{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 劳资没心,怎么记你 的问题《Rails with thin and ssl: http request not auto-red》','https://www.manongdao.com/q-1140132.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
Recently I wanted to secure my rails 4.2.1 app with https the easiest way. I found this question as well as this answer about WEBrick+SSL, both referencing to this post which is unfortunately not reachable any more. Then I found this answer recommending to use thin instead (naming other advantages of using thin). Then I followed this step-by-step guide, finally running thin start --ssl --ssl-key-file .ssl/key.pem --ssl-cert-file .ssl/cert.pem -e production with self-signed certificate. My config/environments/production.rb contains config.force_ssl = true.
Now I would like to access the web normally by typing example.com expecting to be automatically redirected to https://example.com but this does not happen. Typing looong https://example.com works fine. Here is a 2-year-old question with similar issue but any answer doesn't work either and something could have also changed since then.
How can I make it work? Or is there any different recent but simple enough way to start using ssl with rails? Thanks!
In your config/environment/production.rb file make sure you have the following:
Also make sure to update your cookie settings in config/initializers/session_store.rb:
You also need to specify
secure: truein the config/initializers/devise.rb file if you are using DeviseAlso make sure to clear the cache on your browser
If you have a load balancer in front of your website that is terminating the TLS/SSL and then connecting via HTTPS to the backend, this would mean the connection from the load balancer to your server is HTTPS, even though the client connection to the load balancer is not. Your load balancer should send the
X-Forwarded-Protoheader which Rails should take into account.If you are running Rails under Passenger inside Nginx (or Apache), you may need to configure that to forward the header and/or port.
Note, however, that Rails looks first at the
HTTPSenvironment variable before it looks at the header, and that might be set to"on"because connection to your web server is HTTPS.In that case you can redirect all traffic from HTTP to HTTPS inside Nginx: