Multiple redirects in rails when redirecting to HTTPS
The situation is as follows: I am using Rails 3.1.
I have the following route:
match 'login', :to => 'sessions#new'
Pretty standard. I also have this redirect rule in my Apache virtual hosts file:
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule (/login$) https://%{HTTP_HOST}%{REQUEST_URI}
When I go to https: //hostname.dom/login I get a 301 status code from my browser (too many redirects). Can someone point out what's going on behind the hood here? Thank.
source to share
I would handle this redirection via rails instead of apache. Less chance of errors and removes your rails app's connection to a specific webserver (apache in this case).
For Rails 3.0.X and previous use
SSL_Requirement and for 3.1.X and then use it in force_ssl '.
Ssl_requirement example:
class ApplicationController < ActiveRecord::Base
include SslRequirement
end
class SessionController < ApplicationController
ssl_required :new, :create
def new
# Non-SSL access will be redirected to SSL
end
end
Example
force_ssl:
class SessionController < ApplicationController
force_ssl :only => :new, :create
def new
# Non-SSL access will be redirected to SSL
end
end
source to share
I would advise against using SSL-hanldling at the application level if you have access to the web server configuration and each page needs to be behind HTTPS connections. Why is this?
While you are working on a simple application, there is no reason to have load balancing between the application and the outside. But when you have to manage load balancing and have a backup environment, Load Balancer is the solutuon.
Since SSL handshaking and sign request require CPU cycles, the Load Balancer can talk to every non-SSL backend web server outside.
If your application grows , think of parts of the environment as layers . Each of the layers is responsible. Confusion of responsibility can only take place if you want to.
source to share
Well the answer was more or less a missed virtual host configuration. There were NameVirtualHost directives spreading literally all over the place in split files, each setting up its own virtual hosts. Since then I have combined all the NameVirtualHost directives into one file that is loaded before any virtual host is loaded.
One of the virtual hosts was actually using the wrong host. In particular, both the middle tier and dev / test environment are installed locally, but unfortunately available via differnet urls. One was http: //data.localhost/ configured in / etc / hosts and the other was http://data.domain.name/ . So the former allows 127.0.0.1 and the other allows 192.168.xx However, both virtual hosts tried to resolve 127.0.0.1, so obviously this was breaking things. I just specified the correct named hosts for each host config and re-enabled the rewrite rules and it was fine with redirecting from HTTP to HTTPS when accessing the login page and vice versa for accessing every other page.
TL; DR , you should probably always have one file that has all of your NameVirtualHost directives and make sure this is loaded in front of all your virtual hosts. It will save you many, many headaches. Also actively think about whether your virtual host that is wrapping you up is actually using the correct host. Then make sure the ServerName directive does not conflict with other virtual hosts, and you have a happy Apache virtual family!
source to share