consul/nairobi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Define force_ssl configuration in secrets file

Browse Source 
this is usually configured in the production.rb file (which is under
version control), the natural place to configure it is the secrets.yml
file.

Until now we were using the capistrano shared folder, but that's a bit
inconvenient since changes we've done to the production.rb file (like
changing eager_load_paths when we upgraded to Rails 5) won't take effect
after a deployment.
This commit is contained in:
Julian Herrero
2019-10-30 20:17:39 +07:00
committed by Javi Martín
parent 03c4275525
commit df4f8810c5
4 changed files with 9 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
config/environments/preproduction.rb
View File

@@ -47,7 +47,8 @@ Rails.application.configure do
# config.action_dispatch.x_sendfile_header = "X-Accel-Redirect" # for NGINX # config.action_dispatch.x_sendfile_header = "X-Accel-Redirect" # for NGINX
# Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies. # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
config.force_ssl = true # Configure force_ssl in secrets.yml
config.force_ssl = Rails.application.secrets.force_ssl
# Use the lowest log level to ensure availability of diagnostic information # Use the lowest log level to ensure availability of diagnostic information
# when problems arise. # when problems arise.

3
config/environments/production.rb
View File

@@ -49,7 +49,8 @@ Rails.application.configure do
# config.action_cable.allowed_request_origins = [ 'http://example.com', /http:\/\/example.*/ ] # config.action_cable.allowed_request_origins = [ 'http://example.com', /http:\/\/example.*/ ]
# Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies. # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
config.force_ssl = true # Configure force_ssl in secrets.yml
config.force_ssl = Rails.application.secrets.force_ssl
# Use the lowest log level to ensure availability of diagnostic information # Use the lowest log level to ensure availability of diagnostic information
# when problems arise. # when problems arise.

3
config/environments/staging.rb
View File

@@ -47,7 +47,8 @@ Rails.application.configure do
# config.action_dispatch.x_sendfile_header = "X-Accel-Redirect" # for NGINX # config.action_dispatch.x_sendfile_header = "X-Accel-Redirect" # for NGINX
# Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies. # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
config.force_ssl = true # Configure force_ssl in secrets.yml
config.force_ssl = Rails.application.secrets.force_ssl
# Use the lowest log level to ensure availability of diagnostic information # Use the lowest log level to ensure availability of diagnostic information
# when problems arise. # when problems arise.

3
config/secrets.yml.example
View File

@@ -32,6 +32,7 @@ test:
staging: staging:
secret_key_base: "" secret_key_base: ""
server_name: "" server_name: ""
force_ssl: true
rollbar_server_token: "" rollbar_server_token: ""
http_basic_username: "" http_basic_username: ""
http_basic_password: "" http_basic_password: ""
@@ -53,6 +54,7 @@ preproduction:
# password: "<password>" # password: "<password>"
# authentication: "plain" # authentication: "plain"
# enable_starttls_auto: true # enable_starttls_auto: true
force_ssl: true
rollbar_server_token: "" rollbar_server_token: ""
http_basic_username: "" http_basic_username: ""
http_basic_password: "" http_basic_password: ""
@@ -79,6 +81,7 @@ production:
# password: "<password>" # password: "<password>"
# authentication: "plain" # authentication: "plain"
# enable_starttls_auto: true # enable_starttls_auto: true
force_ssl: true
rollbar_server_token: "" rollbar_server_token: ""
http_basic_username: "" http_basic_username: ""
http_basic_password: "" http_basic_password: ""