Rails - .htaccess not forcing users to use https - ruby-on-rails

I want user to only be able to access the https version of the site. I figured out that a way to do this is with a .htaccess file. I've have added the SSL cert and thats all working fine.
I made the .htaccess file and added the following code in it (replacing 'example' with the domain name)
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://example.com/$1 [R=301,L]
I deployed it and visited http://example.com/ and it loaded just fine as http.
I dont know if because its a rails app that I might need to put the .htaccess file in the public folder, or if there is more I need to do. But from what I read this should work.
I'm using google cloud platform to host my site, and I cant find the VM server type so maybe its not the right server type to run .htaccess files on?
I'm hoping someone here knows how to get this working.

With .htaccess try the following:
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
However, with Rails you can use the following in your environment config:
config.force_ssl = true

Related

Can I define the root directory on the server? URL not working as expected after the reload

I have a synonym-browser website running at: michalzagojski.pl. I don't know much about backend development, the site is using only JS, HTML and CSS. After searching a specific word, the url gets updated like so: michalzagojski.pl/synonim/[word]. This happens without the page reload and works fine. However, after I press the refresh button, or paste this link into the browser searchbar, I get 404 error GET https://michalzagojski.pl/synonim/[SOME_WORD] 404. This issue doesn't occur when I'm working on localhost using gulp. In gulpfile.js I have a task called "watch" which is using browserSync and has a following configuration:
browserSync.init({
server: {
baseDir: './dist',
middleware: [historyApiFallback()]
}
});
with the base directory pointing to ./dist folder. On localhost, when I'm refreshing, or pasting the link to the browser - everything loads and works as expected. So the question is: what can I do on the server to make it work the same way? Can I somehow define the root directory? I need the url to be in this format: /synonim/[WORD].
I have found a solution to this problem. What I needed was to include a .htaccess file with following content:
<ifModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule (.*) /index.html [QSA,L]
</ifModule>
It is a .htaccess file for single page applications and it redirects the server so that it always looks in the /index.html page, regardless of the provided url.

Remove “www” from website link

So, I have a rails project deployed using apache server. Unfortunately, the domain name is not registered with www. So if I do https://mydoin.com it works but https://www.mydoin.com doesn't. Now what I need is that, if someone uses this URL with www https://www.mydoin.com then I want to remove www from the URL. How can I do this? I am using Ubuntu 16.04 and apache 2.4.
First, you need to register the www.mydoin.com DNS, without this, your server will not be reached by your user. After this, you can configure a redirect in your server or rewrite your requisition, for this, follow this link: How to always remove WWW from a url with mod_rewrite?
This code will auto strip the www. for you even if its a subdomain.
RewriteEngine on
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ http://%1%{REQUEST_URI} [R=301,QSA,NC,L]
If you want to fix you DNS issue just add a 'A' record with www.yourwebsite.com

http to https redirect on openshift rails app

I want my rails 4.0 app on Openshift Online to serve content only over https.
There is a guide which tells to use a .htaccess in the web-root:
RewriteEngine on
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
I followed the guide and put a .htaccess file with the directive in my app-root/repo directory on the openshift cartridge, but nothing happens. The guide talks about a web-root dir. What is the web-root directory of a rails app, or what is a web-root directory on openshift? And is there another way to establish http to https redirect for rails on openshift?
I was in a similar situation as you (but wanting to redirect depending on the Accept-Language http header), and could not find the place where to put the .htaccess on an OpenShift ruby cartridge.
Tentative with .htaccess
I tried to put the .htaccess file in the app-root/repo, app-root/runtime, app-root/data, the ~/ruby/ directories with no success..
So I ended up doing the redirections from the rails app
A solution for your case through Rails
If you want to enforce SSL for all your application you can simply set config.force_ssl = true in your config/application.rb file. Another common use case is to enforce SSL only for your production environment, thus instead of putting this configuration in your general application.rb file, you can set it in your config/environments/production.rb.
In case you need to enforce SSL only for specific controllers, you could also just call the force_ssl method in the top of your controller as:
class MyController < ApplicationController
force_ssl
[...your actions..]
end
My problem & solution through Rails
I wanted to add this .htaccess
RewriteEngine On
RewriteCond %{HTTP:Accept-Language} ^pt [NC]
RewriteRule ^/$ /pt/ [L,R=301]
RewriteCond %{HTTP:Accept-Language} ^fr [NC]
RewriteRule ^/$ /fr/ [L,R=301]
RewriteRule ^/$ /en/ [L,R=301]
And finally had to do it in the config/routes.rb config file of rails with
get '/', to: redirect { |path_params, req|
"/#{req.env['HTTP_ACCEPT_LANGUAGE'].scan(/^(?:pt|fr)/).first || 'en'}" }
Any help from the OpenShift team to explain where to put a .htaccess for a Ruby cartridge is still very welcome!
There is one solution for Ruby 1.9 for OpenShift 2 with steps for terminal:
cd your_ruby_git_project_folder/public/
vi .htaccess
<IfModule mod_rewrite.c>
RewriteEngine on
</IfModule>
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
cd ..
git add . -A
git commit -m 'message'
git push

