1

I have a rails 3 app hosted on heroku which contains sensitive data which is why i want to implement SSL. The info I learned from google searching doesn't exactly match my use case as I want to SSL the entire site. I'd like your help understanding the following.

Is there a simple way to force all app requests to use SSL? I want the landing page to even have SSL as the landing page has a sign in form. It seems like it'd be a lot simpler to SSL everything than select SSL on a per page basis. That being said, do I need a gem for this?

Thank you

1
  • This article should help you. Commented Dec 1, 2010 at 5:57

2 Answers 2

2

Look for a Rack middleware that accomplishes this.

Sign up to request clarification or add additional context in comments.

2 Comments

Thanks, what's the recommendation for dev... use https on development? Isthat even possible?
if you run your dev under apache/nginx or the like yes you can run under ssl on dev. Some people prefer to run dev and production the same (ssl vs none). some don't. I don't run ssl on dev, but do on integration / qa servers..
0

I found this post today which is updated and looks like a good solution: http://www.simonecarletti.com/blog/2011/05/configuring-rails-3-https-ssl/

I am using SSL Enforcer with Heroku and it works great. However, I had a lot of trouble setting up SSL on my dev machine (Ubuntu 11.04).

First, Webrick did not work with SSL, so I found a hack which worked for a while. But then I had a weird javascript and Google Visualization API problem with it.

Now I installed Thin (which was easy), but it is not working with SSL Enforcer.

If you have the time to install and configure Apache, SSL will work. But I don't think Heroku uses Apache, so that's not so good...

I can see why people don't want to figure out how to run SSL on their local machine...maybe it's not worth it if you have a staging or QA server that does run SSL.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.