Force SSL when Setting.protocol is "https"
Forcing SSL is important, and some enterprise environment can't be used if they aren't forcing the SSL due to security standards and best practices.
Redmine's Administration | Settings offers HTTPS as an option, but choosing it .
Editing the config/settings.yml and changing protocol from default: http
to https does nothing also
However placing the
config.force_ssl = true
in config/application.rb do work and do force SSL
So I'm not sure is it a defect or a feature request, but I'm posting it as a defect.
My Redmine info:
Environment: Redmine version 3.3.1.stable Ruby version 2.1.4-p265 (2014-10-27) [x86_64-linux] Rails version 188.8.131.52 Environment production Database adapter Mysql2
#6 Updated by Aleksandar Pavic visit redminecookbook.com 3 months ago
Confirmed in 3.4.6
placing config.force_ssl = true anywhere in config/application.rb
makes it work the rails way...
As I have explained back in 2017 [[http://www.redminecookbook.com/blog-29-Forcing-Redmine-to-use-SSL-on-Apache]]