I'm trying to get SSL working on my app, using ssl_requirement. SSL is working, but ssl_requirement doesn't seem to be handling the request properly- it doesn't redirect to https.
Relevant files:
application.rb: class ApplicationController < ActionController::Base include SslRequirement include AuthenticatedSystem
def ssl_required? return false if local_request? || RAILS_ENV == 'test' super end ... end
users_controller.rb: class UsersController < ApplicationController ssl_required :new, :create, :reset_password
... end
vhost.conf: ( VirtualHost *:80 is a duplicate of the code below, except for the first 2 lines) <VirtualHost 123.123.123.123:443> SSLEngine on RequestHeader set X_FORWARDED_PROTO "https"
DocumentRoot /var/www/apps/my_app/current/public
<Directory /var/www/apps/my_app/current/public> Options FollowSymLinks AllowOverride None Order allow,deny Allow from all </Directory>
# Configure mongrel_cluster <Proxy balancer://my_app_cluster> BalancerMember http://127.0.0.1:8000 BalancerMember http://127.0.0.1:8001 </Proxy>
RewriteEngine On
# Prevent access to .svn directories RewriteRule ^(.*/)?\.svn/ - [F,L] ErrorDocument 403 "Access Forbidden"
# Check for maintenance file and redirect all requests RewriteCond %{DOCUMENT_ROOT}/system/maintenance.html -f RewriteCond %{SCRIPT_FILENAME} !maintenance.html RewriteRule ^.*$ /system/maintenance.html [L]
# Rewrite index to check for static RewriteRule ^/$ /index.html [QSA]
# Rewrite to check for Rails cached page RewriteRule ^([^.]+)$ $1.html [QSA]
# Redirect all non-static requests to cluster RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f RewriteRule ^/(.*)$ balancer://my_app_cluster%{REQUEST_URI} [P,QSA,L]
# Deflate AddOutputFilterByType DEFLATE text/html text/plain text/xml BrowserMatch ^Mozilla/4 gzip-only-text/html BrowserMatch ^Mozilla/4\.0[678] no-gzip BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
ErrorLog logs/my_app.com-error_log CustomLog logs/my_app.com-access_log combined
# This just specifies locations of key and crt files Include /etc/httpd/conf/apps/ssl.conf </VirtualHost>
In production, the app just throws a 404 when I try to access https://my_app.com/signup.
My specs:
describe "Requesting /signup" do controller_name :users
before(:each) do @user = mock_model(User, :to_param => "1", :save => true) User.stub!(:new).and_return(@user) end
def do_get get :new end
it "should redirect to HTTPS version if request.ssl? is false" do request.stub!(:ssl?).and_return false do_get response.should redirect_to("https://test.host/signup"\) end
it "should redirect to the HTTPS version" do request.stub!(:ssl?).and_return true do_get response.should redirect_to("https://test.host/signup"\) end end
autotest spits out: 'Requesting /signup should redirect to the HTTPS version' FAILED expected redirect to "https://test.host/signup", got redirect to "http://test.host/signup"
'Requesting /signup (/users/new) should redirect to HTTPS version if request.ssl? is false' FAILED expected redirect to "https://test.host/signup", got no redirect
When I try to access the production site via the command line, I get this: $ curl -I https://my_app.com/signup HTTP/1.1 302 Moved Temporarily Server: Mongrel 1.0.1 Status: 302 Found Location: http://my_app.com/signup Cache-Control: no-cache Content-Type: text/html; charset=utf-8 Content-Length: 107 Set-Cookie: _my_app_session_id=7eeea00b749ef2ed8b06730b18c62646; path=/ Vary: Accept-Encoding Connection: close
$ curl -I http://my_app.com/signup HTTP/1.1 200 OK Server: Mongrel 1.0.1 Status: 200 OK Cache-Control: no-cache Content-Type: text/html; charset=utf-8 Vary: Accept-Encoding Content-length: 12031 Connection: Keep-Alive Set-Cookie: _my_app_session_id=5c8fd1c3f962b65aeeb6a4b6299c3e46; path=/
The request is getting past Apache, it looks like the app itself is not handling the request correctly.
Has anyone encountered this problem before? Any help would be much appreciated.
Bobby