Web Service behind https

Hi,

I'm trying to create a web service that runs on https (i.e ssl). I
have install the ssl_requirement plugin and in my webservice
controller I have the lines

ssl_required :method_name

In development I had this commented out, as I wasn't running https
locally. When I called MethodName it worked fine (in development).

But in production with ssl when I call the method.
It returns a 302

When I check the production logs I see the following:

Redirected to http://…myurl…
Filter chain halted as
[#<ActionController::Filters::ClassMethods::SymbolFilter:0xb759fb34
@filter=:ensure_proper_protocol>] returned false.
Completed in 0.00029 (3506 reqs/sec) | DB: 0.00000 (0%) | 302 Found
[https://…myurl…]

Am I doing somethign horribly wrong? Any suggestions?

Just in case it helps I am also using ssl_required in some other
controllers and it's working as I'd expect there.

Thanks (in advance) for any help

Regards,

Paul

Paul,

We'd need to know more about your production environment to help
further, but a very common problem is between the https server and
your application. The https server usually needs to include some kind
of header so Rails knows that it's talking https. If you're using
Apache to talk to a Mongrel server (for example), you need to include
the X_FORWARDED_PROTO header in the virtual host directive for your
production server (and make sure your SSLEngine is turned on).

Below is a snippet of configuration I use on my development machine.
In production you probably wouldn't want to use ProxyPass -- it would
be better to use something like mod_balance against a cluster of
Mongrels.

<VirtualHost *:443>
SSLEngine On
ServerName localhost
ServerAlias 127.0.0.1

ProxyPass / http://localhost:3000/
ProxyPassReverse / http://localhost:3000
ProxyPreserveHost on
RequestHeader set X_FORWARDED_PROTO 'https'
</VirtualHost>

By the way, it's pretty easy to set up your own https server in
development, which is better than commenting things out. I wrote up a
quick article about it here:

http://www.subelsky.com/2007/11/testing-rails-ssl-requirements-on-your.html

Also helpful were these articles, which have lots of good information
even if you're not using Mongrel:

http://blog.innerewut.de/2006/06/21/mongrel-and-rails-behind-apache-2-2-and-ssl
http://mongrel.rubyforge.org/docs/apache.html

-Mike Subelsky
subelsky.com