Comments for Ruby on Rails, London - The Blog by Dynamic50 http://blog.dynamic50.com Ruby on Rails, London - The Blog by Dynamic50 Sat, 28 Jan 2012 04:38:18 +0000 hourly 1 http://wordpress.org/?v=3.3.1 Comment on SSL on wildcard domains on Heroku using GoDaddy by Frank http://blog.dynamic50.com/2011/02/15/ssl-on-wildcard-domains-on-heroku-using-godaddy/comment-page-1/#comment-4740 Frank Sat, 28 Jan 2012 04:38:18 +0000 http://blog.dynamic50.com/?p=1037#comment-4740 So i guess the question i have is: can i secure my domain "www.domain.com" so that it looks like "https://www.domain.com" on heroku with this wildcard SSl or is that impossible? So i guess the question i have is:

can i secure my domain “www.domain.com” so that it looks like “https://www.domain.com” on heroku with this wildcard SSl or is that impossible?

]]> Comment on Redirect all requests for www. to root domain with Heroku by David http://blog.dynamic50.com/2011/02/22/redirect-all-requests-for-www-to-root-domain-with-heroku/comment-page-1/#comment-4736 David Tue, 24 Jan 2012 18:34:41 +0000 http://blog.dynamic50.com/?p=1072#comment-4736 I apologize, the correct snippet is: def call(env) request = Rack::Request.new(env) unless request.ssl? url = request.url.sub("http://","https://") url = url.sub("//domain", "//www.domain") [301, {"Location" => url}, self] else @app.call(env) end end I apologize, the correct snippet is:
def call(env)
request = Rack::Request.new(env)
unless request.ssl?
url = request.url.sub(“http://”,”https://”)
url = url.sub(“//domain”, “//www.domain”)
[301, {"Location" => url}, self]
else
@app.call(env)
end
end

]]> Comment on Redirect all requests for www. to root domain with Heroku by David http://blog.dynamic50.com/2011/02/22/redirect-all-requests-for-www-to-root-domain-with-heroku/comment-page-1/#comment-4735 David Tue, 24 Jan 2012 18:32:57 +0000 http://blog.dynamic50.com/?p=1072#comment-4735 We purchased a wildcard SSL cert for our domain *.domain.com. If the customer comes to http://domain.com, however, the force_ssl option in Rack causes redirection to https://domain.com (which results in a certificate error since it doesn't match.) Your solution offered an example of how to build the domain redirect in Rack. My final script (below) does both together (see my comment above for why I didn't continue using the force_ssl option.) Anyway, for what it's worth, this will ensure that anyone using the URL domain.com is redirected to https://www.domain.com. This also ensures that any access to the site is redirected to SSL if not already. The one case that is not handled, where someone tries https://domain.com, is a red-herring because the customer will have already seen the certificate warning before this code is run. In that case the customer has accepted the certificate mismatch and there is no benefit in redirecting them. Here's the final snippet: def call(env) request = Rack::Request.new(env) unless request.ssl? url = request.url.sub("http://","https://") url = url.sub("//www.", "//") [301, {"Location" => url}, self] else @app.call(env) end end We purchased a wildcard SSL cert for our domain *.domain.com. If the customer comes to http://domain.com, however, the force_ssl option in Rack causes redirection to https://domain.com (which results in a certificate error since it doesn’t match.) Your solution offered an example of how to build the domain redirect in Rack. My final script (below) does both together (see my comment above for why I didn’t continue using the force_ssl option.) Anyway, for what it’s worth, this will ensure that anyone using the URL domain.com is redirected to https://www.domain.com. This also ensures that any access to the site is redirected to SSL if not already. The one case that is not handled, where someone tries https://domain.com, is a red-herring because the customer will have already seen the certificate warning before this code is run. In that case the customer has accepted the certificate mismatch and there is no benefit in redirecting them.

Here’s the final snippet:
def call(env)
request = Rack::Request.new(env)
unless request.ssl?
url = request.url.sub(“http://”,”https://”)
url = url.sub(“//www.”, “//”)
[301, {"Location" => url}, self]
else
@app.call(env)
end
end

]]> Comment on Redirect all requests for www. to root domain with Heroku by David http://blog.dynamic50.com/2011/02/22/redirect-all-requests-for-www-to-root-domain-with-heroku/comment-page-1/#comment-4734 David Tue, 24 Jan 2012 17:28:31 +0000 http://blog.dynamic50.com/?p=1072#comment-4734 I'm having an issue with this. Rack seems to enforce the config.force_ssl =true before the patch is run. Am I missing something? From config/environments/production.rb 35 config.middleware.use "WwwMiddleware" 36 37 # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies. 38 config.force_ssl = true I’m having an issue with this. Rack seems to enforce the config.force_ssl =true before the patch is run. Am I missing something?

