Jim Neath

If you’re using Ruby to open connections to an external server over https, eg. the Facebook Graph API, you may run into the following error:

OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed

This error is due to Ruby not being able to find the certification authority certificates (CA Certs) used to verify the authenticity of secured web servers. The solution is to download the this ca-bundle.crt into your application’s lib/ directory:

Then add the following code to config/initializers/fix_ssl.rb:

require 'open-uri'
require 'net/https'

module Net
  class HTTP
    alias_method :original_use_ssl=, :use_ssl=
    
    def use_ssl=(flag)
      self.ca_file = Rails.root.join('lib/ca-bundle.crt')
      self.verify_mode = OpenSSL::SSL::VERIFY_PEER
      self.original_use_ssl = flag
    end
  end
end

This should force ruby to use the CA bundle from your application’s lib/ directory.

Party on, Wayne!

The standard way of deploying rails applications is to serve a static maintenance page while the code is being updated, to prevent errors being thrown by the user and to prevent writes happening to your database. This is all fine and dandy in the real world but in Facebook land we run into issues.

Facebook will always send a POST on the initial iframe request for security reasons, and this can be to any end-point in our application, while in reality, this should be treated as a GET.

So, the first time a page of your app is requested by user, Facebook sends a POST request. If you’re currently in maintenance mode you’re going to get a big 405 Method not allowed error.

To fix this we need to tell nginx to serve your maintenance page to POST requests, as well as GET requests. We can do this by updating your servers config files. Say your server config initially looks like this:

server {
  # all your other server stuff
  # ...

  # show maintenance page if exists 
  if (-f $document_root/system/maintenance.html) {
    rewrite ^(.*)$ /system/maintenance.html break;
    break;
  }
}

Add the following location rule to allow nginx to serve the page for POST requests:

server {
  # all your other server stuff
  # ...

  # show maintenance page if exists 
  if (-f $document_root/system/maintenance.html) {
    rewrite ^(.*)$ /system/maintenance.html break;
    break;
  }

  # serve maintenance page to POST requests
  location = /system/maintenance.html {
    post_to_static on;
  }
}

Reload your nginx config and everything should be rocking as expected.

Trying to use send_file from your Rails 3 app and getting a file with a size of zero bytes? It’s more than likely that you’re using nginx and haven’t setup your app to use send_file properly.

Open up your config/environments/production.rb file and find the following lines:

# Specifies the header that your server uses for sending files
config.action_dispatch.x_sendfile_header = "X-Sendfile"

# For nginx:
# config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect'

Then comment out the first config.action_dispatch.x_sendfile_header line and uncomment out the second. So it should look like this:

# Specifies the header that your server uses for sending files
# config.action_dispatch.x_sendfile_header = "X-Sendfile"

# For nginx:
config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect'

Then just commit, push, deploy and voila!