Skip to content
Example app that shows how to use Rack::SSL and Rack::Auth::Basic to forward all requests to SSL, then password protect them.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.



This sample Sinatra application demonstrates how to chain Rack middleware to force requests to SSL and then require a HTTP Basic password for all requests. It uses Rack::SSL to redirect to SSL and Rack::Auth::Basic for HTTP Basic auth.

This is useful because Rack::Auth::Basic only works for all requests, otherwise you need to write a helper. So if your root action is responsible for redirecting to SSL and you only want passwords sent over SSL, you can't use Rack::Auth::Basic. Also, the approach of chaining middleware is much cleaner.

This code is written for the Heroku Cedar stack. To see a demo, visit

Local development

For local development it can be convenient to skip SSL. You can do that with code like this:

use Rack::SSL, :exclude => lambda { |env| ENV['RACK_ENV'] != 'production' }


This is a trivial amount of code. Do what ever you want with it.

Something went wrong with that request. Please try again.