Hello, I am configuring apache 2.2 to serve my rails app through passenger. First, I redirect all http traffic to https with the following: This is my web server apache conf file. ServerName sampleapp NameVirtualHost *:80 <VirtualHost *:80> Options FollowSymLinks RewriteEngine On RewriteCond %{SERVER_PORT} !^443$ RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R] </VirtualHost> Inside the <VirtualHost *:443> section, I have the following configuration, which seems extremely standard: <Directory /> Options FollowSymLinks AllowOverride None Order deny,allow Deny from none Allow from all </Directory> ProxyPreserveHost on ErrorLog "/usr/local/apache2/logs/error_log" TransferLog "/usr/local/apache2/logs/access_log" SSLEngine on <Proxy balancer://hotcluster> BalancerMember http://appserver:8010/ </Proxy> ProxyPass / balancer://hotcluster/ ProxyPassReverse / balancer://hotcluster/ SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateKeyFile "/home/sasi/test.key" SSLCACertificateFile "/home/sasi/test.cer" SSLCertificateChainFile "/home/sasi/test1.cer" <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> <Directory "/usr/local/apache2/cgi-bin"> SSLOptions +StdEnvVars </Directory> BrowserMatch ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog "/usr/local/apache2/logs/ssl_request_log" \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" RequestHeader set X_FORWARDED_PROTO "https" RewriteEngine On RewriteCond %{SERVER_PORT} !^443$ RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R] RewriteCond %{HTTPS} !=on RewriteRule ^/(.*) https://%{SERVER_NAME}%{REQUEST_URI} [L,R] ProxyRequests Off <Proxy *> Order Allow,Deny Allow from all AuthType Basic AuthName Transmission AuthUserFile /etc/apache2/users # Require user me </Proxy> </Virtualhost> In my app server i point my application which runs with passenger , apache in 8010 port <VirtualHost *:8010> RailsEnv development DocumentRoot /home/appserver/sampleapp/public <Directory /> Options FollowSymLinks AllowOverride None Order deny,allow Deny from none Allow from all </Directory> ProxyPreserveHost on RequestHeader set X_FORWARDED_PROTO "https" ProxyPass /images ! ProxyPass /stylesheets ! ProxyPass /javascripts ! RewriteEngine on RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK) [NC] RewriteRule ^(.*)$ - [F,L] RewriteCond %{REQUEST_METHOD} !^(OPTIONS|GET|POST)$ [NC] RewriteRule .* - [F,L] </VirtualHost> When I point my browser to "https://sampleapp/session/new" I get the login page that I expect. After giving the login credentials my site url changes from https to http as (http://sampleapp/home) instead of staying in (https://sampleapp/home). If i manually change the url to "https". It stays fully in https . The way in which i have written rewrite condition in app server and web server is right? Can anybody suggest me . Please Help! Sasi -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.