You can force SSL but you’ll still need to obtain an SSL certification. If you’re deployed on heroku you’ll still need to set environment variables. The client side script I include at the end forces the browser to redirect to https though you can do that with a config option on the server side also.
Rails tutorial if that’s your jam: https://www.pluralsight.com/guides/ruby-ruby-on-rails/using-https-with-ruby-on-rails