security_connector.key_password = config[:key_password].nil? ? config[:password] : config[:key_password]
security_connector.truststore = truststore
security_connector.trust_password = config[:trust_pasword].nil? ? config[:password] : config[:trust_pasword]
server.add_connector(security_connector)
Sample config:
# Config
:acceptor_size: 10
:ssl: true
:keystore: keystore.jks
:password: your_pass
# :key_password: your_pass # if different
# :truststore: truststore.jks # if different
# :trust_pasword: your_pass # if different
Generating keystore.jks : http://docs.codehaus.org/display/JETTY/How+to+configure+SSL
Related
I'm trying to connect to FTP via SOCKS5 proxy using ruby's library Net::FTP. Documentation says to set env variable SOCKS_SERVER in order to connect through proxy (http://ruby-doc.org/stdlib-2.0.0/libdoc/net/ftp/rdoc/Net/FTP.html#method-i-connect), but it seems like it does not work.
Code I'm running is this:
irb(main):054:0> ftp = Net::FTP.new
=> #<Net::FTP:0x007efd08c73768 #mon_owner=nil, #mon_count=0, #mon_mutex=#<Thread::Mutex:0x007efd08c73718>, #binary=true, #passive=true, #debug_mode=false, #resume=false, #sock=#<Net::FTP::NullSocket:0x007efd08c736f0>, #logged_in=false, #open_timeout=nil, #read_timeout=60>
irb(main):056:0> ENV['SOCKS_SERVER'] = 'host:port'
=> "host:port"
irb(main):055:0> ftp.connect('test.rebex.net')
=> nil
irb(main):057:0> ftp.login('demo', 'password')
=> true
irb(main):058:0> ftp.ls
=> ["10-27-15 03:46PM <DIR> pub", "04-08-14 03:09PM 403 readme.txt"]
When I look to proxy logs I can not see any requests going through.
What I'm doing wrong or does anybody have an example how to achieve that?
If your on Windows computer you'll need to use dress_socks gem and Monkeypath:
$socks_server = '127.0.0.1'
$socks_port = '9090'
require 'dress_socks'
class Net::FTP
def open_socket(host, port) # :nodoc:
# puts "opening socket #{#host}:#{port}"
return DressSocks::Socket.new(#host, port,
socks_server: $socks_server, socks_port: $socks_port)
end
end
I am trying to get compass/sass to watch changes on my local computer and reflect those changes remotely using a custom config.rb script. net::sftp works but my server requires a custom ssh port. I couldn't find any mods to make sftp work with an alternate port so im trying net:scp now, the problem is I dont know the proper command structure to upload using net:scp and wanted to see if someone can help me. Here is my code:
# Require any additional compass plugins here.
require 'net/ssh'
require 'net/scp'
# SFTP Connection Details - Does not support alternate ports os SSHKeys, but could with mods
remote_theme_dir_absolute = '/home2/trinsic/public_html/scottrlarson.com/sites/all/themes/ gateway_symbology_zen/css'
sftp_host = 'xxx.xxx.xxx.xxx' # Can be an IP
sftp_user = 'user' # SFTP Username
sftp_pass = 'password' # SFTP Password
# Callback to be used when a file change is written. This will upload to a remote WP install
on_stylesheet_saved do |filename|
$local_path_to_css_file = css_dir + '/' + File.basename(filename)
Net::SSH.start( sftp_host, sftp_user, {:password => sftp_pass,:port => 2222} ) do ssh.scp.upload! $local_path_to_css_file, remote_theme_dir_absolute + '/' + File.basename(filename)
end
puts ">>>> Compass is polling for changes. Press Ctrl-C to Stop"
end
#
# This file is only needed for Compass/Sass integration. If you are not using
# Compass, you may safely ignore or delete this file.
#
# If you'd like to learn more about Sass and Compass, see the sass/README.txt
# file for more information.
#
# Change this to :production when ready to deploy the CSS to the live server.
environment = :development
#environment = :production
# In development, we can turn on the FireSass-compatible debug_info.
firesass = false
#firesass = true
# Location of the theme's resources.
css_dir = "css"
sass_dir = "sass"
extensions_dir = "sass-extensions"
images_dir = "images"
javascripts_dir = "js"
