Method: Puma::DSL#ssl_bind

Defined in:

lib/puma/dsl.rb

#ssl_bind(host, port, opts = {}) ⇒ Object

Instead of using bind and manually constructing a URI like:

bind 'ssl://127.0.0.1:9292?key=key_path&cert=cert_path'

you can use the this method.

When binding on localhost you don’t need to specify cert and key, Puma will assume you are using the localhost gem and try to load the appropriate files.

When using the options hash parameter, the reuse: value is either true, which sets reuse ‘on’ with default values, or a hash, with :size and/or :timeout keys, each with integer values.

The cert: options hash parameter can be the path to a certificate file including all intermediate certificates in PEM format.

The cert_pem: options hash parameter can be String containing the cerificate and all intermediate certificates in PEM format.

Examples:

ssl_bind '127.0.0.1', '9292', {
  cert: path_to_cert,
  key: path_to_key,
  ssl_cipher_filter: cipher_filter, # optional
  ssl_ciphersuites: ciphersuites,   # optional
  verify_mode: verify_mode,         # default 'none'
  verification_flags: flags,        # optional, not supported by JRuby
  reuse: true                       # optional
}

Using self-signed certificate with the localhost gem:

ssl_bind '127.0.0.1', '9292'

Alternatively, you can provide cert_pem and key_pem:

ssl_bind '127.0.0.1', '9292', {
  cert_pem: File.read(path_to_cert),
  key_pem: File.read(path_to_key),
  reuse: {size: 2_000, timeout: 20} # optional
}

For JRuby, two keys are required: keystore & keystore_pass

ssl_bind '127.0.0.1', '9292', {
  keystore: path_to_keystore,
  keystore_pass: password,
  ssl_cipher_list: cipher_list,     # optional
  verify_mode: verify_mode          # default 'none'
}

# File 'lib/puma/dsl.rb', line 647

def ssl_bind(host, port, opts = {})
  add_pem_values_to_options_store(opts)
  bind self.class.ssl_bind_str(host, port, opts)
end