I'm struggling to enforce an SSL connection for a rails app running on Heroku (EU region).
我正在努力为在Heroku(欧盟地区)上运行的rails应用强制执行SSL连接。
I've added the cert (inc Heroku SSL add-on) to a custom domain successfully (if I explicitly state https://..com it works perfectly)
我已成功将cert(包含Heroku SSL加载项)添加到自定义域(如果我明确声明https://..com它完美运行)
But I want to redirect all http requests to a https connection.
但我想将所有http请求重定向到https连接。
For apps in the US regions this require pointing custom domain DNS records to .herokussl.com NOT .herokuapp.com. Docs: https://devcenter.heroku.com/articles/ssl-endpoint#dns-and-domain-configuration
对于美国地区的应用,这需要将自定义域DNS记录指向.herokussl.com NOT .herokuapp.com。文档:https://devcenter.heroku.com/articles/ssl-endpoint#dns-and-domain-configuration
For apps in EU regions, custom DNS records should still point to .herokuapp.com which does not appear to enforce a SSL connection by default.
对于欧盟地区的应用,自定义DNS记录仍应指向.herokuapp.com,默认情况下,它似乎不会强制实施SSL连接。
Therefore, my question is: how can I make all connections to my Heroku app running in Europe be forced to run through SSL?
因此,我的问题是:如何才能使我在欧洲运行的Heroku应用程序的所有连接都被强制运行SSL?
2 个解决方案
#1
26
production.rb
Rails.application.configure do
config.force_ssl = true
end
This will redirect all http traffic to https
这会将所有http流量重定向到https
Edit: Its worth noting that this is a Rails thing rather than a heroku one.
编辑:值得注意的是,这是一个Rails的东西,而不是一个heroku的东西。
Revision:
As this answer/question regularly gets seen and upvoted, it's also possible within a controller on a per request basis:
由于这个答案/问题经常被看到并被投票,因此在每个请求的控制器中也可以:
class AccountsController < ApplicationController
force_ssl if: :ssl_configured?
def ssl_configured?
!Rails.env.development?
end
end
#2
1
FYI your question mentions herokussl.com which is part of the deprecated Heroku SSL Endpoint service. Heroku now recommends using the Heroku SSL service:
仅供参考,您的问题提到了herokussl.com,它是已弃用的Heroku SSL端点服务的一部分。 Heroku现在建议使用Heroku SSL服务:
The SSL Endpoint add-on is only recommended if you need to support legacy browser clients which do not support SNI. Our default recommendation is to use the Heroku SSL described in this document.
仅当您需要支持不支持SNI的旧版浏览器客户端时,才建议使用SSL端点加载项。我们的默认建议是使用本文档中描述的Heroku SSL。
Also note that appname.herokuapp.com domains are already SSL-enabled and can be accessed by using https, for example, https://appname.herokuapp.com.
另请注意,appname.herokuapp.com域已启用SSL,可以使用https访问,例如https://appname.herokuapp.com。
#1
26
production.rb
Rails.application.configure do
config.force_ssl = true
end
This will redirect all http traffic to https
这会将所有http流量重定向到https
Edit: Its worth noting that this is a Rails thing rather than a heroku one.
编辑:值得注意的是,这是一个Rails的东西,而不是一个heroku的东西。
Revision:
As this answer/question regularly gets seen and upvoted, it's also possible within a controller on a per request basis:
由于这个答案/问题经常被看到并被投票,因此在每个请求的控制器中也可以:
class AccountsController < ApplicationController
force_ssl if: :ssl_configured?
def ssl_configured?
!Rails.env.development?
end
end
#2
1
FYI your question mentions herokussl.com which is part of the deprecated Heroku SSL Endpoint service. Heroku now recommends using the Heroku SSL service:
仅供参考,您的问题提到了herokussl.com,它是已弃用的Heroku SSL端点服务的一部分。 Heroku现在建议使用Heroku SSL服务:
The SSL Endpoint add-on is only recommended if you need to support legacy browser clients which do not support SNI. Our default recommendation is to use the Heroku SSL described in this document.
仅当您需要支持不支持SNI的旧版浏览器客户端时,才建议使用SSL端点加载项。我们的默认建议是使用本文档中描述的Heroku SSL。
Also note that appname.herokuapp.com domains are already SSL-enabled and can be accessed by using https, for example, https://appname.herokuapp.com.
另请注意,appname.herokuapp.com域已启用SSL,可以使用https访问,例如https://appname.herokuapp.com。