├── .gitignore ├── Gemfile ├── Gemfile.lock ├── MIT-LICENSE ├── README.md ├── Rakefile ├── app ├── assets │ ├── config │ │ └── heroku_ssl_manifest.js │ ├── images │ │ └── heroku_ssl │ │ │ └── .keep │ ├── javascripts │ │ └── heroku_ssl │ │ │ ├── application.js │ │ │ └── heroku_ssl.js │ └── stylesheets │ │ └── heroku_ssl │ │ ├── application.css │ │ └── heroku_ssl.css ├── controllers │ └── heroku_ssl │ │ ├── application_controller.rb │ │ └── heroku_ssl_controller.rb ├── helpers │ └── heroku_ssl │ │ ├── application_helper.rb │ │ └── heroku_ssl_helper.rb ├── jobs │ └── heroku_ssl │ │ └── application_job.rb ├── mailers │ └── heroku_ssl │ │ └── application_mailer.rb ├── models │ └── heroku_ssl │ │ └── application_record.rb └── views │ └── layouts │ └── heroku_ssl │ └── application.html.erb ├── bin └── rails ├── config └── routes.rb ├── heroku_ssl.gemspec ├── lib ├── heroku_ssl.rb ├── heroku_ssl │ ├── engine.rb │ ├── ssl.rb │ └── version.rb └── tasks │ └── heroku_ssl_tasks.rake └── test ├── controllers └── heroku_ssl │ └── heroku_ssl_controller_test.rb ├── dummy ├── .generators ├── .rakeTasks ├── Rakefile ├── app │ ├── assets │ │ ├── config │ │ │ └── manifest.js │ │ ├── images │ │ │ └── .keep │ │ ├── javascripts │ │ │ ├── application.js │ │ │ ├── cable.js │ │ │ └── channels │ │ │ │ └── .keep │ │ └── stylesheets │ │ │ └── application.css │ ├── channels │ │ └── application_cable │ │ │ ├── channel.rb │ │ │ └── connection.rb │ ├── controllers │ │ ├── application_controller.rb │ │ └── concerns │ │ │ └── .keep │ ├── helpers │ │ └── application_helper.rb │ ├── jobs │ │ └── application_job.rb │ ├── mailers │ │ └── application_mailer.rb │ ├── models │ │ ├── application_record.rb │ │ └── concerns │ │ │ └── .keep │ └── views │ │ └── layouts │ │ ├── application.html.erb │ │ ├── mailer.html.erb │ │ └── mailer.text.erb ├── bin │ ├── bundle │ ├── rails │ ├── rake │ ├── setup │ └── update ├── config.ru ├── config │ ├── application.rb │ ├── boot.rb │ ├── cable.yml │ ├── database.yml │ ├── environment.rb │ ├── environments │ │ ├── development.rb │ │ ├── production.rb │ │ └── test.rb │ ├── initializers │ │ ├── application_controller_renderer.rb │ │ ├── assets.rb │ │ ├── backtrace_silencers.rb │ │ ├── cookies_serializer.rb │ │ ├── filter_parameter_logging.rb │ │ ├── inflections.rb │ │ ├── mime_types.rb │ │ ├── new_framework_defaults.rb │ │ ├── session_store.rb │ │ └── wrap_parameters.rb │ ├── locales │ │ └── en.yml │ ├── puma.rb │ ├── routes.rb │ ├── secrets.yml │ └── spring.rb ├── lib │ └── assets │ │ └── .keep ├── log │ └── .keep └── public │ ├── 404.html │ ├── 422.html │ ├── 500.html │ ├── apple-touch-icon-precomposed.png │ ├── apple-touch-icon.png │ └── favicon.ico ├── heroku_ssl_test.rb ├── integration └── navigation_test.rb └── test_helper.rb /.gitignore: -------------------------------------------------------------------------------- 1 | .bundle/ 2 | log/*.log 3 | pkg/ 4 | test/dummy/db/*.sqlite3 5 | test/dummy/db/*.sqlite3-journal 6 | test/dummy/log/*.log 7 | test/dummy/tmp/ 8 | 9 | heroku_ssl-*.gem 10 | 11 | .DS_Store 12 | .DS_Store? 13 | ._* 14 | .Spotlight-V100 15 | .Trashes 16 | ehthumbs.db 17 | Thumbs.db 18 | desktop.ini 19 | 20 | 21 | .idea/appt.iml 22 | /.idea/* 23 | .idea/* 24 | .idea/workspace.xml 25 | **/.idea/workspace.xml 26 | heroku_ssl.iml 27 | -------------------------------------------------------------------------------- /Gemfile: -------------------------------------------------------------------------------- 1 | source 'https://rubygems.org' 2 | 3 | # Declare your gem's dependencies in heroku_ssl.gemspec. 4 | # Bundler will treat runtime dependencies like base dependencies, and 5 | # development dependencies will be added by default to the :development group. 6 | gemspec 7 | 8 | # Declare any dependencies that are still in development here instead of in 9 | # your gemspec. These might include edge Rails or gems from your path or 10 | # Git. Remember to move these dependencies to your gemspec before releasing 11 | # your gem to rubygems.org. 12 | 13 | # To use a debugger 14 | # gem 'byebug', group: [:development, :test] 15 | -------------------------------------------------------------------------------- /Gemfile.lock: -------------------------------------------------------------------------------- 1 | PATH 2 | remote: . 3 | specs: 4 | heroku_ssl (0.3.0) 5 | acme-client (~> 0.4.0) 6 | rails (>= 4.0.0) 7 | redis (>= 3.0) 8 | 9 | GEM 10 | remote: https://rubygems.org/ 11 | specs: 12 | acme-client (0.4.1) 13 | faraday (~> 0.9, >= 0.9.1) 14 | actioncable (5.0.0.1) 15 | actionpack (= 5.0.0.1) 16 | nio4r (~> 1.2) 17 | websocket-driver (~> 0.6.1) 18 | actionmailer (5.0.0.1) 19 | actionpack (= 5.0.0.1) 20 | actionview (= 5.0.0.1) 21 | activejob (= 5.0.0.1) 22 | mail (~> 2.5, >= 2.5.4) 23 | rails-dom-testing (~> 2.0) 24 | actionpack (5.0.0.1) 25 | actionview (= 5.0.0.1) 26 | activesupport (= 5.0.0.1) 27 | rack (~> 2.0) 28 | rack-test (~> 0.6.3) 29 | rails-dom-testing (~> 2.0) 30 | rails-html-sanitizer (~> 1.0, >= 1.0.2) 31 | actionview (5.0.0.1) 32 | activesupport (= 5.0.0.1) 33 | builder (~> 3.1) 34 | erubis (~> 2.7.0) 35 | rails-dom-testing (~> 2.0) 36 | rails-html-sanitizer (~> 1.0, >= 1.0.2) 37 | activejob (5.0.0.1) 38 | activesupport (= 5.0.0.1) 39 | globalid (>= 0.3.6) 40 | activemodel (5.0.0.1) 41 | activesupport (= 5.0.0.1) 42 | activerecord (5.0.0.1) 43 | activemodel (= 5.0.0.1) 44 | activesupport (= 5.0.0.1) 45 | arel (~> 7.0) 46 | activesupport (5.0.0.1) 47 | concurrent-ruby (~> 1.0, >= 1.0.2) 48 | i18n (~> 0.7) 49 | minitest (~> 5.1) 50 | tzinfo (~> 1.1) 51 | arel (7.1.4) 52 | builder (3.2.2) 53 | concurrent-ruby (1.0.2) 54 | erubis (2.7.0) 55 | faraday (0.10.0) 56 | multipart-post (>= 1.2, < 3) 57 | globalid (0.3.7) 58 | activesupport (>= 4.1.0) 59 | i18n (0.7.0) 60 | loofah (2.0.3) 61 | nokogiri (>= 1.5.9) 62 | mail (2.6.4) 63 | mime-types (>= 1.16, < 4) 64 | method_source (0.8.2) 65 | mime-types (3.1) 66 | mime-types-data (~> 3.2015) 67 | mime-types-data (3.2016.0521) 68 | mini_portile2 (2.1.0) 69 | minitest (5.9.1) 70 | multipart-post (2.0.0) 71 | nio4r (1.2.1) 72 | nokogiri (1.6.8.1) 73 | mini_portile2 (~> 2.1.0) 74 | rack (2.0.1) 75 | rack-test (0.6.3) 76 | rack (>= 1.0) 77 | rails (5.0.0.1) 78 | actioncable (= 5.0.0.1) 79 | actionmailer (= 5.0.0.1) 80 | actionpack (= 5.0.0.1) 81 | actionview (= 5.0.0.1) 82 | activejob (= 5.0.0.1) 83 | activemodel (= 5.0.0.1) 84 | activerecord (= 5.0.0.1) 85 | activesupport (= 5.0.0.1) 86 | bundler (>= 1.3.0, < 2.0) 87 | railties (= 5.0.0.1) 88 | sprockets-rails (>= 2.0.0) 89 | rails-dom-testing (2.0.1) 90 | activesupport (>= 4.2.0, < 6.0) 91 | nokogiri (~> 1.6.0) 92 | rails-html-sanitizer (1.0.3) 93 | loofah (~> 2.0) 94 | railties (5.0.0.1) 95 | actionpack (= 5.0.0.1) 96 | activesupport (= 5.0.0.1) 97 | method_source 98 | rake (>= 0.8.7) 99 | thor (>= 0.18.1, < 2.0) 100 | rake (11.3.0) 101 | redis (3.3.2) 102 | sprockets (3.7.0) 103 | concurrent-ruby (~> 1.0) 104 | rack (> 1, < 3) 105 | sprockets-rails (3.2.0) 106 | actionpack (>= 4.0) 107 | activesupport (>= 4.0) 108 | sprockets (>= 3.0.0) 109 | thor (0.19.1) 110 | thread_safe (0.3.5) 111 | tzinfo (1.2.2) 112 | thread_safe (~> 0.1) 113 | websocket-driver (0.6.4) 114 | websocket-extensions (>= 0.1.0) 115 | websocket-extensions (0.1.2) 116 | 117 | PLATFORMS 118 | ruby 119 | 120 | DEPENDENCIES 121 | heroku_ssl! 122 | 123 | BUNDLED WITH 124 | 1.12.5 125 | -------------------------------------------------------------------------------- /MIT-LICENSE: -------------------------------------------------------------------------------- 1 | Copyright 2016 Kai Marshland 2 | 3 | Permission is hereby granted, free of charge, to any person obtaining 4 | a copy of this software and associated documentation files (the 5 | "Software"), to deal in the Software without restriction, including 6 | without limitation the rights to use, copy, modify, merge, publish, 7 | distribute, sublicense, and/or sell copies of the Software, and to 8 | permit persons to whom the Software is furnished to do so, subject to 9 | the following conditions: 10 | 11 | The above copyright notice and this permission notice shall be 12 | included in all copies or substantial portions of the Software. 13 | 14 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 15 | EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 16 | MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 17 | NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE 18 | LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 19 | OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION 20 | WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 21 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # NOTE: Heroku now offers their own Let's Encrypt integration. We recommend using it instead 2 | This gem will no longer be kept updated. 3 | 4 | # Heroku SSL 5 | With the advent of free SSL from [Let's Encrypt](https://letsencrypt.org/), SSL should be as easy as clicking a button. 6 | This gem allows you to generate and add an SSL certificate simply by running a rake task. 7 | 8 | ## Usage on Heroku 9 | Add this gem to your gemfile, then deploy it to heroku. 10 | Add a free redis instance ([https://elements.heroku.com/addons/heroku-redis](https://elements.heroku.com/addons/heroku-redis)) if you do not have one. 11 | Then, you can simply run `rake heroku_ssl:update_certs` 12 | 13 | This should prompt you for everything you need to update your shiny new SSL certificate! 14 | The only thing left to do will be to [configure your DNS correctly](https://devcenter.heroku.com/articles/ssl-endpoint#dns-and-domain-configuration). 15 | You'll also want to make sure that the domain had been added to heroku with `heroku domains:add [your domain]` 16 | 17 | ## Usage outside of Heroku 18 | Although designed for Heroku, it can generate certificates on other providers. 