自己动手写Redmine https服务端
来由:
Redmine默认采用了Webrick服务器,默认启动只支持http服务,但在某些时候,项目管理有较高的保密要求(这里暂且不考虑效率问题),需要开启https服务。网络上介绍开启Redmine https的文章并不少,但是由于软件和操作系统的版本区别,修改方式各不相同,甚至需要修改的文件名称都不相同。这样,与其照网络上的文章修改,不如自己写一个服务脚本。
软件列表:
Ruby,Gem,rails,openssl等依赖软件。
Ruby快速入门:
http://tech.ddvip.com/2008-01/120059715340597.html
(假设redmine放在/home/fify/redmine目录下)
0. 首先将pwd定位到/home/fify/redmine/config/certs目录下
mkdir /home/fify/redmine/config/certs cd /home/fify/redmine/config/certs
1. 创建RSA私钥
openssl genrsa -des3 -out server.key 1024
2. 创建CSR(Certificate signing request)
openssl req -new -key server.key -out server.csr
3. 去掉私钥中的passphrase
cp server.key server.key.org openssl rsa -in server.key.org -out server.key
4. 创建自签名认证证书
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
此时,改目录下的工作已经完成,转移到redmine目录:
cd /home/fify/redmine
5. 创建Webrick启动脚本
vi script/server_ssl
以下是ruby脚本代码:
#!/usr/bin/env ruby require File.dirname(__FILE__) + '/../config/boot' require 'webrick' # 包含必须的库 require 'webrick/https' require 'optparse' puts "=> Booting WEBrick..." OPTIONS = { # 端口号 :port => 3001, # 监听主机地址 :Host => "0.0.0.0", :environment => (ENV['RAILS_ENV'] || "development").dup, # 存放redmine中public的路径,这里采用相对路径,保证可移植性 :server_root => File.expand_path(File.dirname(__FILE__) + "/../public/"), # 存放私钥的地址 :pkey => OpenSSL::PKey::RSA.new( File.open(File.dirname(__FILE__) + "/../config/certs/server.key").read), # 存放签名证书的地址 :cert => OpenSSL::X509::Certificate.new( File.open(File.dirname(__FILE__) + "/../config/certs/server.crt").read), :server_type => WEBrick::SimpleServer, :charset => "UTF-8", :mime_types => WEBrick::HTTPUtils::DefaultMimeTypes, :config => RAILS_ROOT + "/config.ru", :detach => false, :debugger => false, :path => nil } # 以下读入命令行参数 ARGV.clone.options do |opts| opts.on("-p", "--port=port", Integer, "Runs Rails on the specified port.", "Default: 3001") { |v| OPTIONS[:Port] = v } opts.on("-b", "--binding=ip", String, "Binds Rails to the specified ip.", "Default: 0.0.0.0") { |v| OPTIONS[:Host] = v } opts.on("-d", "--daemon", "Make server run as a Daemon.") { OPTIONS[:detach] = true } opts.on("-u", "--debugger", "Enable ruby-debugging for the server.") { OPTIONS[:debugger] = true } opts.on("-e", "--environment=name", String, "Specifies the environment to run this server under (test/development/production).", "Default: development") { |v| OPTIONS[:environment] = v } opts.separator "" opts.on("-h", "--help", "Show this help message.") { puts opts; exit } opts.parse! end # 设置启动环境,production或development等 ENV["RAILS_ENV"] = OPTIONS[:environment] RAILS_ENV.replace(OPTIONS[:environment]) if defined?(RAILS_ENV) # 读取redmine配置文件 require File.dirname(__FILE__) + "/../config/environment" require 'webrick_server' require 'webrick/https' OPTIONS['working_directory'] = File.expand_path(File.dirname(__FILE__)) # 初始化带SSL的webrick服务器 class SSLDispatchServlet < DispatchServlet def self.dispatch(options) Socket.do_not_reverse_lookup = true server = WEBrick::HTTPServer.new( :Port => options[:port].to_i, :ServerType => options[:server_type], :BindAddress => options[:Host], :SSLEnable => true, :SSLVerifyClient => OpenSSL::SSL::VERIFY_NONE, :SSLCertificate => options[:cert], :SSLPrivateKey => options[:pkey], :SSLCertName => [ [ "CN", WEBrick::Utils::getservername ] ] ) server.mount('/', DispatchServlet, options) trap("INT") { server.shutdown } server.start end end # 输出启动提示 puts "=> Rails #{Rails.version} application starting on https://#{OPTIONS[:Host]}:#{OPTIONS[:port]}" # 如果用户在命令行输入“-d”参数,则程序将在后台运行 if OPTIONS[:detach] Process.daemon pid = "#{RAILS_ROOT}/tmp/pids/server.pid" File.open(pid, 'w'){ |f| f.write(Process.pid) } at_exit { File.delete(pid) if File.exist?(pid) } end # 没有“-d”参数时在终端输出提示,此时可以通过“ctrl+c”关闭服务器 puts "=> Call with -d to detach" trap(:INT) { exit } puts "=> Ctrl-C to shutdown" # 启动webrick服务器 SSLDispatchServlet.dispatch(OPTIONS)
6. 将脚本参数设置为可执行
chmod +x script/server_ssl
7. 启动Ruby脚本
ruby script/server_ssl -e production // 在终端运行 或 ruby script/server_ssl -e production -d // 在后台运行
参考:
1. http://www.zunisoft.com/?p=740&cpage=1
2. (CentOS5)/usr/lib/ruby/gems/1.8/gems/rails-2.3.5/lib/commands/server.rb