How do i enable SSL?


I am developing an application using ruby on rails. On of the requirements is to use secure socket layer for secure transaction and verification of users. How do I Turn on and use SSL on ruby on rails?

This is something you'd do on the web server level (Apache, Nginx, Lighttpd, etc.) not on the Ruby on Rails side of your stack.


Ok I get it. The ssl_requirement is still a plugin, I thought it was merged inside Rails.

You can install it using script/install plugin ssl_requirement.

Also here are some interesting links about some limitations of ssl_requirement and how to use it:

I have been playing with this plugin a bit, and I have to say that this experience was an absolute failure.

The generated links are completely wrong. How does rails understand which actions need to use http and which use https? Currently nothing works, I do get redirected to https pages, but for instance the root_path which doesn't require https gets strangely rendered as it uses the name of my rails app instead of the domain name. Why is that?

I'm starting to understand the problems:

- You must define in routes.rb the option :protocol => 'http' or 'https' so that Rails can generate the correct links. - On the pages that use https, you must make sure your links are defined using some_name_url so that non-https links will be generated with http://…

I have yet to understand 2 issues I am facing: - how to define the protocol option with map.resources in routes.rb - why are links that use http completely wrong. Instead of, I get http://my_rails_folder/logo.png

Anyone to chip in?

The issue about http links not being correctly rendered is because of Nginx, you need to specify the option proxy-redirect off; etc...

I am still facing the issue of defining the protocol for resources defined in routes.rb. I don't know how to do it.

Didn't this work?

https.resources :forms, :requirements => {:protocol => ROUTES_PROTOCOL}

Yeah it worked, make sure to ALWAYS use some_resource_url for the correct links to be rendered.