One of the most irritating things about CloudFront is the lack of SSL support. It’s incredibly frustrating to install an SSL certificate, get all your routing set up, then watch the browser freak out because one teeny-tiny image comes through without encryption. A major pain in the ass.
Anyways, it’s possible to sidestep the issue by requesting the image directly from S3 instead of CloudFront. You are no longer leveraging the CDN, but in my case I’d rather have the page load slightly slower than have the browser complain about security flaws.
CloudFront Helper
I wrote the following helper to make it all easy:
module CloudfrontHelper
# Will return a URL to an S3/Cloudfront image. If the current request is HTTPS, then it will return
# an HTTPS URL (ie. S3) and if it is HTTP then it will return a Cloudfront URL.
def cf_img_url(s3_image, *params)
if request.ssl?
s3_image.s3_url(*params)
else
s3_image.public_filename(*params)
end
end
end
SSL Config in amazon_s3.yml
The final step is to turn on SSL support for attachment_fu
production: bucket_name: my-bucket access_key_id: asdf secret_access_key: xxxx distribution_domain: [my-cloud-distribution] use_ssl: true
Example Usage
Now, anywhere you need to display an image that’s hosted on S3/CloudFront, just use the cf_image_url helper and it will automatically route to either the S3/https version or the CloudFront/http one depending on the protocol for the request. Simple!
< %= image_tag(cf_img_url(@user.profile_pic)) %>
Recent Comments