Running passenger with multiple different ruby versions apache nginx rvm

It’s becoming more and more of a requirement to run different apps under different versions of ruby
One one project I have needed to take the plunge with Ruby 1.9 for unicode support.

This is no big deal really because Passenger and Rails 3 are pretty stable on Ruby 1.9, however, I still have apps that need 1.8 for various reasons I wont go into.

As it stands, Passenger does not support running apps under different interpreters using the apache or nginx modules, I came across this article

I’m going to try and simplify by just giving installation instructions, but if you want a bit more in-depth info as to the reason for this process head on over to Phusion’s blog.

First of all your going to need RVM and passenger module installed on your apache/nginx instance, I’m going to assume you’ve already got this working and the reason your here is to use multiple different versions of the ruby interpreter with passenger.
NOTE: You should be using the interpreter used for the majority of your apps as the base apache or nginx passenger ruby

Lets assume we already have a working app using passenger with ruby 1.8.7 and we want to get another app running but using ruby 1.9.2

So here’s our basic configuration:

1
2
3
4
5
6
7
8
9
10
11
12
# Basic Apache configuration
PassengerRuby /home/user/.rvm/wrappers/ruby-1.8.7-p330/ruby

<VirtualHost *:80>
  ServerName foo.com
  DocumentRoot /home/user/apps/foo.com/public
</VirtualHost>

<VirtualHost *:80>
  ServerName bar.com
  DocumentRoot /home/user/apps/bar.com/public
</VirtualHost>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
# Basic Nginx configuration
passenger_ruby /home/user/.rvm/wrappers/ruby-1.8.7-p330/ruby

server {
    listen 80;
    server_name www.foo.com;
    root /home/user/apps/foo.com/public;
    passenger_enabled on;
}

server {
    listen 80;
    server_name www.bar.com;
    root /home/user/apps/bar.com/public;
    passenger_enabled on;
}

Now lets setup bar.com so that it’s using the ruby 1.9.2 interpreter

# setup 1.9.2 and run passenger standalone
$ rvm install ruby-1.9.2 # if you don't already have it
$ rvm use 1.9.2
$ cd /home/user/apps/bar.com
$ passenger start -a 127.0.0.1 -p 3000 -d

Update our web server config to use proxy pass

1
2
3
4
5
6
7
8
# Updated Apache configuration
<VirtualHost *:80>
    ServerName www.bar.com
    DocumentRoot /home/user/webapps/bar.com/public
    PassengerEnabled off
    ProxyPass / http://127.0.0.1:3000/
    ProxyPassReverse / http://127.0.0.1:3000/
</VirtualHost>
1
2
3
4
5
6
7
8
9
10
# Updated Nginx configuration
server {
    listen 80;
    server_name www.bar.com;
    root /home/user/webapps/bar.com/public;
    location / {
        proxy_pass http://127.0.0.1:3001;
        proxy_set_header Host $host;
    }
}

Deploying your app, bundle and reload your apache or nginx instance.
Then point your browser to `bar.com` If you’ve followed all the steps, you’ll have foo.com using 1.8.7 and bar.com using 1.9.2

Add https (ssl) support to your osx mac development machine with signed certificate

It became apparent that getting mod_ssl working correctly without browser warnings when developing sites that take payments is a bit of pain. Mainly because there is no free way to have a root authority sign your Certificate Signing Request (CSR).

There is how ever a short cut, given that you are using Apache, mod_ssl, openssl and Firefox.

We’re going to generate our own Certificate Authority (CA), this is CA is only going to work for us so if your generating a certificate for production, you’ll need to send your CSR to a proper CA such as VeriSign

Step1, Make a temporary folder we can work in.

cd ~/Desktop/ssltemp

Step2, generate our private key

openssl genrsa -des3 -out server.key 1024

You will be asked for a passphrase in the creation of this key. (just use 12345) or anything butdo not forget this passphrase! You’ll have to do this all over if you forget the passphrase. You will need this passphrase later on in the process.

Step3, generate a CSR from our private key

openssl req -new -key server.key -out server.csr

you’ll be asked for the following information:

Country Name (2 letter code) [AU]: (enter your country code here)
State or Province Name (full name) [Some-State]: (Enter your state here)
Locality Name (eg, city) []: (enter your city here)
Organization Name (eg, company) [Internet Widgits Pty Ltd]: (enter something here)
Organizational Unit Name (eg, section) []: (enter something here)
Common Name (eg, YOUR name) []: (this is the important one)
Email Address []: (your e-mail address)

Make sure you fill in `Common Name` with your domain you want this certificate for, this should match your apache vhost `ServerName` setting

Now, looking at the directory we’re working in, you should have the following:

[rob:~/Desktop/ssltemp] ls -la
total 12
drwxr-xr-x    5 rob      staff         126 Nov 14 17:01 .
drwx------   38 rob      staff       1248 Nov 14 16:57 ..
-rw-r--r--    1 rob      staff         729 Nov 14 17:01 server.csr
-rw-r--r--    1 rob      staff         963 Nov 14 16:59 server.key

Step4, create the private key for our CA

openssl genrsa -des3 -out ca.key 1024

Again, you’ll be asked for a passphrase, which, again, you should not forget.

