SSL issue with app running Apache/Ruby on Rails/Mysql/Passenger

Discussion in 'Security' started by NDS, Feb 3, 2011.

0
  1. #1
    Hello All -

    This is my first post into this forum and I'm hoping someone can help. I currently have a RoR app that runs on Ubuntu with Apache, Passenger and Mysql. The issue is causing me to bang my head against the wall. Suffice to say however I don't know if this is a Apache/SSL issue or a Apache/MySQL issue or what so any help is appreciated.


    For all of our development, we have been running the
    app via port 80 and all has worked fine. Now I need to implement SSL so
    I got a certificate from a CA and installed it without any problems.
    However when I bring up the application in a browser, the application
    doesn't seem like it connects to MySQL. The page loads and I see the
    security lock but the menue (which is derived from MySQL) doesn't load.
    I have successfully made sure that the rails app can connect to MySQL
    via command line by running ActiveRecord::Base.connection via the
    console and it connects using the mysql socket. The MySQL is running on
    the same server as the app so no outside connection is needed. If I
    change my VHost back to port 80, everything runs correctly and it
    connects to the db. I've looked into the logs for the app and notice
    that even though I connect using https:// the app logs show http:. I
    know SSL is working correctly in Apache because I can put up a plain
    jane webiste using SSL and it comes up but when using this app
    connecting to MySQL and https I get errors in the app and menus don't load.






    <virtualhost *:443>
    SSLEngine On
    SSLCertificateFile /etc/apache2/ssl/domain.com.crt
    SSLCertificateKeyFile /etc/apache2/ssl/domain.key

    ServerAdmin admin@localhost
    ServerName test.domain.com
    DocumentRoot /home/sysadmin/projects/App/public
    <directory /home/sysadmin/projects/App/public>
    Options FollowSymLinks
    AllowOverride None
    RAILSENV production
    </directory>

    ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
    <directory "/usr/lib/cgi-bin">
    AllowOverride None
    Options ExecCGI -MultiViews +SymLinksIfOwnerMatch
    Order allow,deny
    Allow from all
    </directory>

    ErrorLog /var/log/apache2/error.log

    # Possible values include: debug, info, notice, warn, error, crit,
    # alert, emerg.
    LogLevel warn

    CustomLog /var/log/apache2/access.log combined
    ServerSignature On

    Alias /doc/ "/usr/share/doc/"
    <directory "/usr/share/doc/">
    Options Indexes MultiViews FollowSymLinks
    AllowOverride None
    Order deny,allow
    Deny from all
    Allow from 127.0.0.0/255.0.0.0 ::1/128
    </directory>

    </virtualhost>
     
    NDS, Feb 3, 2011 IP