Thank you for this explanation.
If all I wanted was to for all traffic to be https via redirection is that a bad idea? If not is that a bad idea on localhost for dev?
Just using 30x redirects without HSTS is usually not a problem, though you still need certificates.
Not worried about the cert, got that working.
I guess I just have to manage the redirection by hand somewhere in the router? If so why does
force_ssl: [rewrite_on: [:x_forwarded_proto]] not work for localhost? what am I missing. I’m was hoping it was as simple as a flag force_ssl type thing.
Have you plug Plug.SSL in your pipeline?
I didnt see it when looking at my router so I added it and nothing changed still rendering requests to http with 200.
https://github.com/PolymorphicProductions/morphic.pro/tree/feature/force_https/17 is what I’m working on.
Well, reading the docs, there is this option:
:exclude- exclude the given hosts from redirecting to thehttpsscheme. Defaults to["localhost"]
Have you tried an empty list?
But make sure to set hsts: false also, just to be sure
http: [port: 4000],
https: [
port: 4001,
cipher_suite: :strong,
certfile: "priv/cert/localhost.crt",
keyfile: "priv/cert/localhost.key"
],
url: [host: "localhost", port: 4001],
debug_errors: true,
code_reloader: true,
check_origin: false,
watchers: [
node: [
"node_modules/webpack/bin/webpack.js",
"--mode",
"development",
"--watch-stdin",
cd: Path.expand("../assets", __DIR__)
]
],
force_ssl: [hsts: false, rewrite_on: [:x_forwarded_proto], exclude: []]
Is redirecting but is not redirecting to the configured port, only redirecting to https
in short:
http://localhost:4000 becomes https://localhost not https://localhost:4001
which is a good step in the right direction
whoot! finally!. Ok so it looks like I have to use the host option too.
force_ssl: [hsts: false, rewrite_on: [:x_forwarded_proto], exclude: [], host: "localhost:4001"]
2 Likes
This was very helpful!
In my case, the rewrite_on: [:x_forwarded_proto] option didn’t seem to be necessary.
