On Dec 17, 2009, at 1:00 PM, Chris McCann wrote: > I've got a client who wants me to run their Ruby on Rails site using > https all the time because of the type of information they're > processing with the application. I'm having trouble getting Rails to > use the https protocol. I've deployed to Apache2 with Passenger. > > I thought it would be a simple matter of getting an SSL certificate > and configuring the web server to use it. I added the > X_FORWARDED_PROTO "https" line to the virtual host but that didn't do > the trick. > > I know of DHH's ssl_requirement plugin, but I don't really need the > granularity of running particular controller actions under https -- I > want everything in https all the time. > > I did find post on another group that mentioned adding a re-write rule > for the *:80 vhost like this: > > RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=permanent] > > Is this required? Can anybody here point out what part of the > configuration, either in Apache, Passenger or Rails, that I've > overlooked?
I run an all-HTTPS app, and there's no setup trickery at all. I simply set the virtual host to respond to the IP address and 443 port (and all the usual SSL config rot). Rails itself has no clue that HTTPS is involved (especially since it is fed by a mongrel cluster). There's no need for the X_FORWARDED_PROTO and no need for any https detection in your application. If you need an Apache vhost example, I could dig that out for you. -- greg willits -- SD Ruby mailing list [email protected] http://groups.google.com/group/sdruby
