Forcing SSL (possibly just Rails apps)


#1

I’ve noticed that when I try to set the force SSL setting to true in the Production environment of my site, Let’s Encrypt essentially breaks and the site becomes inaccessible. The only way I was able to fix this was by commenting out the line in config/environment/production.rb, redeploying and renewing (I think) the existing certificate on the server. Has anyone else experienced similar issues? If not, is this something I should expect on a non-Apache server and is it likely to get fixed in a later version of the application?

Also, I’m kind of new here and have never Beta tested anything before - is there someone that we can submit our findings to if we’ve managed to set up encryption on an as of yet unsupported OS?


#2

To clarify: so, until you force SSL your site is accessible via both HTTP and HTTPS, but when you do force, HTTPS breaks (and HTTP is n/a as intended)?
Also, how did you setup your server in regards to HTTPS (essentially I’m asking for your findings)?


#3

No, the site worked at first when I didn’t force SSL. But then I redeployed it with force SSL set to true and the site broke (I just saw a blank pink page when I tried to view it) so I had to remove it which means that a user would have to either use HTTPS Everywhere or manually type “https” into the address bar in order to view the site with encryption. I could be doing something wrong but if so I’m not sure what.

As for my findings…I’ve basically written out instructions for setting up SSL on a Ruby on Rails app with Puma/NginX on a standalone AWS server. I’m not really sure if that’s too specific to be useful and much of it had to do with the Puma/NginX side of things. The document I have so far is four A4 pages long which I thought would look weird in a forum (I could perhaps email or something). I did notice that Let’s Encrypt had to be run manually in AWS because the bootstrap tool didn’t work properly (or something…I posted somewhere else about that specifically) and, as others have mentioned, it doesn’t recognise existing installations of python2.7 on the server so one has to add the debug flag when installing the certificate.


#4

O_o I shall also ask you for logs.

As for findings: until a permanent place for them is found, pastebin or similar is a way to go, I think.


#5

I sort of struggle with the logs in AWS and haven’t found much use for them in this case. I think the issue occurred in between 09:20 and 10:30 GMT so the more relevant logs I’ve found are from around that time:
http://pastebin.com/vrNtpE0R
http://pastebin.com/9UMXbbnC
http://pastebin.com/vJRxBPuh
http://pastebin.com/PY8zuwET
http://pastebin.com/Zy0vY3se
http://pastebin.com/wps6DYZ9
http://pastebin.com/RdVPze2F

The installation instructions can be found at the following link which itself contains links to a few other relevant pastebin pages–> http://pastebin.com/MA7cgsT2


#6

I have a AWS OpsWorks Rails app working in production with the LE cert without issue. I have the ‘config.force_ssl = true’ set in production.rb.

to follow up on wldhx’s query, did HTTP and HTTPS work before you set the force_ssl to true? Are you sure this is not a AWS configuration issue?


#7

HTTP and HTTPS worked before I set force_ssl to true with my old settings and both stopped working when I set it to true. I looked into this again last week and made a few changes to /etc/nginx/conf.d/default.conf so now the site loads in HTTPS (with force_ssl set to false) but displays a 403 error when a user first visits the HTTP version (which I suppose is to be expected). I’m pretty sure now that it probably is just a configuration setting on my end but I unfortunately can’t get my head around it.

The new default.conf settings are here --> http://pastebin.com/fyxw5m3v


#8

I meet the exact same problem, but I have to say both Let’s encrypt and Rails force_ssl have no problem and can work together perfectly, the only possible problem is we need to set puma/Nginx config properly.

If you using very easy to use gem capistrano-puma, you need make sure setting :nginx_use_ssl properly.

Thanks all tricky, period.