# Require any additional compass plugins installed on your system.
#require 'ninesixty'
#require 'zen-grids'
# Assuming this theme is in sites/*/themes/THEMENAME, you can add the partials
# included with a module by uncommenting and modifying one of the lines below:
#add_import_path "../../../default/modules/FOO"
#add_import_path "../../../all/modules/FOO"
#add_import_path "../../../../modules/FOO"
##
## You probably don't need to edit anything below this.
##
# You can select your preferred output style here (can be overridden via the command line):
# output_style = :expanded or :nested or :compact or :compressed
output_style = (environment == :development) ? :expanded : :compressed
# To enable relative paths to assets via compass helper functions. Since Drupal
# themes can be installed in multiple locations, we don't need to worry about
# the absolute path to the theme from the server root.
relative_assets = true
# To disable debugging comments that display the original location of your selectors. Uncomment:
# line_comments = false
# Pass options to sass. For development, we turn on the FireSass-compatible
# debug_info if the firesass config variable above is true.
sass_options = (environment == :development && firesass == true) ? {:debug_info => true} : {}
I get an error when I run the command: compass watch:
NoMethodError on line ["17"] of K: undefined method `upload!' for #<Net::SSH::Co
nnection::Session:0x000000036bb220>
Run with --trace to see the full backtrace
I needed a solution for this too but did not find any satisfying answer anywhere.
After reading the Ruby Net::ssh documentation and some source of Compass, this is my solution to upload CSS and sourcemap to a remote SSH server with non-standard port and forced public-key authorisation:
First make sure you have the required gems installed
sudo gem install net-ssh net-sftp
then add this to your config.rb
# Add this to the first lines of your config.rb
require 'net/ssh'
require 'net/sftp'
...
# Your normal compass config comes here
...
# At the end of your config.rb add the config for the upload code
remote_theme_dir_absolute = '/path/to/my/remote/stylesheets'
sftp_host = 'ssh_host' # Can be an IP
sftp_user = 'ssh_user' # SFTP Username
on_stylesheet_saved do |filename|
# You can use the ssh-agent for authorisation.
# In this case you can remove the :passphrase from the config and set :use_agent => true.
Net::SFTP.start(
sftp_host,
sftp_user ,
:port => 10022,
:keys_only => true,
:keys => ['/path/to/my/private/id_rsa'],
:auth_methods => ['publickey'],
:passphrase => 'my_secret_passphrase',
:use_agent => false,
:verbose => :warn
) do |sftp|
puts sftp.upload! css_dir + '/app.css', remote_theme_dir_absolute + '/' + 'app.css'
end
end
on_sourcemap_saved do |filename|
# You can use the ssh-agent for authorisation.
# In this case you can remove the :passphrase from the config and set :use_agent true.
Net::SFTP.start(
sftp_host,
sftp_user ,
:port => 10022,
:keys_only => true,
:keys => ['/path/to/my/private/id_rsa'],
:auth_methods => ['publickey'],
:passphrase => 'my_secret_passphrase',
:use_agent => false,
:verbose => :warn
) do |sftp|
puts sftp.upload! css_dir + '/app.css.map', remote_theme_dir_absolute + '/' + 'app.css.map'
end
end
It was quite some trial and error until this worked for me.
Some points of failure were:
If no ssh-agent is available connection will fail until you set :ssh_agent => false explicitly
If you do not limit the available keys with :keys all available keys will be tried one after another. If you use the ssh-agent and have more than 3 keys installed chanches are high that the remote server will close the connection if you try too much keys that are not valid for the server you currently connect.
On any connection issue set verbosity level to :verbose => :debug to see what is going on. Remember to stop the compass watch and restart to ensure configuration changes apply.
I am trying to get my Cucumber tests to work on BrowserStack. The problem is that our test environments are all behind a VPN. BrowserStack's docs say, just set up local testing and it will just work!. It doesn't. The tests start up, but they are not being rerouted through my local machine to pick up my vpn credentials.
I downloaded the binary as instructed by BrowserStack. I started it up with the command
~ ./BrowserStackLocal <my BS key> -forcelocal
Then I run my test with (in a different terminal window):
bundle exec cucumber CURRENT_BROWSER=browserstack features/01_login.feature
my env.rb looks like this:
require 'cucumber/rails'
Capybara.default_selector = :css
cb = ENV['CURRENT_BROWSER']
testbrowser = cb ? cb.downcase.to_sym : :firefox
puts "-------------- current browser: #{testbrowser}........."
