[Ruby on Rails] Setting for Always Using HTTPS Connection: config.force_ssl = true

Tadashi Shigeoka ·  Thu, August 24, 2017

I’ll introduce how to configure Ruby on Rails to always use HTTPS/SSL connections.

Ruby on Rails | ルビーオンレイルズ

Enabling HTTPS/SSL

There are files for each environment name under the config/environments directory, so edit the file for the environment where you want to enable SSL.

ls -l config/environments
total 24
-rw-r--r--  1 username  staff   1.9K  8 19 10:45 development.rb
-rw-r--r--  1 username  staff   3.8K  8 30 00:26 production.rb
-rw-r--r--  1 username  staff   1.7K  8 19 10:45 test.rb

This time we’ll proceed with the following requirements:

  • In development environment, don't enable SSL and keep HTTP connections
  • In production environment, always enable SSL for HTTPS connections

Simply uncomment config.force_ssl = true in config/environments/production.rb as follows to complete the always-on SSL configuration.

diff --git a/config/environments/production.rb b/config/environments/production.rb
index 21e3919..7619814 100644
--- a/config/environments/production.rb
+++ b/config/environments/production.rb
@@ -49,7 +49,7 @@ Rails.application.configure do
 
 
   # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
-  # config.force_ssl = true
+  config.force_ssl = true

That’s all from the Gemba where we wanted to always use HTTPS/SSL connections in Ruby on Rails.