SSL Certificate, Nginx, Ruby on Rails
04.24.2015
Prerequisites. You have google apps set up and can already received e-mails from admin@yoursite.com.
Purchase an SSL certificate from DNSimple.
Follow instructions sent to admin@yoursite.com for domain control validation.
In production.rb, change the force_ssl option to true.
config.force_ssl = true
Download your certificates from DNSimple. It can take up to an hour before they appear.
Rsync your SSL certificates to your server.
$ rsync -av www_yoursite_com.pem deploy@yoursite.com:~/ssl/
$ rsync -av www_yoursite_com.key deploy@yoursite.com:~/ssl/
On the server, move the certs into /etc/nginx/ or wherever you want to put them.
$ sudo mv ~/ssl/www_yoursite_com.pem /etc/nginx/
$ sudo mv ~/ssl/www_yoursite_com.key /etc/nginx/
Edit your Nginx configuration found in /etc/nginx/sites-available.
The proxy_set_header X-Forwarded-Proto https; is necessary to prevent an infinite redirect loop.
upstream app {
server unix:/tmp/unicorn.yoursite.sock fail_timeout=0;
}
server {
listen 443;
ssl on;
ssl_certificate /etc/nginx/www_yoursite_com.pem;
ssl_certificate_key /etc/nginx/www_yoursite_com.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
server_name www.yoursite.com yoursite.com;
root /var/www/yoursite/current/public;
try_files $uri/index.html $uri @app;
location @app {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://app;
}
error_page 500 502 503 504 /500.html;
client_max_body_size 4G;
keepalive_timeout 10;
}
Restart Nginx.
$ sudo /etc/init.d/nginx restart
Sources
http://seaneshbaugh.com/posts/configuring-nginx-and-unicorn-for-force_ssl