Rails - Mar 2011 - Rails 3 + SSL

After reading tons of posts about buying certs, etc, I''m still
confused.  Please point me in the right direction.  Here''s the
question:

I have a rails3 site (www.mysite.com).  I want to have some pages use
ssl, and some not.  It appears the require_ssl approach is pre-Rails3
and there are other alternatives.  Most of the posts I read talk about
using a diff domain for ssl (secure.mysite.com).  Doing that means I
have to flip domains and seems to get in the way of *_path niceties of
routes in rails3.

I realize I''m probably making this harder than it needs to be, but
it''s my first ssl implementation.

thanks for the replies in advance

-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.

https://www.eff.org/pages/how-deploy-https-correctly

Keep it simple, just host the entire site in HTTPS. This the approach
I am taking:

http://collectiveidea.com/blog/archives/2010/11/29/ssl-with-rails/

Hope this helps

Dave

On Mar 26, 11:57 am, jiblethead
<jibleth...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
> After reading tons of posts about buying certs, etc, I''m still
> confused.  Please point me in the right direction.  Here''s the
> question:
>
> I have a rails3 site (www.mysite.com).  I want to have some pages use
> ssl, and some not.  It appears the require_ssl approach is pre-Rails3
> and there are other alternatives.  Most of the posts I read talk about
> using a diff domain for ssl (secure.mysite.com).  Doing that means I
> have to flip domains and seems to get in the way of *_path niceties of
> routes in rails3.
>
> I realize I''m probably making this harder than it needs to be, but
> it''s my first ssl implementation.
>
> thanks for the replies in advance
-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.

using https is very simple. unless you are offering accounts based on
subdomains, like sean.yoursite.com, jiblethead.yoursite.com etc. then
you are going to need a wildcard subdomain to handle each domain with
the same certificate. it''s just as simple to setup but is a little
more expensive. but you still shouldn''t have to think about changing
your routes to use https in either case.

check out this post i wrote
http://seanbehan.com/linux/rails-ssl-ubuntu-apache2-w-phussion-on-ubunt/
about how to install an ssl certificate. essentially, you need to
create two virtual hosts (apache) and have them both go to the same
application. https is over port 443 while http is over port 80.

as far as your application is concerned, for rails 3 you can use
http://railsplugins.org/plugins/479-bartt-ssl-requirement .
essentially, all it does is redirect to a page w/ https:// when it
detects the protocol is http:// and the controller#action has been set
to use ssl.
the ssl_required means that you pages will only be served over https
(will be redirected to the same url but with https instead of http)
and ssl_allowed means that both protocols will server traffic.

class ApplicationController < ActionController::Base
  include ::SslRequirement
end

class AccountController < ApplicationController
  ssl_required :signup, :payment
  ssl_allowed :index

  def signup
    # Non-SSL access will be redirected to SSL
  end

  def payment
    # Non-SSL access will be redirected to SSL
  end

  def index
    # This action will work either with or without SSL
  end

  def other
    # SSL access will be redirected to non-SSL
  end
end

More at the docs http://rubydoc.info/gems/bartt-ssl_requirement/1.2.5/frames

On Mar 26, 11:57 am, jiblethead
<jibleth...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
> After reading tons of posts about buying certs, etc, I''m still
> confused.  Please point me in the right direction.  Here''s the
> question:
>
> I have a rails3 site (www.mysite.com).  I want to have some pages use
> ssl, and some not.  It appears the require_ssl approach is pre-Rails3
> and there are other alternatives.  Most of the posts I read talk about
> using a diff domain for ssl (secure.mysite.com).  Doing that means I
> have to flip domains and seems to get in the way of *_path niceties of
> routes in rails3.
>
> I realize I''m probably making this harder than it needs to be, but
> it''s my first ssl implementation.
>
> thanks for the replies in advance
-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.