Step5, create CA certificate using the key we just made

openssl req -new -x509 -days 365 -key ca.key -out ca.crt

You will be asked for similar information you were asked for when we make the web server certificate earlier; this information should be about you, enter something like the following

Country Name (2 letter code) [AU]:GB
State or Province Name (full name) [Some-State]:Cheshire
Locality Name (eg, city) []:Stockport
Organization Name (eg, company) [Internet Widgits Pty Ltd]:My CA
Organizational Unit Name (eg, section) []:My CA for Dev
Common Name (eg, YOUR name) []:Rob Aldred
Email Address []:raldred@gmail.com

Now you will have 4 files your directory; server.key, server.csr, ca.key, ca.crt
Next is the important park, signing our certificate request.

The easiest way to do this is to use the sign.sh script contained in the mod_ssl source,
or you can get it here: sign.sh
copy the script to the working directory

Step6, make sign.sh executable and sign our CSR

chmod +x sign.sh
./sign.sh server.csr

you should get something like the following:

CA signing: server.csr -&gt; server.crt:
Using configuration from ca.config
Enter PEM pass phrase:
Check that the request matches the signature
Signature ok
The Subjects Distinguished Name is as follows
countryName           :PRINTABLE:'GB'
stateOrProvinceName   :PRINTABLE:'Cheshire'
localityName          :PRINTABLE:'Stockport'
organizationName      :PRINTABLE:'Testing'
organizationalUnitName:PRINTABLE:'Testing'
commonName            :PRINTABLE:'localhost'
emailAddress          :IA5STRING:'raldred@gmail.com'
Certificate is to be certified until Nov 14 23:09:20 2010 GMT (365 days)
Sign the certificate? [y/n]:y

1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
CA verifying: server.crt &lt;-&gt; CA cert
server.crt: OK

Answer ‘y’ to the question asking to Sign the certificate [y/n]

Step7, remove password requirement from server key

cp server.key server.key.original
openssl rsa -in server.key.original -out server.key

you be asked for the passphase

Step8, copy files to our webserver

sudo mkdir /etc/apache2/certs
sudo cp -r * /etc/apache2/certs/

Step9, add the configuration to your VirtualHost block listening on the SSL port 443

SSLEngine on
SSLCertificateFile "/etc/apache2/certs/server.crt"
SSLCertificateKeyFile "/etc/apache2/certs/server.key"
SSLCACertificateFile "/etc/apache2/certs/ca.crt"

Step10, Tell apache to listen on 443
By default there is a file in /etc/apache2/extras called httpd-ssl.conf
this needs to edited and included in /etc/apache2/httpd.conf its commented out initially.

Depending where you are defining your VirtualHost blocks
Comment out or remove the _default_ virtualHost block in httpd-ssl.conf, this will cause errors when starting apache because we have no configured certificate for the example apache provites

Edit your httpd.conf to include the etc/httpd-ssl.conf file, scroll to the bottom the file, you’ll notice its commented out at around line #476

# Secure (SSL/TLS) connections
# Include /private/etc/apache2/extra/httpd-ssl.conf

Just remove the # and move onto the next step

I use a seperate vhosts folder in extra, containing individual conf files for each virtualhost, they are included in the extra/httpd-vhosts.conf files using the following:

Include /private/etc/apache2/extra/vhosts/*.conf

Step10, restart apache

sudo apachectl restart

Step11, (a few steps in itself) Add our CA to Firefox so it think its a trusted authority
Go to Preferences (Cmd + ,)
Go to Advanced
Go to Encryption
Click ‘View Certificates’
Choose the ‘Authorities’ tab
Click ‘Import’
Hit Shift + Cmd + g to open the go to folder window
Enter ‘/etc/apache2/certs’ (You might be asked to authenticate with your system password)
Select the ca.crt file we generated earlier and click ‘Open’
Firefox will ask you:
Do you want to trust “My CA” for the following purposes?
Just select Trust this CA to identify websites
Click ‘OK’
Restart your browser

If you’ve followed everything correctly when you go to https://localhost (or whatever CommonName you specified)
You will get a ssl encrypted site and no warnings about the certificate not being trusted.

Example showing a local vhost with a verified cert
Example showing a local vhost with a verified cert

If apache doesn’t come backup then apache’s config checks program is your best friend.

/usr/sbin/httpd -S