Tell Rails to ignore particular URL and let Apache handle

I have a rails app running on my Apache server via Passenger.
Occassionally I am using some PHP scripts for the website, and have placed them in the public directory.
When I go to /php/ I want Apache to handle the request with the PHP parser and have rails ignore it.
Currently I can go to /php/index.php and it works fine. However I need /php/ to work as well but rails keeps looking for the controller to handle it.
I have a feeling this is something to do with apache rewrite rules, but I cant figure it out.
I have used
RewriteEngine On
RewriteRule ^php - [L]
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
in the /php/.htaccess file but this doesnt work. I still get the page not found error by Rails.
I think you can do this in your Passenger app's main Apache config file - something along the lines of this
<Directory "/.../myapp/php">
PassengerEnabled off
AllowOverride all
</Directory>
inside your VirtualHost block should do the trick (of turning Rails off, at least - turning PHP on is up to you!).
My answer is based off the ModRails Apache documentation - see section 5.6 for more on the PassengerEnabled command.

Remove WWW prefix from your website

How does Stack Overflow (and other web sites) remove the 'www' prefix when it's entered as part of a URL?
Is it a redirect, a rewrite or something else entirely?
Update: I'd specifically like to know in the context of IIS 6
On Apache, it looks like this (inside an .htaccess file):
RewriteEngine On
RewriteCond %{HTTP_HOST} ^www.example.com$ [NC]
RewriteRule ^(.*)$ http://example.com/$1 [R=301,L]
An easy way to do this is using the Apache "Redirect" directive:
<VirtualHost *:80>
ServerName www.example.com
Redirect permanent / http://example.com/
</VirtualHost>
<VirtualHost *:80>
ServerName example.com
# remainder of server configuration goes here
</VirtualHost>
The Redirect directive automatically preserves anything following the / in the URL. I find this method easier to read and understand than the Rewrite method.
Firing up Fiddler, we can see that the server responses with a "301 Moved Permanently" status and refers it to http://stackoverflow.com .
Since StackOverflow is hosted on Windows 2k8 IIS7 they set up this redirect straight away in IIS7.
FYI:
a list of HTTP statuses
If you are a .NET developer you might know "Respose.Redirect" , this creates a 302 Object Moved status. Search engines like 301 status codes in this case better, because they know they should not come back to www.stackoverflow.com in the future.
You can do it several ways, using mod_rewrite and redirecting is my favorite. Something like this:
RewriteEngine On
RewriteCond %{HTTP_HOST} ^www.cuenca.co$ [NC]
RewriteRule ^(.*)$ http://cuenca.co/$1 [R=301,L]
redirect. the sub-domain "www.stackoverflow.com" would simply redirect to "stackoverflow.com".
You need a default dns entry added pointing to your web server.
ping site.com and verify ip is pointing to webserver, if not you need to get the default DNS entry added.
for a basic setup:
You'll have to add host headers http://www.visualwin.com/host-header/
Create 1 site with a hostheader of www.site.com
In the Home Directory tab, set it to a permanent redirect to http://site.com
Create a 2nd site with a host header of site.com
If you want www.site.com/file.html to redirect to site.com/file.html you will need a more advanced setup with something like ISAPI_Rewrite or use custom 404 pages to do it.
You can do what mod_rewrite does for Apache, with a comparable URL rewriter for IIS. A good one is IIRF. The rule is:
RewriteCond %{HTTP_HOST} ^www\.example\.com$ [I]
RedirectRule ^(.*)$ http://example.com/$1 [R=301]
You can also wildcard the hostname like so:
RewriteCond %{HTTP_HOST} ^(.+)\.example\.com$ [I]
RedirectRule ^(.*)$ http://example.com/$1 [R=301]
IIRF is free to use.
For apache
<VirtualHost *:80>
ServerName yourdomain.tld
ServerAlias www.yourdomain.tld

Resources