-
-
Save abachman/851492 to your computer and use it in GitHub Desktop.
# proxying through apache to a local rails instance, http & https | |
# apache *.conf file | |
<VirtualHost *:80> | |
ServerName psl.localhost | |
ServerAlias cms.psl.localhost | |
ServerAlias *.psl.localhost | |
ProxyPass / http://localhost:3000/ | |
ProxyPassReverse / http://localhost:3000/ | |
</VirtualHost> | |
<VirtualHost *:443> | |
ServerName psl.localhost | |
ServerAlias cms.psl.localhost | |
ServerAlias *.psl.localhost | |
SSLEngine on | |
SSLOptions +StrictRequire | |
SSLCertificateFile /home/adam/workspace/psl/cms/config/development/server.crt | |
SSLCertificateKeyFile /home/adam/workspace/psl/cms/config/development/server.key | |
SSLProxyEngine on # make sure apache knows SSL is okay to proxy | |
RequestHeader set X_FORWARDED_PROTO 'https' # make sure Rails knows it was an SSL request | |
ProxyPass / http://localhost:3000/ # NOTE: http not https | |
ProxyPassReverse / http://localhost:3000/ # NOTE: http not https | |
</VirtualHost> |
Lifesaver. I'd been having a ActionController::InvalidAuthenticityToken
error on certain form submits, and when I looked closer it said that HTTP Origin header (https://myapp.com) didn't match request.base_url (http://myapp.com)
.
I didn't know why the base_url was http when I'd set up apache for https. After research, I discovered that somehow Apache wasn't "telling" rails/puma that the requests were https. However, most of the solutions to this problem were for Nginx.
This script was the final peice I needed to fix the problem. Hugely appreciated, thank you!
NOTES:
I had to run sudo a2enmod headers
so that apache2 would support the RequestHeader (I had to restart apache after with service apache2 restart
)
Also, though helpful, for some reason Apache interpreted your comments as commands and was giving "too many arguments" errors. So I deleted your comments in the config file.
In Rails application config file (development.rb, though can also be production.rb depending on which one you're running), I set config.force_ssl = true
With all that done, everything worked perfectly, and authentication issues disappeared.
Great. Easier to find X_FORWARDED_PROTO here in the gist that in the documentation of apache or puma
Thanks you so much about Request Header info.
NOTES:
If running Rails version 5.x, Request Header need change to:
RequestHeader set X-Forwarded-Proto 'https'
Thanks.
good job
not all heroes wear capes
i always get
80
when runrequest.port
, i expect to be443
since i put the proxy reverse on443
.your
RequestHeader
really save me.Thanks a lot