How to make a Rails app on Google App Engine redirect to HTTPS

Question

I have successfully deployed my Rails app to the Google App Engine (my domain is also hosted by Google), and now I would like to redirect anyone going to my http:// address to my https:// address.

I have found the documentation to do so for a Python app here using the handlers element in the app.yaml file, and have attempted to replicate it in my own.

My app.yaml file now contains this:

handlers:
- url: /.*
script: config/application.rb
secure: always
redirect_http_response_code: 301

However I can still visit http:// without being redirected, and I think that it's because of the script: config/application.rb option that I've passed. I have no idea which file I should use or what that file should contain in a Rails app. Deployment breaks if I do not pass the script option.

Let me know if you need any more info, and thanks in advance for your help!

Answer 1

Well you can enforce SSL through your app's config/environments/production.rb file, you just need to add one line:

Rails.application.configure do
    # Other code...
    config.force_ssl = true # add this line to force HTTPS on production 
end

This will do 3 things for your application, actually:

1. TLS redirect
2. Secure cookies: Sets the secure flag on cookies
3. HTTP Strict Transport Security (HSTS)

Read more about your application's configuration at http://guides.rubyonrails.org/configuring.html