redirect for ssl

11175 · July 29, 2008, 2:23am

I have two sites: foo.com and bar.com which dns points to the same ip and whose contents reside on the same folder. The problem is that i purchased a site certificate for only foo.com. If ssl_required redirects a user on bar.com to port 443, then they get an error according to their browser security settings.

I have thought of several ways to attack this problem, but would like some advice.

(1) hard-code my link_to settings to go to foo.com. This is easy, but ugly, not maintainable (my testing server would no longer work)

(2) overload ssl_required to go to foo.com -- might be cleaner, but not sure how to do this

(3) set up apache or dns to force ssl traffic over foo.com -- would be most compatible on my ubuntu vps web-server

I am really stuck with this and appreciate your advice.

Thanks,

Tim

p.s. this is lower priority, but in general, I am in a rut troubleshooting ssl on my development server since my windows machine and webrick are proving difficult to modify.

Ajit · July 29, 2008, 12:48pm

I think SSL requires unique IP. I did something like this few years back.. thats when I found that you can not assign same IP to SSL and non-sercure website. try using diff IP for non-SSL website.

I hope it will help

Ajit

11175 · July 29, 2008, 1:42pm

Ajit Singh wrote:

I think SSL requires unique IP. I did something like this few years back.. thats when I found that you can not assign same IP to SSL and non-sercure website. try using diff IP for non-SSL website.

I hope it will help

Ajit

On Jul 28, 10:23 pm, Tim Booher <rails-mailing-l...@andreas-s.net>

Thanks for your reply, but I don't think I need a new ip. The problem here is not getting one ip to serve 80 and 443, but forcing the user on bar.com to go to foo.com. I am just trying to do that in the most elegant way.

thanks!

Tim

Dave_Rothlisberger · July 29, 2008, 2:13pm

I would recommend (3) -- set up apache to redirect bar.com https traffic to foo.com (assuming both sites are identical, it should be transparent to the user... I'm assuming this because you said "both sites reside in the same folder".)

Craig_White2 · July 29, 2008, 2:16pm

Ajit Singh wrote: > I think SSL requires unique IP. I did something like this few years > back.. thats when I found that you can not assign same IP to SSL and > non-sercure website. try using diff IP for non-SSL website. > > I hope it will help > > Ajit > > > On Jul 28, 10:23 pm, Tim Booher <rails-mailing-l...@andreas-s.net>

Thanks for your reply, but I don't think I need a new ip. The problem here is not getting one ip to serve 80 and 443, but forcing the user on bar.com to go to foo.com. I am just trying to do that in the most elegant way.

11175 · July 29, 2008, 5:05pm

Craig White wrote:

Topic		Replies	Views
Exteding/Enhancing SSL Requirement plugin rubyonrails-talk	0	183	January 7, 2010
Help! How to redirect if SSL applied rubyonrails-talk	0	113	April 29, 2010
Help setting up RoR SSL on Bluehost rubyonrails-talk	0	109	February 20, 2008
ssl_requirement does not redirect to https rubyonrails-talk	2	141	February 20, 2008
problem with http -> https redirect rubyonrails-talk	2	124	June 18, 2007

redirect for ssl

Related topics

More Resources