Using private_pub with SSL

2019-07-18 10:33发布

站内问答 / 前端开发
653 2 6

I have setup private pub with SSL according to https://github.com/ryanb/private_pub#serving-faye-over-https-with-thin, also adding in daemonize: true (tested with and without).

I can browse to https://mydomain.com:4443/faye.js and that loads.

There are no errors on the page.

However, nothing is actually working i.e. no real time events trigger. When trying to PrivatePub.publish_to in the console I get:

OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed

When I run the thin server un-daemonized I can see it returns <SSL_incomp> when trying to publish_to.

The SSL on the server is working correctly, how do I go about fixing this?

2条回答
Animai°情兽
2楼-- · 2019-07-18 10:42

I managed to solve this by appending the contents of the ca-bundle to the crt file specified in the slim config

查看更多
0人赞 添加讨论(0) 举报
迷人小祖宗
3楼-- · 2019-07-18 10:54

Please find the proper approach to resolve this issue.

When you use only yourdomain.crt file, private_pub wont work while its doing handshake with rails server.

So your SSL Certificate provider will provide you either the intermediate.crt or CAbundle files.

Just do If you have ca-bundle file provided by CA

*cat yourdomain.crt whatever.ca-bundle > yourdomainfinal.crt*

If you have intermediate certificate

*cat yourdomain.crt intermediate.crt > yourdomainfinal.crt*

Then use the yourdomainfinal.crt and your private key yourdomain.key for pointing to the ssl verify while running the server.

Please find the block for thin server

---
chdir: "/home/your/project/path"
environment: "your environment"
timeout: 30
log: "/home/your/project/path/log/thin.log"
pid: /home/your/project/path/tmp/pids/thin.pid
max_conns: 1024
require: []

max_persistent_conns: 1000
wait: 30
threadpool_size: 20
servers: 1
threaded: true
socket: /tmp/thin.sock

ssl: true
ssl_key_file: /home/your/project/path/ssl/yourdomain.key
ssl_cert_file: /home/your/project/path/ssl/yourdomainfinal.crt

For Private pub

To use private pub over the ssl, please use the below configuration in the private_pub_thin.yml

---
port: 4443
ssl: true
ssl_key_file: /path/to/yourdomain.key
ssl_cert_file: /path/to/yourdomainfinal.crt
environment: "your environment"
rackup: private_pub.ru

And then run the server with the following command

*thin -C config/private_pub_thin.yml start*

If you are using bundler please don't forget to use

*RAILS_ENV="your environment" bundle exec thin -C config/private_pub_thin.yml start*

The above command is important when you are using bundler, if you don't do it then your private pub will start and no issues while running server, but it wont publish messages. That's what I observed.

And note, please check weather you have port 4443 allowed in firewall settings in your server using **sudo ufw status**

Thats it!!! if you followed all the above specified steps you should have private_pub working on production or uat over SSL.

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(6)