How do i enable SSL?


#1

Hello.

I am developing an application using ruby on rails. On of the
requirements is to use secure socket layer for secure transaction and
verification of users. How do I Turn on and use SSL on ruby on rails?


Love is the greatest


#2

On Tue, Oct 7, 2008 at 3:10 AM, Gilbert Gift S. removed_email_address@domain.invalid
wrote:

Hello.

I am developing an application using ruby on rails. On of the
requirements is to use secure socket layer for secure transaction and
verification of users. How do I Turn on and use SSL on ruby on rails?

This is something you’d do on the web server level (Apache, Nginx,
Lighttpd, etc.) not on the Ruby on Rails side of your stack.

Robby


Robby R.
Chief Evangelist, Partner

PLANET ARGON, LLC
design // development // hosting


http://www.robbyonrails.com/
aim: planetargon

+1 503 445 2457
+1 877 55 ARGON [toll free]
+1 815 642 4068 [fax]


#3

Robby you are partially true. You do have to make some work on the http
server side, but also in Rails you must specify that your generated
links must be using https protocol.

In Rails 2.1, if I put “include SslRequirement” in the application
controller, I get the following error message:

uninitialized constant ApplicationController::SslRequirement

Is there some updated documentation about that? I have found most
documentation concerning the plugin version of ssl_requirement, but that
back in the days of Rails 1.x. How does it work now with Rails 2.1?


#4

Ok I get it. The ssl_requirement is still a plugin, I thought it was
merged inside Rails.

You can install it using script/install plugin ssl_requirement.

Also here are some interesting links about some limitations of
ssl_requirement and how to use it:

http://siannopollo.blogspot.com/2007/08/rails-and-ssl-https.html
http://weeatbricks.com/2007/10/31/how-to-use-a-rails-app-with-https/


#5

I have been playing with this plugin a bit, and I have to say that this
experience was an absolute failure.

The generated links are completely wrong. How does rails understand
which actions need to use http and which use https? Currently nothing
works, I do get redirected to https pages, but for instance the
root_path which doesn’t require https gets strangely rendered as it uses
the name of my rails app instead of the domain name. Why is that?


#6

I’m starting to understand the problems:

  • You must define in routes.rb the option :protocol => ‘http’ or ‘https’
    so that Rails can generate the correct links.
  • On the pages that use https, you must make sure your links are defined
    using some_name_url so that non-https links will be generated with
    http://…

I have yet to understand 2 issues I am facing:

  • how to define the protocol option with map.resources in routes.rb
  • why are links that use http completely wrong. Instead of
    http://www.mysite.com/logo.png, I get http://my_rails_folder/logo.png

Anyone to chip in?


#7

The issue about http links not being correctly rendered is because of
Nginx, you need to specify the option proxy-redirect off; etc…

I am still facing the issue of defining the protocol for resources
defined in routes.rb. I don’t know how to do it.


#8

Didn’t this work?

https.resources :forms, :requirements => {:protocol =>
ROUTES_PROTOCOL}

On Oct 14, 6:34 pm, Fernando P. removed_email_address@domain.invalid


#9

Yeah it worked, make sure to ALWAYS use some_resource_url for the
correct links to be rendered.