force ssl only if host passed

config/environments/production.rb

@@ -59,7 +59,7 @@ Rails.application.configure do
   # config.action_cable.allowed_request_origins = [ "http://example.com", /http:\/\/example.*/ ]
 
   # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
-  config.force_ssl = ENV['FORCE_SSL'] == 'true'
+  config.force_ssl = ENV['FORCE_SSL'].present?
 
   # Include generic and useful information about system operation, but avoid logging too much
   # information to avoid inadvertent exposure of personally identifiable information (PII).

docker-compose.yml

@@ -11,8 +11,8 @@ services:
     volumes:
       - .:/data
     environment:
-      FORCE_SSL: 'true'
+      - FORCE_SSL=${HOST}
-      DATABASE_URL: postgresql://postgres:postgres@postgres:5432/docuseal
+      - DATABASE_URL=postgresql://postgres:postgres@postgres:5432/docuseal
 
   postgres:
     image: postgres:15

lib/docuseal.rb

@@ -31,7 +31,7 @@ module Docuseal
 
   DEFAULT_URL_OPTIONS = {
     host: HOST,
-    protocol: ENV['FORCE_SSL'] == 'true' ? 'https' : 'http'
+    protocol: ENV['FORCE_SSL'].present? ? 'https' : 'http'
   }.freeze
 
   module_function