-
Hello, I have MRSK setup on a couple EC2s and am looking to setup SSL termination using Cloudflare or a LB (ive actually done both separately to get familiar with mrsk and Traefik). My app is running 7.0.4.3 so i cant use Rails 7.1's new Im running into I had something similar to the following working in the first version of MRSK released, however it no longer works. I am unsure why.
Thanks in advance! |
Beta Was this translation helpful? Give feedback.
Replies: 3 comments 3 replies
-
If you're on Rails 7.0, you can simply inject Rails 7.1's assume_ssl middleware on your own. Create a # When proxying through a load balancer that terminates SSL, the forwarded request will appear
# as though its HTTP instead of HTTPS to the application. This makes redirects and cookie
# security target HTTP instead of HTTPS. This middleware makes the server assume that the
# proxy already terminated SSL, and that the request really is HTTPS.
class AssumeSSL
def initialize(app)
@app = app
end
def call(env)
env["HTTPS"] = "on"
env["HTTP_X_FORWARDED_PORT"] = 443
env["HTTP_X_FORWARDED_PROTO"] = "https"
env["rack.url_scheme"] = "https"
@app.call(env)
end
end
# TODO: delete this file once we're on Rails 7.1
Rails.application.config.middleware.insert_before(0, AssumeSSL) if Rails.env.production? And restart your app. You should be good to go. |
Beta Was this translation helpful? Give feedback.
-
For any other dense people staying up way too late trying to get this to work: This seems to require either some sort of load balancer (Digital Ocean or your preferred cloud provider). If you want to cheap out on it (for dev, staging, QA, etc) you still need to have Traefik setup to handle the certs (such as through Let's Encrypt). For Instance, you need this config (which is awesome thanks!) and you also need: I've added a few additional notes in there addressing some gotchas I ran into. |
Beta Was this translation helpful? Give feedback.
-
For the folks on AWS, you can achieve similar results to the MRSK Hetzner screencast example by using a "Classic Load Balancer" and placing a single server (or more) behind it. The new AWS LBs require multiple servers and multiple AZs (which is silly). |
Beta Was this translation helpful? Give feedback.
If you're on Rails 7.0, you can simply inject Rails 7.1's assume_ssl middleware on your own.
Create a
config/initializers/assume_ssl.rb
with: