瘦和ssl：http请求的Rails不会自动重定向到https [英] Rails with thin and ssl: http request not auto-redirected to https

问题描述

最近我想通过https 最简单的方式来保护我的rails 4.2.1应用。我找到了这个问题以及关于WEBrick + SSL的答案，都引用了这篇文章遗憾的是，不再可以访问。然后我发现这个答案建议使用thin（命名使用thin的其他优点）。然后我跟着这个分步指南，最后运行瘦启动--ssl --ssl-key-file .ssl / key.pem --ssl-cert-file .ssl / cert.pem -e production 带有自签名证书。我的 config / environments / production.rb 包含 config.force_ssl = true 。

Recently I wanted to secure my rails 4.2.1 app with https the easiest way. I found this question as well as this answer about WEBrick+SSL, both referencing to this post which is unfortunately not reachable any more. Then I found this answer recommending to use thin instead (naming other advantages of using thin). Then I followed this step-by-step guide, finally running thin start --ssl --ssl-key-file .ssl/key.pem --ssl-cert-file .ssl/cert.pem -e production with self-signed certificate. My config/environments/production.rb contains config.force_ssl = true.

现在我想通过输入 example.com 来正常访问网络，希望自动重定向到 https://example.com 但这不会发生。键入looong https://example.com 工作正常。 此处是一个具有类似问题的2年问题，但任何答案都不起作用，而且某些内容也可能已更改从那以后。

Now I would like to access the web normally by typing example.com expecting to be automatically redirected to https://example.com but this does not happen. Typing looong https://example.com works fine. Here is a 2-year-old question with similar issue but any answer doesn't work either and something could have also changed since then.

我怎样才能让它发挥作用？或者是否有任何不同的最近但很简单的方法来开始使用带有rails的ssl？谢谢！

How can I make it work? Or is there any different recent but simple enough way to start using ssl with rails? Thanks!

推荐答案

在 config / environment / production.rb 文件中，确保您拥有以下内容：

In your config/environment/production.rb file make sure you have the following:

config.force_ssl = true

还要确保在 config / initializers / session_store.rb 中更新您的Cookie设置：

Also make sure to update your cookie settings in config/initializers/session_store.rb:

Rails.application.config.session_store :cookie_store, key: '_secure_domain_session', httponly: true, secure: true

您还需要在 config / initializers / devise.rb 文件中指定 secure：true 使用Devise

You also need to specify secure: true in the config/initializers/devise.rb file if you are using Devise

还要确保清除浏览器上的缓存

Also make sure to clear the cache on your browser

这篇关于瘦和ssl：http请求的Rails不会自动重定向到https的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！