19 | To do so, on your server, run `rake heroku_ssl:generate_certs`. 20 | This will print a JSON encoded set of PEM keys to the console. 21 | You can download these (you will likely want to use `privkey` and `fullchain` as your public and private keys respectively) 22 | and add them to your own servers and configure the DNS yourself. 23 | 24 | ## Installation 25 | Add this line to your application's Gemfile: 26 | 27 | ```ruby 28 | gem 'heroku_ssl' 29 | ``` 30 | 31 | And then execute: 32 | ```bash 33 | $ bundle install 34 | ``` 35 | 36 | It also requires one of the following: 37 | - The global variable `$redis` is set 38 | - The environment variable `REDIS_URL` is set 39 | - The environment variable `HEROKU_REDIS_URL` is set 40 | 41 | Note that this means you need to have a live version of redis; on Heroku the free tier will work: https://elements.heroku.com/addons/heroku-redis. 42 | 43 | ## Contributing 44 | Submit a pull request! 45 | 46 | ## FAQ 47 | 48 | ### Why do I need redis? 49 | To issue an SSL Certificate, Let's Encrypt needs to verify that you actually own the domain you say you do. 50 | It performs this verification by issuing a secret key to put at a given url on the server 51 | (eg make it render `foo` when a GET request is made to `/.well-known/acme-challenge/fop`). 52 | However, since most hosts, including Heroku, allow multiple servers running the same app, we can't just write a file, 53 | which would only affect one instance (in fact, if it were done through a rake task on heroku, 54 | it would be completely sandboxed from the running dyno); 55 | instead, we need to make sure all running servers know what the key is. 56 | We handle this synchronization through redis 57 | 58 | You can get rid of redis (in fact, you could even get rid of this entire gem) once your SSL certificate has been issued. 59 | Of course, you'll have to reinstall the gem when the certificate expires. 60 | 61 | ### How do I configure my DNS? 62 | You need to set a CNAME record in your DNS zone file that points to `[yourdomain].herokudns.com`. 63 | The DNS zone file specifies what urls get mapped to what servers on the domain name you own. 64 | If your site is already pointed to your Heroku app, there will already be a CNAME record; 65 | you just need to change where it points to. 66 | If not, you'll need to add a new line: 67 | ``` 68 | [subdomain] [TTL] IN CNAME [yourdomain].herokudns.com. 69 | ``` 70 | 71 | For example, I have 72 | ``` 73 | www 10800 IN CNAME www.kaimarshland.com.herokudns.com. 74 | ``` 75 | Which points the `www` subdomain (ie the www in [www.kaimarshland.com](https://www.kaimarshland.com)) to 76 | www.kaimarshland.com.herokudns.com. 77 | The TTL, or Time To Live, is set to 10800 seconds, which determines how long DNS information will be cached for. 78 | 79 | ### How can I add a certificate generated with this manually? 80 | After running `rake heroku_ssl:generate_certs` on your server, which will print out a JSON object with your generated 81 | certificates in it, you'll need to take the fullchain and the privkey and add them to your HTTP server. 82 | 83 | On nginx, this looks like creating a new server block something like: 84 | 85 | ``` 86 | server { 87 | ... 88 | 89 | listen 443 ssl; 90 | 91 | ssl_certificate /path/to/fullchain.pem; 92 | ssl_certificate_key /path/to/privkey.pem; 93 | 94 | ... 95 | } 96 | ``` 97 | 98 | On apache, this looks something like like: 99 | ``` 100 | 101 | ... 102 | 103 | SSLEngine on 104 | SSLCertificateFile /path/to/fullchain.pem 105 | SSLCertificateKeyFile /path/to/privkey.pem 106 | SSLCertificateChainFile /path/to/chain.pem 107 | 108 | ... 109 | 110 | ``` 111 | 112 | ### What's the deal with certificate expiration? 113 | Certificates expire after 90 days -- you can read about why on 114 | [Let's Encrypt](https://letsencrypt.org/2015/11/09/why-90-days.html). 115 | You'll get an email as the expiration date approaches, at which point you'll have to rerun `rake heroku_ssl:generate_certs`. 116 | We're looking into ways to renew the certificates automatically; however, at the moment the Heroku API doesn't let us. 117 | 118 | ## License 119 | The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT). 120 | -------------------------------------------------------------------------------- /Rakefile: -------------------------------------------------------------------------------- 1 | begin 2 | require 'bundler/setup' 3 | rescue LoadError 4 | puts 'You must `gem install bundler` and `bundle install` to run rake tasks' 5 | end 6 | 7 | require 'rdoc/task' 8 | 9 | RDoc::Task.new(:rdoc) do |rdoc| 10 | rdoc.rdoc_dir = 'rdoc' 11 | rdoc.title = 'HerokuSsl' 12 | rdoc.options << '--line-numbers' 13 | rdoc.rdoc_files.include('README.md') 14 | rdoc.rdoc_files.include('lib/**/*.rb') 15 | end 16 | 17 | APP_RAKEFILE = File.expand_path("../test/dummy/Rakefile", __FILE__) 18 | load 'rails/tasks/engine.rake' 19 | 20 | 21 | load 'rails/tasks/statistics.rake' 22 | 23 | 24 | require 'bundler/gem_tasks' 25 | 26 | require 'rake/testtask' 27 | 28 | Rake::TestTask.new(:test) do |t| 29 | t.libs << 'lib' 30 | t.libs << 'test' 31 | t.pattern = 'test/**/*_test.rb' 32 | t.verbose = false 33 | end 34 | 35 | 36 | task default: :test 37 | -------------------------------------------------------------------------------- /app/assets/config/heroku_ssl_manifest.js: -------------------------------------------------------------------------------- 1 | //= link_directory ../javascripts/heroku_ssl .js 2 | //= link_directory ../stylesheets/heroku_ssl .css 3 | -------------------------------------------------------------------------------- /app/assets/images/heroku_ssl/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KMarshland/heroku-ssl/2dba967a009d01aaa3a1aeb697eb7c4e34d494ee/app/assets/images/heroku_ssl/.keep -------------------------------------------------------------------------------- /app/assets/javascripts/heroku_ssl/application.js: -------------------------------------------------------------------------------- 1 | // This is a manifest file that'll be compiled into application.js, which will include all the files 2 | // listed below. 3 | // 4 | // Any JavaScript/Coffee file within this directory, lib/assets/javascripts, vendor/assets/javascripts, 5 | // or any plugin's vendor/assets/javascripts directory can be referenced here using a relative path. 6 | // 7 | // It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the 8 | // compiled file. JavaScript code in this file should be added after the last require_* statement. 9 | // 10 | // Read Sprockets README (https://github.com/rails/sprockets#sprockets-directives) for details 11 | // about supported directives. 12 | // 13 | //= require_tree . 14 | -------------------------------------------------------------------------------- /app/assets/javascripts/heroku_ssl/heroku_ssl.js: -------------------------------------------------------------------------------- 1 | // Place all the behaviors and hooks related to the matching controller here. 2 | // All this logic will automatically be available in application.js. 3 | -------------------------------------------------------------------------------- /app/assets/stylesheets/heroku_ssl/application.css: -------------------------------------------------------------------------------- 1 | /* 2 | * This is a manifest file that'll be compiled into application.css, which will include all the files 3 | * listed below. 4 | * 5 | * Any CSS and SCSS file within this directory, lib/assets/stylesheets, vendor/assets/stylesheets, 6 | * or any plugin's vendor/assets/stylesheets directory can be referenced here using a relative path. 7 | * 8 | * You're free to add application-wide styles to this file and they'll appear at the bottom of the 9 | * compiled file so the styles you add here take precedence over styles defined in any other CSS/SCSS 10 | * files in this directory. Styles in this file should be added after the last require_* statement. 11 | * It is generally better to create a new file per style scope. 12 | * 13 | *= require_tree . 14 | *= require_self 15 | */ 16 | -------------------------------------------------------------------------------- /app/assets/stylesheets/heroku_ssl/heroku_ssl.css: -------------------------------------------------------------------------------- 1 | /* 2 | Place all the styles related to the matching controller here. 3 | They will automatically be included in application.css. 4 | */ 5 | -------------------------------------------------------------------------------- /app/controllers/heroku_ssl/application_controller.rb: -------------------------------------------------------------------------------- 1 | module HerokuSsl 2 | class ApplicationController < ActionController::Base 3 | protect_from_forgery with: :exception 4 | end 5 | end 6 | -------------------------------------------------------------------------------- /app/controllers/heroku_ssl/heroku_ssl_controller.rb: -------------------------------------------------------------------------------- 1 | require_dependency "heroku_ssl/application_controller" 2 | 3 | module HerokuSsl 4 | class HerokuSslController < ApplicationController 5 | 6 | def challenge 7 | response = HerokuSsl::redis_instance.get("ssl-challenge-#{params[:challenge]}") 8 | render plain: response 9 | end 10 | 11 | end 12 | end 13 | -------------------------------------------------------------------------------- /app/helpers/heroku_ssl/application_helper.rb: -------------------------------------------------------------------------------- 1 | module HerokuSsl 2 | module ApplicationHelper 3 | end 4 | end 5 | -------------------------------------------------------------------------------- /app/helpers/heroku_ssl/heroku_ssl_helper.rb: -------------------------------------------------------------------------------- 1 | module HerokuSsl 2 | module HerokuSslHelper 3 | end 4 | end 5 | -------------------------------------------------------------------------------- /app/jobs/heroku_ssl/application_job.rb: -------------------------------------------------------------------------------- 1 | module HerokuSsl 2 | class ApplicationJob < ActiveJob::Base 3 | end 4 | end 5 | -------------------------------------------------------------------------------- /app/mailers/heroku_ssl/application_mailer.rb: -------------------------------------------------------------------------------- 1 | module HerokuSsl 2 | class ApplicationMailer < ActionMailer::Base 3 | default from: 'from@example.com' 4 | layout 'mailer' 5 | end 6 | end 7 | -------------------------------------------------------------------------------- /app/models/heroku_ssl/application_record.rb: -------------------------------------------------------------------------------- 1 | module HerokuSsl 2 | class ApplicationRecord < ActiveRecord::Base 3 | self.abstract_class = true 4 | end 5 | end 6 | -------------------------------------------------------------------------------- /app/views/layouts/heroku_ssl/application.html.erb: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Heroku ssl 5 | <%= stylesheet_link_tag "heroku_ssl/application", media: "all" %> 6 | <%= javascript_include_tag "heroku_ssl/application" %> 7 | <%= csrf_meta_tags %> 8 | 9 | 10 | 11 | <%= yield %> 12 | 13 | 14 | 15 | -------------------------------------------------------------------------------- /bin/rails: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | # This command will automatically be run when you run "rails" with Rails gems 3 | # installed from the root of your application. 4 | 5 | ENGINE_ROOT = File.expand_path('../..', __FILE__) 6 | ENGINE_PATH = File.expand_path('../../lib/heroku_ssl/engine', __FILE__) 7 | 8 | # Set up gems listed in the Gemfile. 9 | ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile', __FILE__) 10 | require 'bundler/setup' if File.exist?(ENV['BUNDLE_GEMFILE']) 11 | 12 | require 'rails/all' 13 | require 'rails/engine/commands' 14 | -------------------------------------------------------------------------------- /config/routes.rb: -------------------------------------------------------------------------------- 1 | Rails.application.routes.draw do 2 | 3 | get '.well-known/acme-challenge/:challenge' => 'heroku_ssl/heroku_ssl#challenge' 4 | 5 | end -------------------------------------------------------------------------------- /heroku_ssl.gemspec: -------------------------------------------------------------------------------- 1 | $:.push File.expand_path("../lib", __FILE__) 2 | 3 | # Maintain your gem's version: 4 | require "heroku_ssl/version" 5 | 6 | # Describe your gem and declare its dependencies: 7 | Gem::Specification.new do |s| 8 | s.name = "heroku_ssl" 9 | s.version = HerokuSsl::VERSION 10 | s.authors = ["Kai Marshland"] 11 | s.email = ["kaimarshland@gmail.com"] 12 | s.homepage = 'https://github.com/KMarshland/heroku-ssl' 13 | s.summary = "Quickly and easily add SSL to a Rails App with Let's Encrypt" 14 | s.description = "Quickly and easily add SSL to a Rails App with Let's Encrypt" 15 | s.license = "MIT" 16 | 17 | s.files = Dir["{app,config,db,lib}/**/*", "MIT-LICENSE", "Rakefile", "README.md"] 18 | 19 | s.add_dependency "rails", ">= 4.0.0" 20 | s.add_dependency "acme-client", "~> 0.4.0" 21 | s.add_dependency "redis", ">= 3.0" 22 | 23 | end 24 | -------------------------------------------------------------------------------- /lib/heroku_ssl.rb: -------------------------------------------------------------------------------- 1 | require "heroku_ssl/engine" 2 | require "heroku_ssl/ssl" 3 | 4 | module HerokuSsl 5 | 6 | end 7 | -------------------------------------------------------------------------------- /lib/heroku_ssl/engine.rb: -------------------------------------------------------------------------------- 1 | module HerokuSsl 2 | class Engine < ::Rails::Engine 3 | isolate_namespace HerokuSsl 4 | end 5 | end 6 | -------------------------------------------------------------------------------- /lib/heroku_ssl/ssl.rb: -------------------------------------------------------------------------------- 1 | require 'openssl' 2 | require 'acme-client' 3 | require 'redis' 4 | 5 | module HerokuSsl 6 | 7 | class << self 8 | def endpoint 9 | # Use 'https://acme-staging.api.letsencrypt.org/' for development 10 | 11 | 'https://acme-v01.api.letsencrypt.org/' 12 | end 13 | 14 | def redis_instance 15 | 16 | return $redis if $redis.present? 17 | return $heroku_ssl_redis if $heroku_ssl_redis.present? 18 | 19 | redis_url = ENV['REDIS_URL'] || ENV['HEROKU_REDIS_URL'] || 'redis://127.0.0.1:6379/0' 20 | $heroku_ssl_redis = Redis.new(:url => redis_url) 21 | 22 | end 23 | 24 | # Where the certificates are stored 25 | def cert_directory 26 | Rails.root.join('certs') 27 | end 28 | 29 | def write(filename, content) 30 | FileUtils.mkdir_p cert_directory 31 | 32 | File.write(cert_directory.join(filename), content) 33 | end 34 | 35 | def read(filename) 36 | FileUtils.mkdir_p cert_directory 37 | 38 | return nil unless File.exists? cert_directory.join(filename) 39 | 40 | File.read cert_directory.join(filename) 41 | end 42 | 43 | def gen_unless_exists(filename) 44 | existing = read filename 45 | return existing if existing.present? 46 | 47 | created = yield filename 48 | write filename, created 49 | 50 | created 51 | end 52 | 53 | #forcibly regenerates the account private key 54 | def regenerate_private_key 55 | @private_key = OpenSSL::PKey::RSA.new(4096) 56 | write('account.pem', @private_key.export) 57 | 58 | @private_key 59 | end 60 | 61 | #returns any existing account private key; only generates a new one if none exist 62 | def private_key 63 | return @private_key if @private_key.present? 64 | 65 | pem = read "#{Rails.env}/account.pem" 66 | if pem.present? 67 | @private_key = OpenSSL::PKey::RSA.new(pem) 68 | else 69 | regenerate_private_key 70 | end 71 | end 72 | 73 | 74 | def client 75 | @client ||= Acme::Client.new( 76 | private_key: private_key, 77 | endpoint: endpoint, 78 | connection_options: { 79 | request: { 80 | open_timeout: 5, 81 | timeout: 5 82 | } 83 | } 84 | ) 85 | end 86 | 87 | #adds a contact for a domain 88 | def register(email) 89 | # If the private key is not known to the server, we need to register it for the first time. 90 | registration = client.register(contact: "mailto:#{email}") 91 | 92 | # You may need to agree to the terms of service (that's up the to the server to require it or not but boulder does by default) 93 | registration.agree_terms 94 | rescue Acme::Client::Error::Malformed => e 95 | if e.message == 'Registration key is already in use' 96 | puts 'Already registered' 97 | else 98 | raise e 99 | end 100 | end 101 | 102 | def authorize(domain) 103 | if domain.is_a? Array 104 | domain.each do |dom| 105 | authorize dom 106 | end 107 | 108 | return 109 | end 110 | 111 | authorization = client.authorize(domain: domain) 112 | 113 | return if authorization.status == 'valid' 114 | 115 | # This example is using the http-01 challenge type. Other challenges are dns-01 or tls-sni-01. 116 | challenge = authorization.http01 117 | 118 | redis_instance.set("ssl-challenge-#{challenge.filename.split('/').last}", challenge.file_content) 119 | redis_instance.expire("ssl-challenge-#{challenge.filename.split('/').last}", 5.minutes) 120 | 121 | challenge.request_verification 122 | 123 | # Wait a bit for the server to make the request, or just blink. It should be fast. 124 | sleep(1) 125 | 126 | status = nil 127 | begin 128 | # May sometimes give an error, for mysterious reasons 129 | status = challenge.authorization.verify_status 130 | rescue 131 | end 132 | 133 | #alternate method to read authorization status 134 | status = client.authorize(domain: domain).status if status == 'pending' || status.blank? 135 | 136 | unless status == 'valid' 137 | puts challenge.error 138 | raise "Did not verify client. Status is still #{status}" 139 | end 140 | end 141 | 142 | def try_authorize(domain, retries=1) 143 | begin 144 | authorize domain 145 | return true 146 | rescue RuntimeError => e 147 | puts e.message 148 | 149 | if retries > 0 150 | puts 'Retrying domain authorization...' 151 | return try_authorize domain, retries-1 152 | else 153 | return false 154 | end 155 | end 156 | end 157 | 158 | def request_certificate(domain) 159 | unless try_authorize domain 160 | puts 'Domain authorization failed. Aborting operation' 161 | return 162 | end 163 | 164 | csr = Acme::Client::CertificateRequest.new(names: [*domain]) 165 | 166 | # We can now request a certificate. You can pass anything that returns 167 | # a valid DER encoded CSR when calling to_der on it. For example an 168 | # OpenSSL::X509::Request should work too. 169 | certificate = client.new_certificate(csr) 170 | 171 | { 172 | privkey: certificate.request.private_key.to_pem, 173 | cert: certificate.to_pem, 174 | chain: certificate.chain_to_pem, 175 | fullchain: certificate.fullchain_to_pem 176 | } 177 | 178 | end 179 | 180 | def create_dh_params 181 | gen_unless_exists 'dhparam.pem' do |filename| 182 | `openssl dhparam -out #{filename} 4096` 183 | end 184 | end 185 | 186 | end 187 | 188 | end 189 | -------------------------------------------------------------------------------- /lib/heroku_ssl/version.rb: -------------------------------------------------------------------------------- 1 | module HerokuSsl 2 | VERSION = '0.8.2' 3 | end 4 | -------------------------------------------------------------------------------- /lib/tasks/heroku_ssl_tasks.rake: -------------------------------------------------------------------------------- 1 | 2 | namespace :heroku_ssl do 3 | 4 | task :update_certs do 5 | update_certs 6 | end 7 | 8 | task :generate_certs do 9 | email = (ARGV[1] || '').strip 10 | email = get_email if email.blank? 