3

I have successfully deployed my Rails app to the Google App Engine (my domain is also hosted by Google), and now I would like to redirect anyone going to my http:// address to my https:// address.

I have found the documentation to do so for a Python app here using the handlers element in the app.yaml file, and have attempted to replicate it in my own.

My app.yaml file now contains this:

handlers:
- url: /.*
script: config/application.rb
secure: always
redirect_http_response_code: 301

However I can still visit http:// without being redirected, and I think that it's because of the script: config/application.rb option that I've passed. I have no idea which file I should use or what that file should contain in a Rails app. Deployment breaks if I do not pass the script option.

Let me know if you need any more info, and thanks in advance for your help!

ErvalhouS
  • 4,178
  • 1
  • 22
  • 38
FelixFortis
  • 684
  • 6
  • 16
  • In this case it's the fact that it's a Rails app that makes it unique. Other answers have answered the same question for Python/Java etc, but none for Rails yet. – FelixFortis Mar 31 '18 at 12:57
  • 1
    @FelixFortis The doc you mentioned is for the standard environment, Ruby is only supported on the flexible one. This might be of interest: https://stackoverflow.com/questions/45842772/how-to-tell-if-a-google-app-engine-documentation-page-applies-to-the-standard-or – Dan Cornilescu Mar 31 '18 at 16:28
  • Thanks Dan, I'm new to gcloud and that was very helpful – FelixFortis Mar 31 '18 at 16:32
  • Related: https://stackoverflow.com/questions/41944776/force-ssl-on-app-engine-flexible-environment-custom-runtime – Dan Cornilescu Mar 31 '18 at 16:37

1 Answers1

2

Well you can enforce SSL through your app's config/environments/production.rb file, you just need to add one line:

Rails.application.configure do
    # Other code...
    config.force_ssl = true # add this line to force HTTPS on production 
end

This will do 3 things for your application, actually:

  1. TLS redirect
  2. Secure cookies: Sets the secure flag on cookies
  3. HTTP Strict Transport Security (HSTS)

Read more about your application's configuration at http://guides.rubyonrails.org/configuring.html

ErvalhouS
  • 4,178
  • 1
  • 22
  • 38