moved force ssl in prod to an env var (#59)

shafy · Sep 13, 2022 · 3e336c1 · 3e336c1
1 parent 5e65627
commit 3e336c1
Show file tree

Hide file tree

Showing 5 changed files with 7 additions and 2 deletions.
diff --git a/.env.example b/.env.example
@@ -13,3 +13,4 @@ DATABASE_URL= # required if you're running Fugu without docker-compose in produc
 SENTRY_DSN= # if you want to use Sentry to track errors
 RAILS_LOG_TO_STDOUT=true # if you want to log errors in server logs
 DATABASE_NAME_TEST= # only needed if you are running automated tests during development
+FORCE_SSL_PROD= # sets config.force_ssl in production.rb - defaults to true.
diff --git a/SELFHOSTING.md b/SELFHOSTING.md
@@ -73,6 +73,8 @@ If you want to use a different `docker-compose` configuration, simply pass its f
 
 ## Tips
 
+### FORCE_SSL_PROD
+If your hosting setup uses localhost internally (e.g., if you have a reverse proxy in front of your Docker setup), you might want to set the environment variable `FORCE_SSL_PROD` to `false`. Otherwise, Rails will force the traffic to `https://localhost`, which then leads to an exception in the Puma server.
 
 ### Creating and initial user
 After you've deployed Fugu for the first time, you can simply navigate to the root URL and create a user account. If for some reason you want to create an initial user account automatically, define the environment variables `INIT_USER_EMAIL` and `INIT_USER_PASSWORD` and (re)deploy. You can then just log in with this user.

diff --git a/config/environments/production.rb b/config/environments/production.rb
@@ -46,7 +46,7 @@
   # config.action_cable.allowed_request_origins = [ "http://example.com", /http:\/\/example.*/ ]
 
   # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
-  config.force_ssl = true
+  config.force_ssl = ENV.fetch("FORCE_SSL_PROD", true)
 
   config.ssl_options = {hsts: {subdomains: true, preload: true, expires: 1.year}}
 
@@ -66,7 +66,7 @@
 
   config.action_mailer.perform_caching = false
 
-  config.action_mailer.default_url_options = { host: ENV['APP_DOMAIN'] }
+  config.action_mailer.default_url_options = { host: ENV["APP_DOMAIN"] }
 
   # Ignore bad email addresses and do not raise email delivery errors.
   # Set this to true and configure the email server for immediate delivery to raise delivery errors.

diff --git a/docker-compose.prod-remote.yml b/docker-compose.prod-remote.yml
@@ -34,3 +34,4 @@ services:
       - ALLOW_REGISTRATION=${ALLOW_REGISTRATION}
       - INIT_USER_EMAIL=${INIT_USER_EMAIL}
       - INIT_USER_PASSWORD=${INIT_USER_PASSWORD}
+      - FORCE_SSL_PROD=${FORCE_SSL_PROD}
diff --git a/docker-compose.prod.yml b/docker-compose.prod.yml
@@ -37,3 +37,4 @@ services:
       - ALLOW_REGISTRATION=${ALLOW_REGISTRATION}
       - INIT_USER_EMAIL=${INIT_USER_EMAIL}
       - INIT_USER_PASSWORD=${INIT_USER_PASSWORD}
+      - FORCE_SSL_PROD=${FORCE_SSL_PROD}