11 | 12 | puts "Registering #{email}" 13 | HerokuSsl::register email 14 | 15 | domain = ARGV[2..-1] 16 | domain = get_domains if domain.blank? 17 | 18 | puts "Authorizing and generating certificates for #{domain}" 19 | 20 | certs = HerokuSsl::request_certificate domain 21 | 22 | if certs.present? 23 | STDOUT.puts '~~ GENERATED CERTIFICATES START ~~' 24 | STDOUT.puts JSON(certs) 25 | STDOUT.puts '~~ GENERATED CERTIFICATES END ~~' 26 | end 27 | end 28 | 29 | def update_certs 30 | STDOUT.puts 'Once your app has been deployed to Heroku, hit enter.' 31 | 32 | STDIN.gets 33 | 34 | email = get_email 35 | domains = get_domains 36 | app = get_app 37 | 38 | puts "Attempting to generate ssl certificates for #{app} (registering #{domains} to #{email})" 39 | 40 | #generate the certs on the server 41 | output = heroku_run("run rake heroku_ssl:generate_certs #{email} #{domains} --app #{app}") 42 | 43 | #read out the certs to temporary files 44 | unless output.include? '~~ GENERATED CERTIFICATES START ~~' 45 | puts 'Full log: ' 46 | puts output 47 | puts '' 48 | 49 | puts 'Could not generate certificates. Please try again later or try running `heroku run rake heroku_ssl:generate_certs` directly' 50 | return 51 | end 52 | 53 | output = output.split('~~ GENERATED CERTIFICATES START ~~').last 54 | .split('~~ GENERATED CERTIFICATES END ~~').first 55 | output = JSON(output).with_indifferent_access 56 | 57 | unless output['fullchain'].present? && output['privkey'].present? 58 | puts 'Output: ' 59 | puts output 60 | puts '' 61 | 62 | puts 'Failed to read certificates' 63 | return 64 | end 65 | 66 | puts 'Successfully generated certificates! Attempting to update Heroku DNS' 67 | 68 | File.open('fullchain.pem', 'wb') do |file| 69 | file.write output['fullchain'] 70 | end 71 | 72 | File.open('privkey.pem', 'wb') do |file| 73 | file.write output['privkey'] 74 | end 75 | 76 | # update heroku certs 77 | 78 | if heroku_run('certs') =~ /has\sno\sSSL\scertificates/i 79 | heroku_run("certs:add fullchain.pem privkey.pem --app #{get_app}") 80 | else 81 | heroku_run("certs:update fullchain.pem privkey.pem --app #{get_app} --confirm #{get_app}") 82 | end 83 | 84 | # clean up 85 | File.delete('fullchain.pem', 'privkey.pem') 86 | 87 | puts 'Successfully updated Heroku SSL certificates! Now you just need to make sure your DNS is configured to point as follows: ' 88 | puts heroku_run('domains').split("\n")[4..-1].join("\n") 89 | end 90 | 91 | def get_email 92 | return @email if @email.present? 93 | 94 | @email = `git config user.email` 95 | @email.strip! if @email.present? 96 | 97 | default_prompt = '' 98 | default_prompt = " [#{@email}]" if @email.present? 99 | 100 | new_email = nil 101 | while new_email.blank? 102 | STDOUT.puts "Enter your email (used to notify you of expiration)#{default_prompt}: " 103 | new_email = STDIN.gets 104 | 105 | if new_email.blank? 106 | new_email = @email 107 | else 108 | new_email.strip! 109 | end 110 | end 111 | 112 | @email = new_email 113 | end 114 | 115 | def heroku_run(command) 116 | # RUBYOPT breaks the heroku command for some reason, so you have to unset it 117 | result = `unset RUBYOPT; heroku #{command}` 118 | 119 | if result =~ /rake\saborted/i 120 | puts "Don't know how to build task -- make sure you have deployed a version with this gem installed to heroku" 121 | end 122 | 123 | if result =~ /No\ssuch\sfile\sor\sdirectory/i || result =~ /command\snot\sfound/i 124 | puts 'Cannot run command heroku -- are you sure you have it installed?' 125 | end 126 | 127 | if result =~ /Bundler::GemNotFound/i 128 | puts 'Please log in to heroku by running `heroku login`' 129 | end 130 | 131 | result 132 | end 133 | 134 | def get_domains 135 | return @domain if @domain.present? 136 | 137 | domains = heroku_run('domains').split("\n").select(&:present?)[5..-1] 138 | if domains.blank? 139 | puts 'Warning: Could not load domains' 140 | domains = [] 141 | end 142 | domains.map! do |domain| 143 | domain.split(/\s+/).first 144 | end 145 | @domain = domains.join ' ' 146 | 147 | default_prompt = '' 148 | default_prompt = " [#{@domain}]" if @domain.present? 149 | 150 | new_domain = nil 151 | while new_domain.blank? 152 | STDOUT.puts "Enter the domain to register#{default_prompt}: " 153 | new_domain = STDIN.gets 154 | 155 | if new_domain.blank? 156 | new_domain = @domain 157 | else 158 | new_domain.strip! 159 | end 160 | end 161 | 162 | @domain = new_domain 163 | end 164 | 165 | def get_app 166 | return @app if @app.present? 167 | 168 | @apps = @apps || heroku_run('apps').split("\n").map(&:split).map(&:first).select(&:present?) 169 | remotes = `git remote -v`.split("\n").map do |r| 170 | r.split("\t").last 171 | end 172 | 173 | @apps.each do |app| 174 | remotes.each do |remote| 175 | if remote.include? app 176 | @app = app 177 | break 178 | end 179 | end 180 | break if @app.present? 181 | end 182 | 183 | default_prompt = '' 184 | default_prompt = " [#{@app}]" if @app.present? 185 | 186 | new_app = nil 187 | while new_app.blank? 188 | STDOUT.puts "Enter the heroku app#{default_prompt}: " 189 | new_app = STDIN.gets 190 | 191 | if new_app.blank? 192 | new_app = @app 193 | else 194 | new_app.strip! 195 | end 196 | end 197 | 198 | @app = new_app 199 | end 200 | 201 | end 202 | 203 | -------------------------------------------------------------------------------- /test/controllers/heroku_ssl/heroku_ssl_controller_test.rb: -------------------------------------------------------------------------------- 1 | require 'test_helper' 2 | 3 | module HerokuSsl 4 | class HerokuSslControllerTest < ActionDispatch::IntegrationTest 5 | include Engine.routes.url_helpers 6 | 7 | # test "the truth" do 8 | # assert true 9 | # end 10 | end 11 | end 12 | -------------------------------------------------------------------------------- /test/dummy/.generators: -------------------------------------------------------------------------------- 1 | 2 | 9 | -------------------------------------------------------------------------------- /test/dummy/.rakeTasks: -------------------------------------------------------------------------------- 1 | 2 | 8 | -------------------------------------------------------------------------------- /test/dummy/Rakefile: -------------------------------------------------------------------------------- 1 | # Add your own tasks in files placed in lib/tasks ending in .rake, 2 | # for example lib/tasks/capistrano.rake, and they will automatically be available to Rake. 3 | 4 | require_relative 'config/application' 5 | 6 | Rails.application.load_tasks 7 | -------------------------------------------------------------------------------- /test/dummy/app/assets/config/manifest.js: -------------------------------------------------------------------------------- 1 | 2 | //= link_tree ../images 3 | //= link_directory ../javascripts .js 4 | //= link_directory ../stylesheets .css 5 | //= link heroku_ssl_manifest.js 6 | -------------------------------------------------------------------------------- /test/dummy/app/assets/images/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KMarshland/heroku-ssl/2dba967a009d01aaa3a1aeb697eb7c4e34d494ee/test/dummy/app/assets/images/.keep -------------------------------------------------------------------------------- /test/dummy/app/assets/javascripts/application.js: -------------------------------------------------------------------------------- 1 | // This is a manifest file that'll be compiled into application.js, which will include all the files 2 | // listed below. 3 | // 4 | // Any JavaScript/Coffee file within this directory, lib/assets/javascripts, vendor/assets/javascripts, 5 | // or any plugin's vendor/assets/javascripts directory can be referenced here using a relative path. 6 | // 7 | // It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the 8 | // compiled file. JavaScript code in this file should be added after the last require_* statement. 9 | // 10 | // Read Sprockets README (https://github.com/rails/sprockets#sprockets-directives) for details 11 | // about supported directives. 12 | // 13 | //= require_tree . 14 | -------------------------------------------------------------------------------- /test/dummy/app/assets/javascripts/cable.js: -------------------------------------------------------------------------------- 1 | // Action Cable provides the framework to deal with WebSockets in Rails. 2 | // You can generate new channels where WebSocket features live using the rails generate channel command. 3 | // 4 | //= require action_cable 5 | //= require_self 6 | //= require_tree ./channels 7 | 8 | (function() { 9 | this.App || (this.App = {}); 10 | 11 | App.cable = ActionCable.createConsumer(); 12 | 13 | }).call(this); 14 | -------------------------------------------------------------------------------- /test/dummy/app/assets/javascripts/channels/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KMarshland/heroku-ssl/2dba967a009d01aaa3a1aeb697eb7c4e34d494ee/test/dummy/app/assets/javascripts/channels/.keep -------------------------------------------------------------------------------- /test/dummy/app/assets/stylesheets/application.css: -------------------------------------------------------------------------------- 1 | /* 2 | * This is a manifest file that'll be compiled into application.css, which will include all the files 3 | * listed below. 4 | * 5 | * Any CSS and SCSS file within this directory, lib/assets/stylesheets, vendor/assets/stylesheets, 6 | * or any plugin's vendor/assets/stylesheets directory can be referenced here using a relative path. 7 | * 8 | * You're free to add application-wide styles to this file and they'll appear at the bottom of the 9 | * compiled file so the styles you add here take precedence over styles defined in any other CSS/SCSS 10 | * files in this directory. Styles in this file should be added after the last require_* statement. 