From config/environments/production.rb
35 config.middleware.use “WwwMiddleware”
36
37 # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
38 config.force_ssl = true

]]> Comment on Redirect all requests for www. to root domain with Heroku by William Denniss http://blog.dynamic50.com/2011/02/22/redirect-all-requests-for-www-to-root-domain-with-heroku/comment-page-1/#comment-4730 William Denniss Thu, 19 Jan 2012 06:54:53 +0000 http://blog.dynamic50.com/?p=1072#comment-4730 @Tania van Wyk de Vries, you just need to add each subdomain as an add-on domain to heroku. i.e. add yourdomain.com and www.yourdomain.com. No paid add-on needed if you are happy adding all the subdomains you wish to use! @Tania van Wyk de Vries, you just need to add each subdomain as an add-on domain to heroku. i.e. add yourdomain.com and http://www.yourdomain.com. No paid add-on needed if you are happy adding all the subdomains you wish to use!

]]> Comment on Sitemap Generator for Ruby on Rails Applications by Alessandro Muraro http://blog.dynamic50.com/2010/01/27/sitemap-generator-for-ruby-on-rails-applications/comment-page-1/#comment-4726 Alessandro Muraro Sat, 03 Dec 2011 12:37:32 +0000 http://blog.dynamic50.com/?p=732#comment-4726 Hello, i get an error, undefined method `article_path' for Sitemap:Class /home/alex/Documents/Web/MYSITE/Rakefile:12 i added the lib in application.rb but now have no clue why it's not working... any hint? Thanks a lot! Hello, i get an error,

undefined method `article_path’ for Sitemap:Class
/home/alex/Documents/Web/MYSITE/Rakefile:12

i added the lib in application.rb but now have no clue why it’s not working… any hint?
Thanks a lot!

]]> Comment on Redirect all requests for www. to root domain with Heroku by Eric http://blog.dynamic50.com/2011/02/22/redirect-all-requests-for-www-to-root-domain-with-heroku/comment-page-1/#comment-4725 Eric Fri, 02 Dec 2011 19:59:12 +0000 http://blog.dynamic50.com/?p=1072#comment-4725 Awesome, this worked by copy paste - thanks a bunch! Awesome, this worked by copy paste – thanks a bunch!

]]> Comment on Redirect all requests for www. to root domain with Heroku by Federico http://blog.dynamic50.com/2011/02/22/redirect-all-requests-for-www-to-root-domain-with-heroku/comment-page-1/#comment-4724 Federico Tue, 29 Nov 2011 17:55:20 +0000 http://blog.dynamic50.com/?p=1072#comment-4724 Thanks for this! Worked like a charm on a Rails 3.1 app. Thanks for this! Worked like a charm on a Rails 3.1 app.

]]> Comment on SSL on wildcard domains on Heroku using GoDaddy by Jonathan Dance http://blog.dynamic50.com/2011/02/15/ssl-on-wildcard-domains-on-heroku-using-godaddy/comment-page-1/#comment-4722 Jonathan Dance Fri, 11 Nov 2011 01:13:13 +0000 http://blog.dynamic50.com/?p=1037#comment-4722 Hello, Your steps for combining / preparing your certificates for Heroku are incorrect. The steps should be as follows: 1. Combine your certificate with the GoDaddy bundle (gd_bundle.crt) which you can here: https://certs.godaddy.com/anonymous/repository.seam) to create your complete certificate: cat yourdomain.com.crt gd_bundle.crt > final.crt 2. Create a passphrase-free private key: openssl rsa -in mykey.key -out final.key 3. You can now add your finished certificates to Heroku: heroku ssl:add final.crt final.key 4. Then add your desired SSL addon: heroku addons:add ssl:hostname Thanks! Heroku Support Hello,

Your steps for combining / preparing your certificates for Heroku are incorrect. The steps should be as follows:

1. Combine your certificate with the GoDaddy bundle (gd_bundle.crt) which you can here: https://certs.godaddy.com/anonymous/repository.seam) to create your complete certificate:

cat yourdomain.com.crt gd_bundle.crt > final.crt

2. Create a passphrase-free private key:

openssl rsa -in mykey.key -out final.key

3. You can now add your finished certificates to Heroku:

heroku ssl:add final.crt final.key

4. Then add your desired SSL addon:

heroku addons:add ssl:hostname

Thanks!
Heroku Support

]]> Comment on Sitemap Generator for Ruby on Rails Applications by Rolando Alvarado http://blog.dynamic50.com/2010/01/27/sitemap-generator-for-ruby-on-rails-applications/comment-page-1/#comment-4721 Rolando Alvarado Tue, 08 Nov 2011 06:59:56 +0000 http://blog.dynamic50.com/?p=732#comment-4721 Nice work. Helps me a lot. Nice work. Helps me a lot.

]]>