瘦和ssl:http请求的Rails不会自动重定向到https [英] Rails with thin and ssl: http request not auto-redirected to https
问题描述
最近我想通过https 最简单的方式来保护我的rails 4.2.1应用。我找到了这个问题以及关于WEBrick + SSL的答案,都引用了这篇文章遗憾的是,不再可以访问。然后我发现这个答案建议使用thin(命名使用thin的其他优点)。然后我跟着这个分步指南,最后运行瘦启动--ssl --ssl-key-file .ssl / key.pem --ssl-cert-file .ssl / cert.pem -e production
带有自签名证书。我的 config / environments / production.rb
包含 config.force_ssl = true
。
Recently I wanted to secure my rails 4.2.1 app with https the easiest way. I found this question as well as this answer about WEBrick+SSL, both referencing to this post which is unfortunately not reachable any more. Then I found this answer recommending to use thin instead (naming other advantages of using thin). Then I followed this step-by-step guide, finally running thin start --ssl --ssl-key-file .ssl/key.pem --ssl-cert-file .ssl/cert.pem -e production
with self-signed certificate. My config/environments/production.rb
contains config.force_ssl = true
.
现在我想通过输入 example.com
来正常访问网络,希望自动重定向到 https://example.com
但这不会发生。键入looong https://example.com
工作正常。 此处是一个具有类似问题的2年问题,但任何答案都不起作用,而且某些内容也可能已更改从那以后。
Now I would like to access the web normally by typing example.com
expecting to be automatically redirected to https://example.com
but this does not happen. Typing looong https://example.com
works fine. Here is a 2-year-old question with similar issue but any answer doesn't work either and something could have also changed since then.
我怎样才能让它发挥作用?或者是否有任何不同的最近但很简单的方法来开始使用带有rails的ssl?谢谢!
How can I make it work? Or is there any different recent but simple enough way to start using ssl with rails? Thanks!
推荐答案
在 config / environment / production.rb 文件中,确保您拥有以下内容:
In your config/environment/production.rb file make sure you have the following:
config.force_ssl = true
还要确保在 config / initializers / session_store.rb 中更新您的Cookie设置:
Also make sure to update your cookie settings in config/initializers/session_store.rb:
Rails.application.config.session_store :cookie_store, key: '_secure_domain_session', httponly: true, secure: true
您还需要在 config / initializers / devise.rb 文件中指定 secure:true
使用Devise
You also need to specify secure: true
in the config/initializers/devise.rb file if you are using Devise
还要确保清除浏览器上的缓存
Also make sure to clear the cache on your browser
这篇关于瘦和ssl:http请求的Rails不会自动重定向到https的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!