11 | * It is generally better to create a new file per style scope. 12 | * 13 | *= require_tree . 14 | *= require_self 15 | */ 16 | -------------------------------------------------------------------------------- /test/dummy/app/channels/application_cable/channel.rb: -------------------------------------------------------------------------------- 1 | module ApplicationCable 2 | class Channel < ActionCable::Channel::Base 3 | end 4 | end 5 | -------------------------------------------------------------------------------- /test/dummy/app/channels/application_cable/connection.rb: -------------------------------------------------------------------------------- 1 | module ApplicationCable 2 | class Connection < ActionCable::Connection::Base 3 | end 4 | end 5 | -------------------------------------------------------------------------------- /test/dummy/app/controllers/application_controller.rb: -------------------------------------------------------------------------------- 1 | class ApplicationController < ActionController::Base 2 | protect_from_forgery with: :exception 3 | end 4 | -------------------------------------------------------------------------------- /test/dummy/app/controllers/concerns/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KMarshland/heroku-ssl/2dba967a009d01aaa3a1aeb697eb7c4e34d494ee/test/dummy/app/controllers/concerns/.keep -------------------------------------------------------------------------------- /test/dummy/app/helpers/application_helper.rb: -------------------------------------------------------------------------------- 1 | module ApplicationHelper 2 | end 3 | -------------------------------------------------------------------------------- /test/dummy/app/jobs/application_job.rb: -------------------------------------------------------------------------------- 1 | class ApplicationJob < ActiveJob::Base 2 | end 3 | -------------------------------------------------------------------------------- /test/dummy/app/mailers/application_mailer.rb: -------------------------------------------------------------------------------- 1 | class ApplicationMailer < ActionMailer::Base 2 | default from: 'from@example.com' 3 | layout 'mailer' 4 | end 5 | -------------------------------------------------------------------------------- /test/dummy/app/models/application_record.rb: -------------------------------------------------------------------------------- 1 | class ApplicationRecord < ActiveRecord::Base 2 | self.abstract_class = true 3 | end 4 | -------------------------------------------------------------------------------- /test/dummy/app/models/concerns/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KMarshland/heroku-ssl/2dba967a009d01aaa3a1aeb697eb7c4e34d494ee/test/dummy/app/models/concerns/.keep -------------------------------------------------------------------------------- /test/dummy/app/views/layouts/application.html.erb: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Dummy 5 | <%= csrf_meta_tags %> 6 | 7 | <%= stylesheet_link_tag 'application', media: 'all', 'data-turbolinks-track': 'reload' %> 8 | <%= javascript_include_tag 'application', 'data-turbolinks-track': 'reload' %> 9 | 10 | 11 | 12 | <%= yield %> 13 | 14 | 15 | -------------------------------------------------------------------------------- /test/dummy/app/views/layouts/mailer.html.erb: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 8 | 9 | 10 | 11 | <%= yield %> 12 | 13 | 14 | -------------------------------------------------------------------------------- /test/dummy/app/views/layouts/mailer.text.erb: -------------------------------------------------------------------------------- 1 | <%= yield %> 2 | -------------------------------------------------------------------------------- /test/dummy/bin/bundle: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile', __FILE__) 3 | load Gem.bin_path('bundler', 'bundle') 4 | -------------------------------------------------------------------------------- /test/dummy/bin/rails: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | APP_PATH = File.expand_path('../config/application', __dir__) 3 | require_relative '../config/boot' 4 | require 'rails/commands' 5 | -------------------------------------------------------------------------------- /test/dummy/bin/rake: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | require_relative '../config/boot' 3 | require 'rake' 4 | Rake.application.run 5 | -------------------------------------------------------------------------------- /test/dummy/bin/setup: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | require 'pathname' 3 | require 'fileutils' 4 | include FileUtils 5 | 6 | # path to your application root. 7 | APP_ROOT = Pathname.new File.expand_path('../../', __FILE__) 8 | 9 | def system!(*args) 10 | system(*args) || abort("\n== Command #{args} failed ==") 11 | end 12 | 13 | chdir APP_ROOT do 14 | # This script is a starting point to setup your application. 15 | # Add necessary setup steps to this file. 16 | 17 | puts '== Installing dependencies ==' 18 | system! 'gem install bundler --conservative' 19 | system('bundle check') || system!('bundle install') 20 | 21 | # puts "\n== Copying sample files ==" 22 | # unless File.exist?('config/database.yml') 23 | # cp 'config/database.yml.sample', 'config/database.yml' 24 | # end 25 | 26 | puts "\n== Preparing database ==" 27 | system! 'bin/rails db:setup' 28 | 29 | puts "\n== Removing old logs and tempfiles ==" 30 | system! 'bin/rails log:clear tmp:clear' 31 | 32 | puts "\n== Restarting application server ==" 33 | system! 'bin/rails restart' 34 | end 35 | -------------------------------------------------------------------------------- /test/dummy/bin/update: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | require 'pathname' 3 | require 'fileutils' 4 | include FileUtils 5 | 6 | # path to your application root. 7 | APP_ROOT = Pathname.new File.expand_path('../../', __FILE__) 8 | 9 | def system!(*args) 10 | system(*args) || abort("\n== Command #{args} failed ==") 11 | end 12 | 13 | chdir APP_ROOT do 14 | # This script is a way to update your development environment automatically. 15 | # Add necessary update steps to this file. 16 | 17 | puts '== Installing dependencies ==' 18 | system! 'gem install bundler --conservative' 19 | system('bundle check') || system!('bundle install') 20 | 21 | puts "\n== Updating database ==" 22 | system! 'bin/rails db:migrate' 23 | 24 | puts "\n== Removing old logs and tempfiles ==" 25 | system! 'bin/rails log:clear tmp:clear' 26 | 27 | puts "\n== Restarting application server ==" 28 | system! 'bin/rails restart' 29 | end 30 | -------------------------------------------------------------------------------- /test/dummy/config.ru: -------------------------------------------------------------------------------- 1 | # This file is used by Rack-based servers to start the application. 2 | 3 | require_relative 'config/environment' 4 | 5 | run Rails.application 6 | -------------------------------------------------------------------------------- /test/dummy/config/application.rb: -------------------------------------------------------------------------------- 1 | require_relative 'boot' 2 | 3 | require 'rails/all' 4 | 5 | Bundler.require(*Rails.groups) 6 | require "heroku_ssl" 7 | 8 | module Dummy 9 | class Application < Rails::Application 10 | # Settings in config/environments/* take precedence over those specified here. 11 | # Application configuration should go into files in config/initializers 12 | # -- all .rb files in that directory are automatically loaded. 13 | end 14 | end 15 | 16 | -------------------------------------------------------------------------------- /test/dummy/config/boot.rb: -------------------------------------------------------------------------------- 1 | # Set up gems listed in the Gemfile. 2 | ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../../Gemfile', __dir__) 3 | 4 | require 'bundler/setup' if File.exist?(ENV['BUNDLE_GEMFILE']) 5 | $LOAD_PATH.unshift File.expand_path('../../../lib', __dir__) 6 | -------------------------------------------------------------------------------- /test/dummy/config/cable.yml: -------------------------------------------------------------------------------- 1 | development: 2 | adapter: async 3 | 4 | test: 5 | adapter: async 6 | 7 | production: 8 | adapter: redis 9 | url: redis://localhost:6379/1 10 | -------------------------------------------------------------------------------- /test/dummy/config/database.yml: -------------------------------------------------------------------------------- 1 | # SQLite version 3.x 2 | # gem install sqlite3 3 | # 4 | # Ensure the SQLite 3 gem is defined in your Gemfile 5 | # gem 'sqlite3' 6 | # 7 | default: &default 8 | adapter: sqlite3 9 | pool: 5 10 | timeout: 5000 11 | 12 | development: 13 | <<: *default 14 | database: db/development.sqlite3 15 | 16 | # Warning: The database defined as "test" will be erased and 17 | # re-generated from your development database when you run "rake". 18 | # Do not set this db to the same as development or production. 19 | test: 20 | <<: *default 21 | database: db/test.sqlite3 22 | 23 | production: 24 | <<: *default 25 | database: db/production.sqlite3 26 | -------------------------------------------------------------------------------- /test/dummy/config/environment.rb: -------------------------------------------------------------------------------- 1 | # Load the Rails application. 2 | require_relative 'application' 3 | 4 | # Initialize the Rails application. 5 | Rails.application.initialize! 