Skip to content

Rack middleware for forcing SSL connections for specific subdomains of your application

License

Notifications You must be signed in to change notification settings

noiseunion/ssl_enforcer

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

33 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

SSL Enforcer

SSL Enforcer was created to make it dead simple to force SSL connections for specific subdomains in your rails application. Although it was designed to support rails applications built with modularized sections separated by subdomains, it can also be used to force SSL connections on a single domain site as well.

Installation

Add it to your Gemfile:

gem "ssl_enforcer"

And then run bundle install to install it.

Usage

To use SSL Enforcer after installing it open config/environments/production.rb and add the following line:

## Force SSL Connections for all domains/subdomains
config.middleware.use SSLEnforcer::Enforcer

This will force SSL connections for the entire application.

If you would like to force SSL connections for a specific subdomain only, you can use the :only option:

## Force SSL Connections for specific subdomains
config.middleware.use SSLEnforcer::Enforcer, :only => [:secure]

By specifying the secure subdomain as the one to force SSL on, all connections to "https://secure.mydomain.com" will be forced redirected using a 301 redirect to "https://secure.mydomain.com". Connections to "http://www.mydomain.com/" would be left untouched.

If you have several different subdomains in your application that you would like to force SSL connections on, you can do so by providing an array of the subdomains to be enforced.

# Force SSL Connections on multiple subdomains
config.middleware.use SSLEnforcer::Enforcer, :only => [:secure, :checkout, :protected]

This will enforce SSL connections for "secure.mydomain.com", as well as "checkout.mydomain.com" and "protected.mydomain.com".

Subdomain Exceptions

You can specify subdomain exceptions that should not be forced to HTTPS. This can be handy in the event that you application supports "wildcard" subdomains. You may want to force SSL on all of the application subdomains, except say your public website "www". You can do this using the :except option:

## Force SSL connections for all requests except the website
config.middleware.use SSLEnforcer::Enforcer, :except => [:www]

SSL Enforcer will not provide SSL certificates. You should first configure your server environment to properly support SSL connections before using SSL Enforcer.

NOTE The only and except options must be passed an array.

Bug Reports

If you run into any issues feel free to create an issue on GitHub. The more information you can provide about the issue and your environment the better. We'll do the best we can to resolve issues quickly.

Credit where credit is due

This Gem was inspired by rack-www by stjhimy.

License

MIT License. Copyright © 2012 Digital Opera, LLC. www.digitalopera.com

About

Rack middleware for forcing SSL connections for specific subdomains of your application

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages