Greg, Thanks, between your advice and James' I think I have the solution at hand. Will give it a shot and report back here.
Cheers, Chris On Dec 17, 1:16 pm, Greg Willits <[email protected]> wrote: > On Dec 17, 2009, at 1:00 PM, Chris McCann wrote: > > > > > I've got a client who wants me to run their Ruby on Rails site using > > https all the time because of the type of information they're > > processing with the application. I'm having trouble getting Rails to > > use the https protocol. I've deployed to Apache2 with Passenger. > > > I thought it would be a simple matter of getting an SSL certificate > > and configuring the web server to use it. I added the > > X_FORWARDED_PROTO "https" line to the virtual host but that didn't do > > the trick. > > > I know of DHH's ssl_requirement plugin, but I don't really need the > > granularity of running particular controller actions under https -- I > > want everything in https all the time. > > > I did find post on another group that mentioned adding a re-write rule > > for the *:80 vhost like this: > > > RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=permanent] > > > Is this required? Can anybody here point out what part of the > > configuration, either in Apache, Passenger or Rails, that I've > > overlooked? > > I run an all-HTTPS app, and there's no setup trickery at all. I simply > set the virtual host to respond to the IP address and 443 port (and > all the usual SSL config rot). > > Rails itself has no clue that HTTPS is involved (especially since it > is fed by a mongrel cluster). There's no need for the > X_FORWARDED_PROTO and no need for any https detection in your > application. > > If you need an Apache vhost example, I could dig that out for you. > > -- greg willits -- SD Ruby mailing list [email protected] http://groups.google.com/group/sdruby
