It’s not a problem with Apache, but with the fact that Rails sends an HSTS header.
In Chrome, you can clear the HSTS state by going into
about:net-internals, as described in ImperialViolet: HSTS UI in Chrome. You may also have to clear the cache, since
config.force_ssl = true also uses a 301 (permanent) redirection.
In addition, according to this answer, you could also make your application send an STS header with max-age=0. In your controller:
response.headers["Strict-Transport-Security"] = 'max-age=0'