Skip to content

Instantly share code, notes, and snippets.

@abachman

abachman/apache-rails-proxy-ssl

Created March 2, 2011 19:06
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save abachman/851492 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save abachman/851492 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
apache-rails-proxy-ssl
# proxying through apache to a local rails instance, http & https
# apache *.conf file
<VirtualHost *:80>
ServerName psl.localhost
ServerAlias cms.psl.localhost
ServerAlias *.psl.localhost
ProxyPass / http://localhost:3000/
ProxyPassReverse / http://localhost:3000/
</VirtualHost>
<VirtualHost *:443>
ServerName psl.localhost
ServerAlias cms.psl.localhost
ServerAlias *.psl.localhost
SSLEngine on
SSLOptions +StrictRequire
SSLCertificateFile /home/adam/workspace/psl/cms/config/development/server.crt
SSLCertificateKeyFile /home/adam/workspace/psl/cms/config/development/server.key
SSLProxyEngine on # make sure apache knows SSL is okay to proxy
RequestHeader set X_FORWARDED_PROTO 'https' # make sure Rails knows it was an SSL request
ProxyPass / http://localhost:3000/ # NOTE: http not https
ProxyPassReverse / http://localhost:3000/ # NOTE: http not https
</VirtualHost>
@dckap-admin
Copy link

dckap-admin commented Aug 4, 2017

wow awesome

@ryanammons
Copy link

ryanammons commented Feb 20, 2018

I so wish this had come up in my searches sooner...Thank you SOOO much.

@esgi-dendyanri
Copy link

esgi-dendyanri commented Jan 18, 2019

not all heroes wear capes

i always get 80 when run request.port, i expect to be 443 since i put the proxy reverse on 443.
your RequestHeader really save me.

RequestHeader set X_FORWARDED_PROTO 'https'

Thanks a lot

@DavidAPC
Copy link

DavidAPC commented Jan 30, 2019
edited
Loading

Lifesaver. I'd been having a ActionController::InvalidAuthenticityToken error on certain form submits, and when I looked closer it said that HTTP Origin header (https://myapp.com) didn't match request.base_url (http://myapp.com).

I didn't know why the base_url was http when I'd set up apache for https. After research, I discovered that somehow Apache wasn't "telling" rails/puma that the requests were https. However, most of the solutions to this problem were for Nginx.

This script was the final peice I needed to fix the problem. Hugely appreciated, thank you!

NOTES:

I had to run sudo a2enmod headers so that apache2 would support the RequestHeader (I had to restart apache after with service apache2 restart)

Also, though helpful, for some reason Apache interpreted your comments as commands and was giving "too many arguments" errors. So I deleted your comments in the config file.

In Rails application config file (development.rb, though can also be production.rb depending on which one you're running), I set config.force_ssl = true

With all that done, everything worked perfectly, and authentication issues disappeared.

@arivero
Copy link

arivero commented Oct 23, 2019

Great. Easier to find X_FORWARDED_PROTO here in the gist that in the documentation of apache or puma

@flight1976
Copy link

flight1976 commented Dec 14, 2020

Thanks you so much about Request Header info.

NOTES:
If running Rails version 5.x, Request Header need change to:
RequestHeader set X-Forwarded-Proto 'https'

@raghu777
Copy link

raghu777 commented Aug 11, 2022

Thanks.

@alexsulbaran
Copy link

alexsulbaran commented Oct 27, 2023

good job

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment