Skip to content

Allow use of SSL-terminating reserve proxy that doesn't set headers #47139

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
dhh merged 5 commits into from
Jan 25, 2023
Merged

Allow use of SSL-terminating reserve proxy that doesn't set headers #47139

dhh merged 5 commits into from
Jan 25, 2023

Conversation

@dhh
Copy link
Member

@dhh dhh commented Jan 25, 2023

NGINX and other SSL-terminating reverse proxies can use HTTP headers to include forwarding information. If your stack includes SSL-termination through a network load balancer, that won't happen. You can use config.assume_ssl to address that.

Allow use of SSL-terminating reserve proxy that doesn't set headers
0703dce 
NGINX and other SSL-terminating reverse proxies can use HTTP headers to include forwarding information. If your stack includes SSL-termination through a network load balancer, that won't happen. You can use config.assume_ssl to address that.
bdewater
bdewater reviewed Jan 25, 2023
View reviewed changes
@rails-bot rails-bot bot added the docs label Jan 25, 2023
@dhh dhh merged commit 1da6f8c into main Jan 25, 2023
@dhh dhh deleted the add-config-to-assume-ssl branch January 25, 2023 20:02
@webdz9r
Copy link

webdz9r commented Apr 4, 2023

This feature seems to not work or I don't understand how it works. In production I have nginx proxy to rails (puma) errors and I'm seeing theses errors with any request that's not _GET
HTTP Origin header (https://domain.com) didn't match request.base_url

nginx is available on 80 and 443 and proxy to puma cluster on 3000

@webdz9r webdz9r mentioned this pull request Apr 4, 2023
Closed
@matthieuprat matthieuprat mentioned this pull request Dec 31, 2023
Merged
@robzolkos robzolkos mentioned this pull request Feb 5, 2024
Closed
@garyhtou garyhtou mentioned this pull request Feb 12, 2025
Merged
sampoder pushed a commit to hackclub/hcb that referenced this pull request Mar 22, 2025
@garyhtou
[Rails] Make assume_ssl configurable via env var (#9537)
cd341fd 
rails/rails#47139 for Hetzner load balancer, but
not necessary for Heroku. Must ensure that firewall is properly
configured so that clients can't directly access app servers (and must
go through load balancer)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rafaelfranca rafaelfranca rafaelfranca approved these changes

+1 more reviewer

@bdewater bdewater bdewater left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

actionpack docs railties

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@dhh @webdz9r @rafaelfranca @simi @bdewater