Ruby on rails: force_ssl not redirecting from http to https when using thin start --ssl

Question

I have been trying to configure my rails project to use SSL (as application wide) with thin (by adding thin gem and placing config.force_ssl = true to application.rb) but as a result, I have an annoying problem.

When I start my rails server using rails s and try to access http://localhost:3000 it redirects to https://localhost:3000 which is correct, however it will complain about missing SSL certification..

SSL connection error

Unable to make a secure connection to the server. This may be a problem with the server, or it may be requiring a client authentication certificate that you don't have.

On the other hand, If I start my application using thin start --ssl and try to access http://localhost:3000 it doesn't redirect to https://localhost:3000 and complains about this:

No data received

Unable to load the webpage because the server sent no data.

but by accessing https://localhost:3000 it just shows certificate warning but it all works after agreeing to continue.

So my question is, How can I make http to https redirection work when using SSL with thin in (development mode)?

Perfect answer would contain possibility to start server normally by using rails s while SSL would be enabled application wide and accessing http redirects to https and all works! :)

Thanks in advance, have been searching for hours but cant find an answer.

did you find a solution to this. I am trying this on a Rails4 app. — Alok Swain, Apr 02 '14 at 11:59

score 0 · Answer 1 · answered Aug 14 '13 at 08:50

0

You should install your own openssl signed certificate. You can find more information on this page

answered Aug 14 '13 at 08:50

attin83

115
3
8

score 0 · Answer 2 · answered Aug 14 '13 at 10:59

0

Your PC as (localhost) can self sign SSL certificate and your browser can accept it, but i think that browser will not automatically accept certificate with security on that layer. Maybe to try to add your localhost certificate to the browser ?

answered Aug 14 '13 at 10:59

user12733

153
1
1
11

score 0 · Answer 3 · edited May 23 '17 at 11:53

0

Verify config/environments/development.rb has the following line

config.force_ssl = true

Refer the post thin with ssl support and ruby debug and the responses(from nathan and shree) that has more information on this subject:

edited May 23 '17 at 11:53

Community

1
1

answered Aug 14 '13 at 12:10

Shree

798
5
13

score 0 · Answer 4 · answered Feb 21 '17 at 15:39

Use ngrok (https://ngrok.com/). It's free. Installation is easy.

Just start up your server, then in another terminal window run

ngrok http 3000

ngrok will give you an address that loops back to your dev machine - something like http://randomstringhere.ngrok.io

Put that in your browser and you'll see it redirect to https://randomstringhere.ngrok.io, still routing to your server on port 3000

score -1 · Answer 5 · edited Dec 28 '13 at 02:08

-1

Here is the simplest solution.

https://makandracards.com/makandra/15903-using-thin-for-development-with-ssl

edited Dec 28 '13 at 02:08

jefflunt

33,527
7
88
126

answered Aug 16 '13 at 10:44

user2534381

215
1
3
9

Ruby on rails: force_ssl not redirecting from http to https when using thin start --ssl

5 Answers5

Linked