6 | -------------------------------------------------------------------------------- /test/dummy/config/environments/development.rb: -------------------------------------------------------------------------------- 1 | Rails.application.configure do 2 | # Settings specified here will take precedence over those in config/application.rb. 3 | 4 | # In the development environment your application's code is reloaded on 5 | # every request. This slows down response time but is perfect for development 6 | # since you don't have to restart the web server when you make code changes. 7 | config.cache_classes = false 8 | 9 | # Do not eager load code on boot. 10 | config.eager_load = false 11 | 12 | # Show full error reports. 13 | config.consider_all_requests_local = true 14 | 15 | # Enable/disable caching. By default caching is disabled. 16 | if Rails.root.join('tmp/caching-dev.txt').exist? 17 | config.action_controller.perform_caching = true 18 | 19 | config.cache_store = :memory_store 20 | config.public_file_server.headers = { 21 | 'Cache-Control' => 'public, max-age=172800' 22 | } 23 | else 24 | config.action_controller.perform_caching = false 25 | 26 | config.cache_store = :null_store 27 | end 28 | 29 | # Don't care if the mailer can't send. 30 | config.action_mailer.raise_delivery_errors = false 31 | 32 | config.action_mailer.perform_caching = false 33 | 34 | # Print deprecation notices to the Rails logger. 35 | config.active_support.deprecation = :log 36 | 37 | # Raise an error on page load if there are pending migrations. 38 | config.active_record.migration_error = :page_load 39 | 40 | # Debug mode disables concatenation and preprocessing of assets. 41 | # This option may cause significant delays in view rendering with a large 42 | # number of complex assets. 43 | config.assets.debug = true 44 | 45 | # Suppress logger output for asset requests. 46 | config.assets.quiet = true 47 | 48 | # Raises error for missing translations 49 | # config.action_view.raise_on_missing_translations = true 50 | 51 | # Use an evented file watcher to asynchronously detect changes in source code, 52 | # routes, locales, etc. This feature depends on the listen gem. 53 | # config.file_watcher = ActiveSupport::EventedFileUpdateChecker 54 | end 55 | -------------------------------------------------------------------------------- /test/dummy/config/environments/production.rb: -------------------------------------------------------------------------------- 1 | Rails.application.configure do 2 | # Settings specified here will take precedence over those in config/application.rb. 3 | 4 | # Code is not reloaded between requests. 5 | config.cache_classes = true 6 | 7 | # Eager load code on boot. This eager loads most of Rails and 8 | # your application in memory, allowing both threaded web servers 9 | # and those relying on copy on write to perform better. 10 | # Rake tasks automatically ignore this option for performance. 11 | config.eager_load = true 12 | 13 | # Full error reports are disabled and caching is turned on. 14 | config.consider_all_requests_local = false 15 | config.action_controller.perform_caching = true 16 | 17 | # Disable serving static files from the `/public` folder by default since 18 | # Apache or NGINX already handles this. 19 | config.public_file_server.enabled = ENV['RAILS_SERVE_STATIC_FILES'].present? 20 | 21 | # Compress JavaScripts and CSS. 22 | config.assets.js_compressor = :uglifier 23 | # config.assets.css_compressor = :sass 24 | 25 | # Do not fallback to assets pipeline if a precompiled asset is missed. 26 | config.assets.compile = false 27 | 28 | # `config.assets.precompile` and `config.assets.version` have moved to config/initializers/assets.rb 29 | 30 | # Enable serving of images, stylesheets, and JavaScripts from an asset server. 31 | # config.action_controller.asset_host = 'http://assets.example.com' 32 | 33 | # Specifies the header that your server uses for sending files. 34 | # config.action_dispatch.x_sendfile_header = 'X-Sendfile' # for Apache 35 | # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for NGINX 36 | 37 | # Mount Action Cable outside main process or domain 38 | # config.action_cable.mount_path = nil 39 | # config.action_cable.url = 'wss://example.com/cable' 40 | # config.action_cable.allowed_request_origins = [ 'http://example.com', /http:\/\/example.*/ ] 41 | 42 | # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies. 43 | # config.force_ssl = true 44 | 45 | # Use the lowest log level to ensure availability of diagnostic information 46 | # when problems arise. 47 | config.log_level = :debug 48 | 49 | # Prepend all log lines with the following tags. 50 | config.log_tags = [ :request_id ] 51 | 52 | # Use a different cache store in production. 53 | # config.cache_store = :mem_cache_store 54 | 55 | # Use a real queuing backend for Active Job (and separate queues per environment) 56 | # config.active_job.queue_adapter = :resque 57 | # config.active_job.queue_name_prefix = "dummy_#{Rails.env}" 58 | config.action_mailer.perform_caching = false 59 | 60 | # Ignore bad email addresses and do not raise email delivery errors. 61 | # Set this to true and configure the email server for immediate delivery to raise delivery errors. 62 | # config.action_mailer.raise_delivery_errors = false 63 | 64 | # Enable locale fallbacks for I18n (makes lookups for any locale fall back to 65 | # the I18n.default_locale when a translation cannot be found). 66 | config.i18n.fallbacks = true 67 | 68 | # Send deprecation notices to registered listeners. 69 | config.active_support.deprecation = :notify 70 | 71 | # Use default logging formatter so that PID and timestamp are not suppressed. 72 | config.log_formatter = ::Logger::Formatter.new 73 | 74 | # Use a different logger for distributed setups. 75 | # require 'syslog/logger' 76 | # config.logger = ActiveSupport::TaggedLogging.new(Syslog::Logger.new 'app-name') 77 | 78 | if ENV["RAILS_LOG_TO_STDOUT"].present? 79 | logger = ActiveSupport::Logger.new(STDOUT) 80 | logger.formatter = config.log_formatter 81 | config.logger = ActiveSupport::TaggedLogging.new(logger) 82 | end 83 | 84 | # Do not dump schema after migrations. 85 | config.active_record.dump_schema_after_migration = false 86 | end 87 | -------------------------------------------------------------------------------- /test/dummy/config/environments/test.rb: -------------------------------------------------------------------------------- 1 | Rails.application.configure do 2 | # Settings specified here will take precedence over those in config/application.rb. 3 | 4 | # The test environment is used exclusively to run your application's 5 | # test suite. You never need to work with it otherwise. Remember that 6 | # your test database is "scratch space" for the test suite and is wiped 7 | # and recreated between test runs. Don't rely on the data there! 8 | config.cache_classes = true 9 | 10 | # Do not eager load code on boot. This avoids loading your whole application 11 | # just for the purpose of running a single test. If you are using a tool that 12 | # preloads Rails for running tests, you may have to set it to true. 13 | config.eager_load = false 14 | 15 | # Configure public file server for tests with Cache-Control for performance. 16 | config.public_file_server.enabled = true 17 | config.public_file_server.headers = { 18 | 'Cache-Control' => 'public, max-age=3600' 19 | } 20 | 21 | # Show full error reports and disable caching. 22 | config.consider_all_requests_local = true 23 | config.action_controller.perform_caching = false 24 | 25 | # Raise exceptions instead of rendering exception templates. 26 | config.action_dispatch.show_exceptions = false 27 | 28 | # Disable request forgery protection in test environment. 29 | config.action_controller.allow_forgery_protection = false 30 | config.action_mailer.perform_caching = false 31 | 32 | # Tell Action Mailer not to deliver emails to the real world. 33 | # The :test delivery method accumulates sent emails in the 34 | # ActionMailer::Base.deliveries array. 35 | config.action_mailer.delivery_method = :test 36 | 37 | # Print deprecation notices to the stderr. 38 | config.active_support.deprecation = :stderr 39 | 40 | # Raises error for missing translations 41 | # config.action_view.raise_on_missing_translations = true 42 | end 43 | -------------------------------------------------------------------------------- /test/dummy/config/initializers/application_controller_renderer.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # ApplicationController.renderer.defaults.merge!( 4 | # http_host: 'example.org', 5 | # https: false 6 | # ) 7 | -------------------------------------------------------------------------------- /test/dummy/config/initializers/assets.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # Version of your assets, change this if you want to expire all your assets. 4 | Rails.application.config.assets.version = '1.0' 5 | 6 | # Add additional assets to the asset load path 7 | # Rails.application.config.assets.paths << Emoji.images_path 8 | 9 | # Precompile additional assets. 10 | # application.js, application.css, and all non-JS/CSS in app/assets folder are already added. 11 | # Rails.application.config.assets.precompile += %w( search.js ) 12 | -------------------------------------------------------------------------------- /test/dummy/config/initializers/backtrace_silencers.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # You can add backtrace silencers for libraries that you're using but don't wish to see in your backtraces. 4 | # Rails.backtrace_cleaner.add_silencer { |line| line =~ /my_noisy_library/ } 5 | 6 | # You can also remove all the silencers if you're trying to debug a problem that might stem from framework code. 7 | # Rails.backtrace_cleaner.remove_silencers! 