Wednesday, November 28, 2007

Testing Rails SSL Requirements on Your Development Machine

Update 1/31/2012: This advice is pretty old but should still basically work. I now prefer a more flexible solution using Unicorn and Pound.


I am building a Rails app that requires some portions of the site to use HTTPS, so naturally I'm using the SSL requirement plugin. The plugin works great, but if you're using Mongrel or WEBrick running out of script/server in your development environment, you now won't be able to talk to those parts of your site (since these servers do not include SSL encryption).

The solution is pretty easy, but it's not something I found written up elsewhere, so I thought I'd document it here. All you have to do is install your own local Apache server and have it proxy requests to the Mongrel or WEBrick instance, similar to how you would set up your production environment. For simplicity I didn't use a cluster of mongrels, or mod_balance, or anything like that, just a straight-through proxy. See "A Simple Single Mongrel Configuration" on the Mongrel site for details.

But there's a bit more you need to do in order to make things work with Rails and the SSL requirement plugin.  Below is a subset of my httpd.conf file; for clarity, I cut out all the default settings and just left what I added or changed.
Listen 80 # included in the default config
Listen 443 # Apache needs to know you want to accept connections over HTTPS
SSLCertificateFile /usr/local/apache/conf/newcert.pem
SSLCertificateKeyFile /usr/local/apache/conf/newkey.pem
# Below is optional, but was helpful to me in debugging this setup
CustomLog logs/ssl_request_log  "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
<VirtualHost *:80>ServerName localhost
 ServerAlias 127.0.0.1
 ProxyPass / http://localhost:3000/
 ProxyPassReverse / http://localhost:3000
 ProxyPreserveHost on</VirtualHost>
<VirtualHost *:443>SSLEngine On
ServerName localhost
ServerAlias 127.0.0.1
ProxyPass / http://localhost:3000/
ProxyPassReverse / http://localhost:3000
ProxyPreserveHost on
RequestHeader set X_FORWARDED_PROTO 'https' # don't forget this line!
</VirtualHost>

<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>
What you're doing is setting up two different proxies through Apache to your Mongrel server; one via port 80, unencrypted, and one via port 443, encrypted with SSL.  If you don't include the X_FORWARDED_PROTO line in your 443 virtual host, Rails won't know that it's using SSL and the SSL requirement filter will fail.

The two SSLcertificate directives refer to the cryptographic data needed to encrypt the traffic. I just made some self-signed certificates (which are free).  There are a million tutorials out there; I used the one on Apple's site.  You'll need to pick a passphrase to protect your private key.  Pick something short (since this isn't the production site) because you'll need to enter it every time you want to reboot your server.

Start things up and you're ready to go!

wymanpark~ $ sudo httpd -k start
Apache/2.2.6 mod_ssl/2.2.6 (Pass Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide the pass phrases.

Server localhost:443 (RSA)
Enter pass phrase:

OK: Pass Phrase Dialog successful.
wymanpark~ $ 

Friday, November 23, 2007

Notes from Asaf Ronen at Philadelphia Improv Festival

Asaf Ronen Directing Workshop Notes (Philadelphia Improv Festival, November 2007)

  • First he had us lead each other in exercises, and checked-in with the leader during the exercise, asking "What level are they at?" and "How are they doing?". Then he had the leader provide feedback to the group to make them more successful.

  • All warmup exercises have a focus, don't just do them to do them, and make sure the participants understand the point. e.g. Zip-Zap-Zop
    can be played to enhance concentration, listening skills, etc.

  • He recommended directors/teachers delegate warmups to group members because it helps them be invested in the group, work on their own stuff. But
    be sure to lead one final warmup as a way of taking back control

  • He led an interesting, instructive warmup:

    • We all took a breath in, let it out

    • We all took a breath in, let out a "sound from the bowels of hell"

    • We all took a breath in, let out a musical note


    The "ugly sound" was much bigger with more committment than the musical note; why? Because you're allowed to screw up -- there's no pressure
    to make the "right note" or to harmonize. Interestingly, with the ugly sound we eventually harmonized anyway. People associate the note
    with perfection. Judgements happen regularly in improv, even with a simple game like zip-zap-zop. So we should improvise in the spirit
    of that ugly note -- having fun with it, not trying for perfection or even to harmonize. Those things take care of themselves.




  • It's better to give notes what TO DO, vs. what NOT TO DO

  • "Any good thing you do can become a crutch"

  • To give us practice on our directing skills, he split us into group A & B. Each person had an observer in the other group, so when group A did
    scenes, a member of group B was just watching them. After all members of group A had done scenes in every combination with other members of group A,
    the observers in group B gave their notes to Asaf (vs. directly to the performer).

  • He asked us to look for patterns and to give a specific challenge to the performer (via Asaf) without being corrective or even explaining
    why we were giving the challenge. For example, my observer gave the challenge that I should assume a dynamic, fixed posed at the beginning of every
    scene and not move.

  • Group A then did another round of scenes with their challenges, and the observers gave another round of feedback (which included explaining
    why they picked the challenge). This was a great format and one I intend to use in the future.

  • Good tip for thinking of challenges: "If not, then what?"

  • Challenges are like lifting weights: they need to be extreme in order to cause a change, even though in real life you're not going to go to those
    extremes (e.g. not many people are going to be benchpressing 200 lbs but that's what they need to lift to produce a change in their body)
  • All of improv boils down to making a choice and committing to a choice. So all challenges are about encouraging different choices or more committment
    to choices.

  • Don't start your notes by giving people a compliment, it makes them feel like a "but" is coming and they anticipate that "but"

  • Helpful to say things like "I remove your responsibility to be scenic" or "to be funny"

  • With challenges, if you affect one thing, it tends to 'trickle down' and affect others (hence only one challenge needed at a time)

  • Challenges create impulse/immediacy -- With immediacy comes impulse and with impulse comes energy

  • Can apply challenges globally to the group

  • All short form comes from Spolin's acting exercises; those exercises were designed to relieve judgement and fear

  • The more specific the challenge, the more easy it is to succeed right away

  • One good challenge he gave was to give five pieces of tape to a performer, and had that person put tape all over the stage, with the last two pieces
    being "in unusual places". The performer's challenge was to hit all of those marks as often as possible throughout the scene.

  • Put your focus on succeeding in the NEXT scene; don't make your notes about the PREVIOUS scenes

  • You don't act emotions; you do things that convey emotion.

  • If you feel emotionally ambiguous, make a sound and see what happens (that was another good challenge: make a human sound before every line)

  • We then did a round of extend/continue

    • helps people with physical work

    • helps free people of fulfilling obligations to the scene



  • People feel need to constantly introduce cnflict and solve problems right away, but it can be good to be in an environment for awhile
    before a conflict starts -- or letting problems get worse before we try to solve them.

  • Scenes can be slice of life, not just conflict

  • Sidecoaching is often choice coaching -- doesn't help in next scene (but sidecoaching can be good to help keep challenges present in the mind
    of the performer)

  • Best sidecoaching is about choices and committments

  • Need to make things as tangible for actors as possible "You're at a 5, go to a 10"

  • Sounds are more informative than sound effects

  • Play from inspiration, not obligation

  • The way he gives notes after a show: takes less than five minutes, has two parts. What were the strongest, most fun parts of the show?
    What's the challenge for next time?


Asaf Ronen Physical Improv Workshop Notes (Philadelphia Improv Festival, November 2007)

  • Too often we rely on words and forget other tools

  • Laban movement exercises: we milled about the stage, then made choices based on one of these dimensions: Speed, Space, Direction, and Tension.
    Then we combined choices in multiple different dimensions.

  • Grab an object, get informaton (about your character, the object, the scene, etc). Pull it towards you, get more information, use it, get more.

  • Make a sound and grab an object

  • You can explain everything physically except "Why?", but you don't need to explain why, because the audience fils it in.

  • It's liberating to leave Why up to the audience -- experience is more personal as a result