SSL 与 Ruby on Rails

发布于 2024-08-18 16:36:51 字数 266 浏览 3 评论 0原文

我需要做什么才能让我的 Ruby on Rails 应用程序获得使用 https 的流量？我安装了证书，如果我在访问网站时在地址栏中手动输入“https://”，则会出现小锁图标，但只需在浏览器中手动访问 www.example-app.com 即可通过 http 发送流量://.

是否有一些单行配置或者比这更复杂？我以前从未处理过 SSL，所以如果我听起来好像我不知道发生了什么，请原谅。

我在 (gs) 的 MediaTemple 托管，如果这很重要或者任何人都有这样的设置经验。

原文

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

仅此而已 2024-08-25 16:36:51

查看 ssl_requirement gem。

它允许您在控制器中指定哪些操作应该通过 https 提供服务以及哪些操作可以通过 https 提供服务。然后它将负责从 http 到 https 的重定向，反之亦然。

从文档中：

class ApplicationController < ActiveRecord::Base
  include SslRequirement
end

class AccountController < ApplicationController
  ssl_required :signup, :payment
  ssl_allowed :index

  def signup
    # Non-SSL access will be redirected to SSL
  end

  def payment
    # Non-SSL access will be redirected to SSL
  end

  def index
    # This action will work either with or without SSL
  end

  def other
    # SSL access will be redirected to non-SSL
  end
end

Check out the ssl_requirement gem.

It lets you specify in your controllers which actions should be served over https and which actions can be served over https. It will then take care of redirecting from http to https and vice-versa.

From the documentation:

class ApplicationController < ActiveRecord::Base
  include SslRequirement
end

class AccountController < ApplicationController
  ssl_required :signup, :payment
  ssl_allowed :index

  def signup
    # Non-SSL access will be redirected to SSL
  end

  def payment
    # Non-SSL access will be redirected to SSL
  end

  def index
    # This action will work either with or without SSL
  end

  def other
    # SSL access will be redirected to non-SSL
  end
end

回复收藏 0 原文

逐鹿 2024-08-25 16:36:51

Ruby on Rails 是一个应用程序框架，而不是一个 Web 服务器。您需要更改的 HTTPS 配置位于您的 Web 服务器（Apache、nginx 等）配置中。

回复收藏 0 原文

薄荷→糖丶微凉 2024-08-25 16:36:51

这非常简单，而且不需要宝石。我在博客中写了如何在 Rails 中不使用 www 进行重定向这里。重定向到 https 是（几乎）完全相同的。

class ApplicationController < ActionController::Base
  before_filter :redirect_to_https

  def redirect_to_https
    redirect_to "https://example.com#{request.fullpath}" if !request.ssl? && request.host != "localhost"
  end
end

将 before_filter 应用于您想要确保受到 SSL 安全保护的任何内容。我通常是代码重用和宝石的一员，但这个却简单得可笑。详细了解 request.protocol。（请注意，在 Ruby 1.9.3 / Rails 3.2 环境中，名称为 request.fullpath；在某些早期版本中，名称为 request.request_uri；请参阅发行说明， ETC。）

It's pretty easy, and you don't need a gem for it. I blogged how to redirect without www in rails here. Redirecting to https is (almost) exactly the same.

class ApplicationController < ActionController::Base
  before_filter :redirect_to_https

  def redirect_to_https
    redirect_to "https://example.com#{request.fullpath}" if !request.ssl? && request.host != "localhost"
  end
end

Apply your before_filter on anything that you want to make sure is kept behind the SSL security. I'm usually one for code reuse and gems, but this one is ridiculously simple. Read more about request.protocol. (Note that in the Ruby 1.9.3 / Rails 3.2 environment, the name is request.fullpath; in some earlier versions, it was request.request_uri; see the release notes, etc.)

回复收藏 0 原文