8 | -------------------------------------------------------------------------------- /test/dummy/config/initializers/cookies_serializer.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # Specify a serializer for the signed and encrypted cookie jars. 4 | # Valid options are :json, :marshal, and :hybrid. 5 | Rails.application.config.action_dispatch.cookies_serializer = :json 6 | -------------------------------------------------------------------------------- /test/dummy/config/initializers/filter_parameter_logging.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # Configure sensitive parameters which will be filtered from the log file. 4 | Rails.application.config.filter_parameters += [:password] 5 | -------------------------------------------------------------------------------- /test/dummy/config/initializers/inflections.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # Add new inflection rules using the following format. Inflections 4 | # are locale specific, and you may define rules for as many different 5 | # locales as you wish. All of these examples are active by default: 6 | # ActiveSupport::Inflector.inflections(:en) do |inflect| 7 | # inflect.plural /^(ox)$/i, '\1en' 8 | # inflect.singular /^(ox)en/i, '\1' 9 | # inflect.irregular 'person', 'people' 10 | # inflect.uncountable %w( fish sheep ) 11 | # end 12 | 13 | # These inflection rules are supported but not enabled by default: 14 | # ActiveSupport::Inflector.inflections(:en) do |inflect| 15 | # inflect.acronym 'RESTful' 16 | # end 17 | -------------------------------------------------------------------------------- /test/dummy/config/initializers/mime_types.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # Add new mime types for use in respond_to blocks: 4 | # Mime::Type.register "text/richtext", :rtf 5 | -------------------------------------------------------------------------------- /test/dummy/config/initializers/new_framework_defaults.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | # 3 | # This file contains migration options to ease your Rails 5.0 upgrade. 4 | # 5 | # Read the Rails 5.0 release notes for more info on each option. 6 | 7 | # Enable per-form CSRF tokens. Previous versions had false. 8 | Rails.application.config.action_controller.per_form_csrf_tokens = true 9 | 10 | # Enable origin-checking CSRF mitigation. Previous versions had false. 11 | Rails.application.config.action_controller.forgery_protection_origin_check = true 12 | 13 | # Make Ruby 2.4 preserve the timezone of the receiver when calling `to_time`. 14 | # Previous versions had false. 15 | ActiveSupport.to_time_preserves_timezone = true 16 | 17 | # Require `belongs_to` associations by default. Previous versions had false. 18 | Rails.application.config.active_record.belongs_to_required_by_default = true 19 | 20 | # Do not halt callback chains when a callback returns false. Previous versions had true. 21 | ActiveSupport.halt_callback_chains_on_return_false = false 22 | 23 | # Configure SSL options to enable HSTS with subdomains. Previous versions had false. 24 | Rails.application.config.ssl_options = { hsts: { subdomains: true } } 25 | -------------------------------------------------------------------------------- /test/dummy/config/initializers/session_store.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | Rails.application.config.session_store :cookie_store, key: '_dummy_session' 4 | -------------------------------------------------------------------------------- /test/dummy/config/initializers/wrap_parameters.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # This file contains settings for ActionController::ParamsWrapper which 4 | # is enabled by default. 5 | 6 | # Enable parameter wrapping for JSON. You can disable this by setting :format to an empty array. 7 | ActiveSupport.on_load(:action_controller) do 8 | wrap_parameters format: [:json] 9 | end 10 | 11 | # To enable root element in JSON for ActiveRecord objects. 12 | # ActiveSupport.on_load(:active_record) do 13 | # self.include_root_in_json = true 14 | # end 15 | -------------------------------------------------------------------------------- /test/dummy/config/locales/en.yml: -------------------------------------------------------------------------------- 1 | # Files in the config/locales directory are used for internationalization 2 | # and are automatically loaded by Rails. If you want to use locales other 3 | # than English, add the necessary files in this directory. 4 | # 5 | # To use the locales, use `I18n.t`: 6 | # 7 | # I18n.t 'hello' 8 | # 9 | # In views, this is aliased to just `t`: 10 | # 11 | # <%= t('hello') %> 12 | # 13 | # To use a different locale, set it with `I18n.locale`: 14 | # 15 | # I18n.locale = :es 16 | # 17 | # This would use the information in config/locales/es.yml. 18 | # 19 | # To learn more, please read the Rails Internationalization guide 20 | # available at http://guides.rubyonrails.org/i18n.html. 21 | 22 | en: 23 | hello: "Hello world" 24 | -------------------------------------------------------------------------------- /test/dummy/config/puma.rb: -------------------------------------------------------------------------------- 1 | # Puma can serve each request in a thread from an internal thread pool. 2 | # The `threads` method setting takes two numbers a minimum and maximum. 3 | # Any libraries that use thread pools should be configured to match 4 | # the maximum value specified for Puma. Default is set to 5 threads for minimum 5 | # and maximum, this matches the default thread size of Active Record. 6 | # 7 | threads_count = ENV.fetch("RAILS_MAX_THREADS") { 5 }.to_i 8 | threads threads_count, threads_count 9 | 10 | # Specifies the `port` that Puma will listen on to receive requests, default is 3000. 11 | # 12 | port ENV.fetch("PORT") { 3000 } 13 | 14 | # Specifies the `environment` that Puma will run in. 15 | # 16 | environment ENV.fetch("RAILS_ENV") { "development" } 17 | 18 | # Specifies the number of `workers` to boot in clustered mode. 19 | # Workers are forked webserver processes. If using threads and workers together 20 | # the concurrency of the application would be max `threads` * `workers`. 21 | # Workers do not work on JRuby or Windows (both of which do not support 22 | # processes). 23 | # 24 | # workers ENV.fetch("WEB_CONCURRENCY") { 2 } 25 | 26 | # Use the `preload_app!` method when specifying a `workers` number. 27 | # This directive tells Puma to first boot the application and load code 28 | # before forking the application. This takes advantage of Copy On Write 29 | # process behavior so workers use less memory. If you use this option 30 | # you need to make sure to reconnect any threads in the `on_worker_boot` 31 | # block. 32 | # 33 | # preload_app! 34 | 35 | # The code in the `on_worker_boot` will be called if you are using 36 | # clustered mode by specifying a number of `workers`. After each worker 37 | # process is booted this block will be run, if you are using `preload_app!` 38 | # option you will want to use this block to reconnect to any threads 39 | # or connections that may have been created at application boot, Ruby 40 | # cannot share connections between processes. 41 | # 42 | # on_worker_boot do 43 | # ActiveRecord::Base.establish_connection if defined?(ActiveRecord) 44 | # end 45 | 46 | # Allow puma to be restarted by `rails restart` command. 47 | plugin :tmp_restart 48 | -------------------------------------------------------------------------------- /test/dummy/config/routes.rb: -------------------------------------------------------------------------------- 1 | Rails.application.routes.draw do 2 | end 3 | -------------------------------------------------------------------------------- /test/dummy/config/secrets.yml: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # Your secret key is used for verifying the integrity of signed cookies. 4 | # If you change this key, all old signed cookies will become invalid! 5 | 6 | # Make sure the secret is at least 30 characters and all random, 7 | # no regular words or you'll be exposed to dictionary attacks. 8 | # You can use `rails secret` to generate a secure secret key. 9 | 10 | # Make sure the secrets in this file are kept private 11 | # if you're sharing your code publicly. 12 | 13 | development: 14 | secret_key_base: 935e00a94fd9b295642273b5118b8cd3e445cd52d8a7cd9ae3af1a6c2fbe764f3d7aac86a8ec54c89bc63404bfa55fdfbd8d3d6100c78352bd4f5e06169f3bfa 15 | 16 | test: 17 | secret_key_base: c585e2a42f02878815f628058f1b426b3c12acd7dff6a04bd9c0e1a55221a82644cf3cdaaaf153a49abb78a7b11188585d93240a7074255d5ec5e06272510c5a 18 | 19 | 20 | # Do not keep production secrets in the repository, 21 | # instead read values from the environment. 22 | production: 23 | secret_key_base: <%= ENV["SECRET_KEY_BASE"] %> 24 | -------------------------------------------------------------------------------- /test/dummy/config/spring.rb: -------------------------------------------------------------------------------- 1 | %w( 2 | .ruby-version 3 | .rbenv-vars 4 | tmp/restart.txt 5 | tmp/caching-dev.txt 6 | ).each { |path| Spring.watch(path) } 7 | -------------------------------------------------------------------------------- /test/dummy/lib/assets/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KMarshland/heroku-ssl/2dba967a009d01aaa3a1aeb697eb7c4e34d494ee/test/dummy/lib/assets/.keep -------------------------------------------------------------------------------- /test/dummy/log/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KMarshland/heroku-ssl/2dba967a009d01aaa3a1aeb697eb7c4e34d494ee/test/dummy/log/.keep -------------------------------------------------------------------------------- /test/dummy/public/404.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | The page you were looking for doesn't exist (404) 5 | 6 | 55 | 56 | 57 | 58 | 59 |
60 |
61 |

