SSL for login pages - how do I configure this? (dreamhost)

bump (still interested re this item if anyone knows how to do this)

bump (still interested re this item if anyone knows how to do this)

Well, I don't know how you would deal with it there, so my instructions
will be general.

Making some of your pages ssl requires some setup on your web server in
addition to some setup in your application.

On the web server, just make an ssl site.

You can then set up
some methods in app/controllers/application.rb which you can then use as a
before_filter in your controllers. The two methods you need are
"ssl_required" and "ssl_prohibited". They look something like this:

def ssl_required
  unless @request.ssl?
    redirect_to "https://#{@request.host}/#{@request.request_uri}"
  end
end

def ssl_prohibited
  if @request.ssl?
    redirect_to "http://#{@request.host}/#{@request.request_uri}"
  end
end

(this is untested, you might need to fix it. If so, please followup
this post with the fix for future searching)

You can then put:

before_filter :ssl_required, :only => [:cart, :checkout]

to force some items to ssl. You then use the opposite:

before_filter: ssl_prohibited

for controllers or actions that shouldn't be ssl.

If you have access to web server config, you can also force ssl or
non-ssl on certain paths using "redirectmatch". Doing it in your app
gives you a little more flexibility and keeps it all in one place.

Michael

excellent - thanks for these pointers Michael

it sounds like at dreamhost I have to pay more $$ to get SSL for my app per this link.

That is extra for:
(a) purchase a unique ip add-on ($3.95/month)
(b) purchase a secure certificate on their own from a party

Does this sound normal/reasonable? Is there another way to get SSL happening for my application on dreamhost?

Tks

Sounds very reasonable for a shared host. You will always need a certificate (Go Daddy has them for very cheap) and a static IP address for SSL. Even if you were on a dedicated server, you’d have to allocate a unique IP address and buy a certificate.

Brad

ok - thanks Brad