SSL for login pages - how do I configure this? (dreamhost)

Hi,

Can anyone give me a headsup/pointer re how to enable some (or all?) of
my pages to be SSL encrypted (e.g. login pages where password is being
transfered)? Is this in the ruby application or part of the apache
configuration? What doco should I brush up on?

I’m on Dreamhost so I don’t think I have full access to apache.

Tks

bump (still interested re this item if anyone knows how to do this)

bump (still interested re this item if anyone knows how to do this)

On Thu, Sep 14, 2006 at 06:50:54AM +1000, Greg H. wrote:

Can anyone give me a headsup/pointer re how to enable some (or all?) of
my pages to be SSL encrypted (e.g. login pages where password is being
transfered)? Is this in the ruby application or part of the apache
configuration? What doco should I brush up on?

I’m on Dreamhost so I don’t think I have full access to apache.

Well, I don’t know how you would deal with it there, so my instructions
will be general.

Making some of your pages ssl requires some setup on your web server in
addition to some setup in your application.

On the web server, just make an ssl site.

You can then set up
some methods in app/controllers/application.rb which you can then use as
a
before_filter in your controllers. The two methods you need are
“ssl_required” and “ssl_prohibited”. They look something like this:

def ssl_required
unless @request.ssl?
redirect_to “https://#{@request.host}/#{@request.request_uri}”
end
end

def ssl_prohibited
if @request.ssl?
redirect_to “http://#{@request.host}/#{@request.request_uri}”
end
end

(this is untested, you might need to fix it. If so, please followup
this post with the fix for future searching)

You can then put:

before_filter :ssl_required, :only => [:cart, :checkout]

to force some items to ssl. You then use the opposite:

before_filter: ssl_prohibited

for controllers or actions that shouldn’t be ssl.

If you have access to web server config, you can also force ssl or
non-ssl on certain paths using “redirectmatch”. Doing it in your app
gives you a little more flexibility and keeps it all in one place.

Michael

Michael Darrin Chaney
[email protected]
http://www.michaelchaney.com/

excellent - thanks for these pointers Michael

it sounds like at dreamhost I have to pay more $$ to get SSL for my app
per
this
linkhttp://wiki.dreamhost.com/index.php/KB_/_Account_Control_Panel_/_Goodies_::_Secure_Server.

That is extra for:
(a) purchase a unique ip add-on ($3.95/month)
(b) purchase a secure certificate on their own from a party

Does this sound normal/reasonable? Is there another way to get SSL
happening for my application on dreamhost?

Tks

On Oct 21, 2006, at 4:37 PM, Greg H. wrote:

it sounds like at dreamhost I have to pay more $$ to get SSL for my
app per this link.

That is extra for:
(a) purchase a unique ip add-on ($3.95/month)
(b) purchase a secure certificate on their own from a party

Does this sound normal/reasonable? Is there another way to get SSL
happening for my application on dreamhost?

Sounds very reasonable for a shared host. You will always need a
certificate (Go Daddy has them for very cheap) and a static IP
address for SSL. Even if you were on a dedicated server, you’d have
to allocate a unique IP address and buy a certificate.

Brad

ok - thanks Brad

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs