I have a Nitrous box. I'm developing an app with Rails 4. I use Preview Port 3000 (SSL) to exercise the app.
The box responds on https ://#{name}.#{zone}.nitrousbox.com when using the port 3000/SSL settings. Yay! Just what I wanted.
But this mean that *_url path helpers fail - because they expect the site to be "http", not "https". Build a simple rails app, click on "new #{thing}" "Save" and you get a URL with http, not https - so there's a 400 error in the face for you, for something that should be working. If only the rewriting proxy server and *_url helpers were coordinated.
Forcing the app server to https ("config.force_ssl = true" in config/environments/development.rb) generates a redirect loop. I think it is because the request appears to be translated back to rails as an HTTP request, which then proxies to HTTPS, which is received on the HTTPS proxy, forwarded back to the HTTP server and redirected to HTTPS, etc, etc.
So... how does one NOT use force_ssl, but cause *_url helpers to emit https as the right protocol? Or... is there another way to make this work.
I want this to work. I like BetterErrors and the REPL of BindingOfCaller. But I don't want my Dev Box open to all. Passwording the preview, plus SSL, seems pretty safe. More so than just passwording (attackers could sniff the basic auth over HTTP, eh? No more developing in cafes then!).
I can't work out how to tell Rails to emit a route in HTTPS, and then happily receive requests for that resource in HTTP. All HTTP, or all HTTPS, fine. But I can find nothing that seems to handle a reverse proxy rewriting the protocol. ;)