The page you were looking for doesn't exist.

62 |

You may have mistyped the address or the page may have moved.

63 |
64 |

If you are the application owner check the logs for more information.

65 |
66 | 67 | 68 | -------------------------------------------------------------------------------- /test/dummy/public/422.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | The change you wanted was rejected (422) 5 | 6 | 55 | 56 | 57 | 58 | 59 |
60 |
61 |

The change you wanted was rejected.

62 |

Maybe you tried to change something you didn't have access to.

63 |
64 |

If you are the application owner check the logs for more information.

65 |
66 | 67 | 68 | -------------------------------------------------------------------------------- /test/dummy/public/500.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | We're sorry, but something went wrong (500) 5 | 6 | 55 | 56 | 57 | 58 | 59 |
60 |
61 |

We're sorry, but something went wrong.

62 |
63 |

If you are the application owner check the logs for more information.

64 |
65 | 66 | 67 | -------------------------------------------------------------------------------- /test/dummy/public/apple-touch-icon-precomposed.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KMarshland/heroku-ssl/2dba967a009d01aaa3a1aeb697eb7c4e34d494ee/test/dummy/public/apple-touch-icon-precomposed.png -------------------------------------------------------------------------------- /test/dummy/public/apple-touch-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KMarshland/heroku-ssl/2dba967a009d01aaa3a1aeb697eb7c4e34d494ee/test/dummy/public/apple-touch-icon.png -------------------------------------------------------------------------------- /test/dummy/public/favicon.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KMarshland/heroku-ssl/2dba967a009d01aaa3a1aeb697eb7c4e34d494ee/test/dummy/public/favicon.ico -------------------------------------------------------------------------------- /test/heroku_ssl_test.rb: -------------------------------------------------------------------------------- 1 | require 'test_helper' 2 | 3 | class HerokuSsl::Test < ActiveSupport::TestCase 4 | test "truth" do 5 | assert_kind_of Module, HerokuSsl 6 | end 7 | end 8 | -------------------------------------------------------------------------------- /test/integration/navigation_test.rb: -------------------------------------------------------------------------------- 1 | require 'test_helper' 2 | 3 | class NavigationTest < ActionDispatch::IntegrationTest 4 | # test "the truth" do 5 | # assert true 6 | # end 7 | end 8 | 9 | -------------------------------------------------------------------------------- /test/test_helper.rb: -------------------------------------------------------------------------------- 1 | # Configure Rails Environment 2 | ENV["RAILS_ENV"] = "test" 3 | 4 | require File.expand_path("../../test/dummy/config/environment.rb", __FILE__) 5 | ActiveRecord::Migrator.migrations_paths = [File.expand_path("../../test/dummy/db/migrate", __FILE__)] 6 | ActiveRecord::Migrator.migrations_paths << File.expand_path('../../db/migrate', __FILE__) 7 | require "rails/test_help" 8 | 9 | # Filter out Minitest backtrace while allowing backtrace from other libraries 10 | # to be shown. 11 | Minitest.backtrace_filter = Minitest::BacktraceFilter.new 12 | 13 | # Load fixtures from the engine 14 | if ActiveSupport::TestCase.respond_to?(:fixture_path=) 15 | ActiveSupport::TestCase.fixture_path = File.expand_path("../fixtures", __FILE__) 16 | ActionDispatch::IntegrationTest.fixture_path = ActiveSupport::TestCase.fixture_path 17 | ActiveSupport::TestCase.file_fixture_path = ActiveSupport::TestCase.fixture_path + "/files" 18 | ActiveSupport::TestCase.fixtures :all 19 | end 20 | --------------------------------------------------------------------------------