Capybara.register_driver :selenium do |app|
if RbConfig::CONFIG['host_os'][/linux/] && testbrowser.to_s.eql?("CHROME".downcase)
Capybara::Selenium::Driver.new(app, {:browser => :remote, :url => "http://127.0.0.1:9515"})
else
if testbrowser.eql?(:chrome)
prefs = {
:download => {
:prompt_for_download => false,
:default_directory => DownloadHelpers::PATH.to_s
}
}
Capybara::Selenium::Driver.new(app, :browser => :chrome, :prefs => prefs, :switches => %w[--test-type])
elsif testbrowser.eql?(:browserstack)
stackToUse = ENV['BS_STACK'] || 'ie_9'
json = JSON.load(open(File.expand_path(File.join(File.dirname(__FILE__), '..', '..', 'browsers.json'))))
config = json[stackToUse]
unless config
puts "invalid BS_STACK specified. Was '#{stackToUse}'"
return
end
# Add default config
config['name'] = "#{config['os']} #{config['os_version']} - #{Time.now.strftime '%Y-%m-%d %H:%M'}"
config['acceptSslCert'] = true
config['browserstack.debug'] = true
Capybara::Selenium::Driver.new(app, :browser => :remote, :desired_capabilities => config, :url => "http://<BS_USERNAME>:<BS_PASSKEY>#hub.browserstack.com/wd/hub")
elsif testbrowser.eql?(:internetexplorer)
Capybara::Selenium::Driver.new(app, :browser => :internetexplorer, :switches => %w[--test-type])
else
profile = Selenium::WebDriver::Firefox::Profile.new
profile
profile["browser.download.dir"] = DownloadHelpers::PATH.to_s
profile["browser.download.folderList"] = 2 # 2 - save to user defined location
profile["browser.download.manager.alertOnEXEOpen"] = false
profile["browser.helperApps.neverAsk.saveToDisk"] = "application/msword, application/csv, application/ris, text/csv, image/png, application/pdf, text/html, text/plain, application/zip, application/x-zip, application/x-zip-compressed, application/download, application/octet-stream, data:application/csv"
profile["browser.helperApps.alwaysAsk.force"] = false
profile["browser.download.manager.showWhenStarting"] = false
profile["browser.download.manager.focusWhenStarting"] = false
profile["browser.download.useDownloadDir"] = true
profile["browser.download.manager.alertOnEXEOpen"] = false
profile["browser.download.manager.closeWhenDone"] = true
profile["browser.download.manager.showAlertOnComplete"] = false
profile["browser.download.manager.useWindow"] = false
profile["services.sync.prefs.sync.browser.download.manager.showWhenStarting"] = false
profile["pdfjs.disabled"] = true
Capybara::Selenium::Driver.new(app, :browser => testbrowser, :profile => profile)
end
end
end
ActionController::Base.allow_rescue = false
# Remove/comment out the lines below if your app doesn't have a database.
# For some databases (like MongoDB and CouchDB) you may need to use :truncation instead.
begin
DatabaseCleaner.strategy = :transaction
rescue NameError
raise "You need to add database_cleaner to your Gemfile (in the :test group) if you wish to use it."
end
# You may also want to configure DatabaseCleaner to use different strategies for certain features and scenarios.
# See the DatabaseCleaner documentation for details. Example:
#
# Before('#no-txn,#selenium,#culerity,#celerity,#javascript') do
# # { :except => [:widgets] } may not do what you expect here
# # as tCucumber::Rails::Database.javascript_strategy overrides
# # this setting.
# DatabaseCleaner.strategy = :truncation
# end
#
# Before('~#no-txn', '~#selenium', '~#culerity', '~#celerity', '~#javascript') do
# DatabaseCleaner.strategy = :transaction
# end
#
# Possible values are :truncation and :transaction
# The :transaction strategy is faster, but might give you threading problems.
# See https://github.com/cucumber/cucumber-rails/blob/master/features/choose_javascript_database_strategy.feature
Cucumber::Rails::Database.javascript_strategy = :truncation
Other people use these same tests and we have written dozens, so making sure that I can still run these tests locally is paramount.
