Method: Puma::DSL#ssl_bind

Defined in:

lib/puma/dsl.rb

#ssl_bind(host, port, opts = {}) ⇒ Object

Instead of using bind and manually constructing a URI like:

bind 'ssl://127.0.0.1:9292?key=key_path&cert=cert_path'

you can use the this method.

When binding on localhost you don’t need to specify cert and key, Puma will assume you are using the localhost gem and try to load the appropriate files.

When using the options hash parameter, the ‘reuse:` value is either `true`, which sets reuse ’on’ with default values, or a hash, with ‘:size` and/or `:timeout` keys, each with integer values.

The ‘cert:` options hash parameter can be the path to a certificate file including all intermediate certificates in PEM format.

The ‘cert_pem:` options hash parameter can be String containing the cerificate and all intermediate certificates in PEM format.

Examples:

ssl_bind '127.0.0.1', '9292', {
  cert: path_to_cert,
  key: path_to_key,
  ssl_cipher_filter: cipher_filter, # optional
  ssl_ciphersuites: ciphersuites,   # optional
  verify_mode: verify_mode,         # default 'none'
  verification_flags: flags,        # optional, not supported by JRuby
  reuse: true                       # optional
}

Using self-signed certificate with the localhost gem:

ssl_bind '127.0.0.1', '9292'

Alternatively, you can provide cert_pem and key_pem:

ssl_bind '127.0.0.1', '9292', {
  cert_pem: File.read(path_to_cert),
  key_pem: File.read(path_to_key),
  reuse: {size: 2_000, timeout: 20} # optional
}

For JRuby, two keys are required: keystore & keystore_pass

ssl_bind '127.0.0.1', '9292', {
  keystore: path_to_keystore,
  keystore_pass: password,
  ssl_cipher_list: cipher_list,     # optional
  verify_mode: verify_mode          # default 'none'
}

# File 'lib/puma/dsl.rb', line 644

def ssl_bind(host, port, opts = {})
  add_pem_values_to_options_store(opts)
  bind self.class.ssl_bind_str(host, port, opts)
end