Switching from builtin ssl using thin to an approach that assumes an ssl proxy server in front. Working nginx example included. This should help keep development simple until you have to go ssl, and then it'll be more like a prod system would look.

tmecklem · tmecklem · commit c00475b043f6 · 2014-02-28T21:29:49.000-05:00
diff --git a/Gemfile b/Gemfile
@@ -43,7 +43,6 @@ group :development, :test do
   gem 'terminal-notifier-guard'
 end
 
-gem 'thin' #development ssl support
 gem 'whenever', '~> 0.9.0' #cron
 gem 'browser', '~> 0.4.0' #device family detection
 
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -52,10 +52,8 @@ GEM
       coffee-script-source
       execjs
     coffee-script-source (1.7.0)
-    daemons (1.1.9)
     diff-lcs (1.2.5)
     erubis (2.7.0)
-    eventmachine (1.0.3)
     execjs (2.0.2)
     ffi (1.9.3)
     formatador (0.2.4)
@@ -164,10 +162,6 @@ GEM
       sprockets (~> 2.8)
     sqlite3 (1.3.8)
     terminal-notifier-guard (1.5.3)
-    thin (1.6.1)
-      daemons (>= 1.0.9)
-      eventmachine (>= 1.0.0)
-      rack (>= 1.0.0)
     thor (0.18.1)
     thread_safe (0.1.3)
       atomic
@@ -205,7 +199,6 @@ DEPENDENCIES
   sdoc
   sqlite3
   terminal-notifier-guard
-  thin
   turbolinks
   uglifier (>= 1.3.0)
   version_sorter (~> 1.1.0)
diff --git a/Guardfile b/Guardfile
@@ -1,10 +1,10 @@
 # A sample Guardfile
 # More info at https://github.com/guard/guard#readme
 
-#guard 'rails', :server => :thin do
-#  watch('Gemfile.lock')
-#  watch(%r{^(config|lib)/.*})
-#end
+guard 'rails' do
+  watch('Gemfile.lock')
+  watch(%r{^(config|lib)/.*})
+end
 
 
 guard :rspec do
diff --git a/ssl/instructions.txt b/ssl/instructions.txt
@@ -1,26 +1,28 @@
-1. Generate Key, CSR, then crt. Make sure the FQDN matches the hostname of the computer, or mobile safari will reject it even if you trust the cert at a system level
-
-------
-
-openssl genrsa -out server.key 2048
-openssl req -new -key server.key -out server.csr
-openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
-
-------
-
-2. copy the crt to the public folder
-
-------
-
-cp server.crt ../public/
-
-------
-
-
-3. start thin from the root directory of shipmate using 
-
-------
-
-thin start -p 3001 --ssl --ssl-key-file ssl/server.key --ssl-cert-file ssl/server.crt
-
-------
+If you want to test this with iOS 7.1+ apps, you need to front the rails server with an ssl proxy.
+
+Here's a sample nginx server config section
+
+    server {
+        listen 443;
+        ssl on;
+        server_name localhost; 
+
+        #path to your certificate
+        ssl_certificate /usr/local/etc/nginx/ssl/server.crt; 
+        # path to your ssl key
+        ssl_certificate_key /usr/local/etc/nginx/ssl/server.key; 
+
+        # put the rest of your server configuration here.
+
+        root         /dev/null;
+
+        location / {
+            # set X-FORWARDED_PROTO so ssl_requirement plugin works
+            proxy_set_header X-FORWARDED_PROTO https;
+            proxy_set_header  X-Real-IP        $remote_addr;
+            proxy_set_header  X-Forwarded-For  $proxy_add_x_forwarded_for;
+            proxy_set_header  Host             $http_host;
+            proxy_redirect    off;
+            proxy_pass        http://localhost:3000;
+        }
+    }