When I do run the tests, it begins to run on browserstack, but it can't reach any of the sites I have tried telling it to reach. Including http://localhost:3000/login I have contacted BrowserStack support and they asked if I had set up local testing.
The only error I am getting is that the test can't find the CSS element to login. When I watched the automated test through browserstack I can see that it isn't reaching the page. It just says "Oops! This link appears to be broken." Any suggestions would be most appreciated.
The support at BrowserStack got back to me. I had to had another config property like so to the env.rb:
config['browserstack.local'] = true
Now my only problem is that none of the features that we wrote seem to work on IE. So I can test chrome or firefox on browserstack, but I already had that capability set up.
For instance, the following example code returns 0:
require 'feedjira'
feed_parsed = Feedjira::Feed.fetch_and_parse("https://news.yahoo.com/rss/topstories")
puts feed_parsed
Set ssl_verify_peer to false and that successfully accesses the file. For instance:
require 'feedjira'
feed_parsed = Feedjira::Feed.fetch_and_parse("https://news.yahoo.com/rss/topstories", {:ssl_verify_peer => false})
puts feed_parsed
I am trying to connect via Net::FTPTLS to a Microsoft-based file server (IIS) which is configured to use FTP on port 22 and requires SSL.
I connect via:
require 'net/ftptls'
ftp = Net::FTPTLS.new()
ftp.connect('host.com', port_number)
ftp.login('Username', 'Password')
ftp.puttextfile('somefile.txt', 'where/to/save/somefile.txt')
ftp.close
Problem is, I get the following error:
hostname does not match the server certificate
It seems that I have to disable the openssl peer verification: OpenSSL::SSL::VERIFY_PEER should become OpenSSL::SSL::VERIFY_NONE.
Any ideas on how to monkey-patch the Net::FTPTLS class? Has anyone done this successfully?
Instead using Net::FTPTLS, use Ruby 2.4+ with the following code:
require 'net/ftp'
ftp = Net::FTP.new(nil, ssl: {:verify_mode => OpenSSL::SSL::VERIFY_NONE})
ftp.connect('host.com', port_number)
ftp.login('Username', 'Password')
ftp.puttextfile('somefile.txt', 'where/to/save/somefile.txt')
ftp.close
What I did, rather than monkeypatching ruby itself, was bring a copy of this into /lib of my project.
module Net
class FTPTLS < FTP
def connect(host, port=FTP_PORT)
#hostname = host
super
end
def login(user = "anonymous", params = {:password => nil, :acct => nil, :ignore_cert => false})
store = OpenSSL::X509::Store.new
store.set_default_paths
ctx = OpenSSL::SSL::SSLContext.new('SSLv23')
ctx.cert_store = store
ctx.verify_mode = params[:ignore_cert] ? OpenSSL::SSL::VERIFY_NONE : OpenSSL::SSL::VERIFY_PEER
ctx.key = nil
ctx.cert = nil
voidcmd("AUTH TLS")
#sock = OpenSSL::SSL::SSLSocket.new(#sock, ctx)
#sock.connect
#sock.post_connection_check(#hostname) unless params[:ignore_cert]
super(user, params[:password], params[:acct])
voidcmd("PBSZ 0")
end
end
end
I also cleaned up the param passing a bit. You would use this like so:
require 'ftptls' # Use my local version, not net/ftptls
#ftp_connection = Net::FTPTLS.new()
#ftp_connection.passive = true
#ftp_connection.connect(host, 21)
#ftp_connection.login('user', :password => 'pass', :ignore_cert => true)
HTH
This works fine for me. #ROR
ftp = Net::FTP.new("ftps.host.com", ftp_options)
open("where/is/your/file/somefile.txt") do |file_data|
ftp.putbinaryfile(file_data, 'where/to/save/somefile.txt')
end
ftp.puttextfile('somefile.txt', 'where/to/save/somefile.txt')
def ftp_options
{
port: FTP_PORT,
username: 'ftp_user',
password: 'password',
passive: true,
ssl: { verify_mode: 0 }
}
end
Remember that you have to provide ftps.hostname.com.