[Mongrel] Apache22+mod_proxy+mongrel+ssl

Francesco R. lists at ruby-forum.com
Fri Mar 4 04:37:08 EST 2011


For me this solution wasn't working.
I dunno if it is a change from Rails3 or not, but the method checking 
for ssl requests expects a different request header:

      def ssl?
        @env['HTTPS'] == 'on' || @env['HTTP_X_FORWARDED_PROTO'] == 
'https'
      end

I modified my proxy config to set the correct header (this is the 
resulting line)

     # Set header to indentify https requests for Mongrel
     RequestHeader set HTTP_X_FORWARDED_PROTO "https"

After this, everything was working. This is how my config looks in the 
end:

<VirtualHost *:80>
  Include sites-available/common/my_site
  ...
</VirtualHost>

<IfModule mod_ssl.c>
<VirtualHost *:443>
  Include sites-available/common/my_site

  SSLProxyEngine on
  # The values for these three checks are already like this by default
  # Just know that they can be used for more complicated configs
  # SSLProxyCheckPeerCN off
  # SSLProxyCheckPeerExpire off
  # SSLProxyVerify none

  # Set header to indentify https requests for Mongrel
  RequestHeader set HTTP_X_FORWARDED_PROTO "https"

  SSLEngine on

  # Server Certificate
  SSLCertificateFile /etc/apache2/ssl/my_certificate.crt

  # Server Private Key
  SSLCertificateKeyFile /etc/apache2/ssl/my_private.key

  ... othere SSL settings ...
</VirtualHost>
</IfModule>


# Content of sites-available/common/my_site

ServerName my_site
ServerAlias my_site *.my_site

DocumentRoot /path/to/public/folder/of/my/app

<Directory /path/to/public/folder/of/my/app>
  AllowOverride all
  Options -MultiViews
</Directory>

<Proxy *>
        # Review this if you need more restrictive access
  Order Allow,Deny
  Allow from all
  Deny from none
</Proxy>

# Even for https, we redirect to http
# We already set HTTP_X_FORWARDED_PROTO to https in the 443 virtual host
ProxyPass / http://localhost:3000/
ProxyPassReverse / http://localhost:3000/
ProxyPreserveHost on

I hope this helps other people too!

-- 
Posted via http://www.ruby-forum.com/.


More information about the Mongrel-users mailing list