diff options
Diffstat (limited to 'config')
| -rw-r--r-- | config/environments/production.rb | 7 | ||||
| -rw-r--r-- | config/general.yml-example | 5 | ||||
| -rw-r--r-- | config/varnish-alaveteli.vcl | 40 |
3 files changed, 52 insertions, 0 deletions
diff --git a/config/environments/production.rb b/config/environments/production.rb index 84a8f5965..097944196 100644 --- a/config/environments/production.rb +++ b/config/environments/production.rb @@ -17,3 +17,10 @@ config.action_controller.perform_caching = true # Disable delivery errors, bad email addresses will be ignored # config.action_mailer.raise_delivery_errors = false config.action_mailer.delivery_method = :sendmail # so is queued, rather than giving immediate errors + +require 'rack/ssl' +if ::Configuration::force_ssl + config.middleware.insert_after ActionController::Failsafe, ::Rack::SSL + # For Rails 3.x this will need to change to + #config.middleware.insert_before ActionDispatch::Cookies, ::Rack::SSL +end diff --git a/config/general.yml-example b/config/general.yml-example index 6bf54f400..5005fda77 100644 --- a/config/general.yml-example +++ b/config/general.yml-example @@ -12,6 +12,11 @@ SITE_NAME: 'Alaveteli' # Domain used in URLs generated by scripts (e.g. for going in some emails) DOMAIN: '127.0.0.1:3000' +# If true forces everyone (in the production environment) to use encrypted connections +# (via https) by redirecting unencrypted connections. This is *highly* recommended +# so that logins can't be intercepted by naughty people. +FORCE_SSL: true + # ISO country code of country currrently deployed in # (http://en.wikipedia.org/wiki/ISO_3166-1_alpha-2) ISO_COUNTRY_CODE: GB diff --git a/config/varnish-alaveteli.vcl b/config/varnish-alaveteli.vcl index 77350a8c8..5dd0ac83c 100644 --- a/config/varnish-alaveteli.vcl +++ b/config/varnish-alaveteli.vcl @@ -115,3 +115,43 @@ sub vcl_fetch { } } +# We need to separately cache requests originating via http and via https +# since we are serving very slightly different content in each case + +# Varnish 2.x version of vcl_hash +#sub vcl_hash { +# set req.hash += req.url; +# if (req.http.host) { +# set req.hash += req.http.host; +# } else { +# set req.hash += server.ip; +# } +# +# # Include the X-Forward-Proto header, since we want to treat HTTPS +# # requests differently, and make sure this header is always passed +# # properly to the backend server. +# if (req.http.X-Forwarded-Proto) { +# set req.hash += req.http.X-Forwarded-Proto; +# } +# +# return (hash); +#} + +# Varnish 3 version of vcl_hash +sub vcl_hash { + hash_data(req.url); + if (req.http.host) { + hash_data(req.http.host); + } else { + hash_data(server.ip); + } + + # Include the X-Forward-Proto header, since we want to treat HTTPS + # requests differently, and make sure this header is always passed + # properly to the backend server. + if (req.http.X-Forwarded-Proto) { + hash_data(req.http.X-Forwarded-Proto); + } + + return (hash); +} |