passenger , ruby on rails , apache 2.2.21

Hello,

I am configuring apache 2.2 to serve my rails app through passenger. First, I redirect all http traffic to https with the following:

This is my web server apache conf file.

ServerName sampleapp

NameVirtualHost *:80 <VirtualHost *:80> Options FollowSymLinks   RewriteEngine On   RewriteCond %{SERVER_PORT} !^443$   RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R] </VirtualHost>

Inside the <VirtualHost *:443> section, I have the following configuration, which seems extremely standard:    <Directory />       Options FollowSymLinks       AllowOverride None       Order deny,allow       Deny from none       Allow from all    </Directory> ProxyPreserveHost on

ErrorLog "/usr/local/apache2/logs/error_log" TransferLog "/usr/local/apache2/logs/access_log" SSLEngine on

<Proxy balancer://hotcluster> BalancerMember http://appserver:8010/ </Proxy>

ProxyPass / balancer://hotcluster/ ProxyPassReverse / balancer://hotcluster/

SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

SSLCertificateKeyFile "/home/sasi/test.key"

SSLCACertificateFile "/home/sasi/test.cer"

SSLCertificateChainFile "/home/sasi/test1.cer"

<FilesMatch "\.(cgi|shtml|phtml|php)$">     SSLOptions +StdEnvVars </FilesMatch> <Directory "/usr/local/apache2/cgi-bin">     SSLOptions +StdEnvVars </Directory>

BrowserMatch ".*MSIE.*" \          nokeepalive ssl-unclean-shutdown \          downgrade-1.0 force-response-1.0

CustomLog "/usr/local/apache2/logs/ssl_request_log" \           "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

RequestHeader set X_FORWARDED_PROTO "https"

RewriteEngine On RewriteCond %{SERVER_PORT} !^443$ RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R]

RewriteCond %{HTTPS} !=on RewriteRule ^/(.*) https://%{SERVER_NAME}%{REQUEST_URI} [L,R]

    ProxyRequests Off     <Proxy *>         Order Allow,Deny         Allow from all         AuthType Basic         AuthName Transmission         AuthUserFile /etc/apache2/users # Require user me     </Proxy> </Virtualhost>

In my app server i point my application which runs with passenger , apache in 8010 port

<VirtualHost *:8010>   RailsEnv development   DocumentRoot /home/appserver/sampleapp/public

  <Directory />     Options FollowSymLinks     AllowOverride None     Order deny,allow     Deny from none     Allow from all   </Directory>   ProxyPreserveHost on

  RequestHeader set X_FORWARDED_PROTO "https"

  ProxyPass /images !   ProxyPass /stylesheets !   ProxyPass /javascripts !

  RewriteEngine on   RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK) [NC]   RewriteRule ^(.*)$ - [F,L]

  RewriteCond %{REQUEST_METHOD} !^(OPTIONS|GET|POST)$ [NC]   RewriteRule .* - [F,L]

</VirtualHost>

When I point my browser to "https://sampleapp/session/new&quot; I get the login page that I expect. After giving the login credentials my site url changes from https to http as (http://sampleapp/home) instead of staying in (https://sampleapp/home). If i manually change the url to "https". It stays fully in https .

The way in which i have written rewrite condition in app server and web server is right?

Can anybody suggest me .

Please Help!

Sasi