16

I just installed an SSL certificate on my site. Unfortunately it has broken the login functionality. After submitting the login form on the site it just redirects to the home page. Checking the rails log shows this error:

(https://example.com) didn't match request.base_url (http://example.com)

Here is my virtualhosts file. I guess I need to force SSL somehow?

<VirtualHost *:80>
   ServerName example.com
   ServerAlias www.example.com
   Redirect permanent / https://example.com/
</VirtualHost>

<VirtualHost *:443>
   ServerAdmin hello@example.com
   ServerName example.com
   ServerAlias www.example.com
   SSLEngine on
   SSLCertificateFile /home/user/sharetribe/lib/certificates/www_example_com.crt
   SSLCertificateKeyFile /home/user/sharetribe/lib/certificates/example.com.key
   SSLCertificateChainFile /home/user/sharetribe/lib/certificates/www_example_com.ca-bundle

   ProxyRequests Off
   <Proxy *>
      Order deny,allow
      Allow from all
   </Proxy>
   ProxyPass / http://localhost:3000/
   ProxyPassReverse / http://localhost:3000/
</VirtualHost>
Matt Hough
  • 819
  • 2
  • 8
  • 22

3 Answers3

18

Just run in to the same error. In config/environments/production.rb make sure you have set:

config.force_ssl = true

While not strictly related to this issue, after setting this setting you will need to ensure that your reverse proxy (if you have one) is set up to forward the protocol used to rails by sending the X-Forwarded-Proto header from the proxy to rails. The way this is done depends on which reverse proxy you use (Apache, nginx, etc) and how you have configured it so it's best you look up the specific documentation for the reverse proxy you are using.

Qwertie
  • 3,602
  • 6
  • 34
  • 66
  • Thanks I will check that out when I can get to it tomorrow. – Matt Hough Dec 20 '17 at 07:09
  • 1
    Sorry for the delay in responding. That gives me a too many redirect error. – Matt Hough Dec 24 '17 at 11:11
  • 1
    Yep, Thats an error in your gateway config. Your gateway (nginx, apache) isn't letting rails know which protocol is being used so rails thinks you are using http and tries to redirect you to where you already are. https://stackoverflow.com/questions/16223470/nginx-can-not-forward-the-request-protocol-correctly-to-upstream – Qwertie Dec 24 '17 at 13:09
  • I don't use apache much but you need to set `proxy_set_header X-Forwarded-Proto` to https to let rails know you are using https already. – Qwertie Dec 26 '17 at 00:29
  • Ok I've fixed it. I had set the apache equivalent of `proxy_set_header X-Forwarded-Proto` before which is `RequestHeader set X-Forwarded-Proto`, however it didn't work. I just discovered that I needed to run `sudo a2enmod headers` to install the module for that command. After restarting apache and setting the headers like you said, it works. If you can add that to your answer I will accept it. Thanks! – Matt Hough Dec 26 '17 at 01:20
  • 3
    I run into the same issue. After upgrading to SSL I forgot to change `X-Forwarded-Proto` to `https`. I didn't notice before because Firefox worked ok, but Chrome complained. – Luis Lezcano Airaldi Aug 07 '18 at 19:31
16

As rails application server is running behind webserver which is SSL enabled. But the application server is not aware of it and continue with HTTP protocol. Due to which request.base_url gives HTTP URL.

To let the application server know that SSL is enabled and used the https protocol, you need explicitly tell application server.

In the Nginx web server, I have used,

proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Ssl on;

For Apache web server, need to find similar settings.

I think using config.force_ssl = true can solve a problem but not properly since this config, change all HTTP request into HTTPS. Means if someone requests with HTTP it will redirect to HTTPS. config.force_ssl = true will not work in case of API's were you were sending URLs to the client side.

Rahul Chaudhari
  • 1,960
  • 17
  • 29
7

I had a similar issue while using Cloudflare's Flexible SSL. I changed it to Full, and activated SSL on my Heroku server.

Found the solution here: http://til.obiefernandez.com/posts/875a2a69af-cloudflare-flexible-ssl-mode-breaks-rails-5-csrf

Zavitoski
  • 193
  • 1
  • 10
  • 2
    @Zavitoski thank you so much! I can confirm the issue(with Cloudflare) and the solution(Flexible=>Full) SSL setting. It works like a charm! – Nikita Fedyashev Dec 31 '18 at 12:38