tags:

views:

474

answers:

3
+3  Q: 

SSL with Ruby on Rails

What do I need to do to get traffic to my ruby on rails app to use https? I have a certificate installed and if I manually type in "https://" in the address bar when accessing the site the little lock icon appears, but just manually going to www.example-app.com in my browser sends traffic through http://.

Is there some one-line config or is it more complicated than that? I've never had to deal with SSL before, so excuse me if I sound like I don't know what's going on.

I'm hosting at MediaTemple in a (gs), if that matters or anyone has experience with such a setup.

+2  A: 

Ruby on Rails is an application framework and not a web server. The HTTPS configuration you need to change is in your web server (Apache, nginx, etc) config.

Zepplock  2010-01-23 01:32:37
Okay, I knew that much. I guess then I'm curious how to go about changing that setting. Where would that be? At least its a research lead. I'll poke around apache and mongrel config files.
Austin Fitzpatrick  2010-01-23 01:35:49
you don't need to change mongrel. Only Apache config file. I think the default config file contains HTTPS config but it is disable by default. Also look into using nginx web server (uses less resources, easier to configure).
Zepplock  2010-01-23 01:57:36
+8  A: 

Check out the ssl_requirement gem.

It lets you specify in your controllers which actions should be served over https and which actions can be served over https. It will then take care of redirecting from http to https and vice-versa.

From the documentation:

class ApplicationController < ActiveRecord::Base
  include SslRequirement
end

class AccountController < ApplicationController
  ssl_required :signup, :payment
  ssl_allowed :index

  def signup
    # Non-SSL access will be redirected to SSL
  end

  def payment
    # Non-SSL access will be redirected to SSL
  end

  def index
    # This action will work either with or without SSL
  end

  def other
    # SSL access will be redirected to non-SSL
  end
end
jerhinesmith  2010-01-23 02:32:14
Thanks! Anyone who's looking into this and is also hosting with MediaTemple on a (gs) will want to read this, too: http://kb.mediatemple.net/questions/252/%28gs%29+Ruby+on+Rails+ssl_requirement+plugin
Austin Fitzpatrick  2010-01-26 22:05:02
A: 

It's pretty easy, and you don't need a gem for it. I blogged how to redirect without www in rails here. Redirecting to https is (almost) exactly the same.

class ApplicationController < ActionController::Base
  before_filter :redirect_to_https

  def redirect_to_https
    redirect_to "https://example.com#{request.request_uri}" if !request.ssl? && request.host != "localhost"
  end
end

Apply your before_filter on anything that you want to make sure is kept behind the SSL security. I'm usually one for code reuse and gems, but this one is ridiculously simple. Read more about request.protocol.

Jarrett Meyer  2010-01-23 02:53:11
Wouldn't this cause issues in a development environment? Unless you also abstract away the example.com part?
jerhinesmith  2010-01-23 03:07:06
@jerhinesmith Edited, fixed code sample
Jarrett Meyer  2010-01-23 13:42:34

related questions

Is there a rake task for backing up the data in your database?
How to represent cross-model information in MVC?
WYSIWYG editor gem for Rails?
Best Solution For Authentication in Ruby on Rails
Acts-as-readable Rails plugin Issue
Associating source and search keywords with account creation
Any tips on getting Rails to run with an Access back-end?
Being as DRY as possible in a Ruby on Rails App
How Do You Secure database.yml?
What IDE to use for developing in Ruby on Rails on windows?
Is Ruby On Rails ready for the Enterprise?
OpenID authentication in Ruby on Rails
Why Doesn't My Cron Job Work Properly?
Why does sqlite3-ruby-1.2.2 not work on OS X?
Ruby mixins and calling super methods
Why all the Active Record hate?
Haml: how do I set a dymanic class value?
Learning Ruby on Rails any good for Grails?
How to sell Python to a client/boss/person with lots of cash
How do I create a new Ruby on Rails application using MySQL instead of SQLite?
Ruby On Rails with Windows Vista - Best Setup?
What is good forum software to add to an existing Rails application?
How do I fix 'Unprocessed view path found' error with ExceptionNotifier plugin in rails 2.1?
Frequent SystemExit in Ruby when making HTTP calls
Implementation of "Remember me" in a Rails application.