SSL Certificate, Nginx, Ruby on Rails

04.24.2015

Prerequisites. You have google apps set up and can already received e-mails from admin@yoursite.com.

Purchase an SSL certificate from DNSimple.

Follow instructions sent to admin@yoursite.com for domain control validation.

In production.rb, change the force_ssl option to true.

config.force_ssl = true

Download your certificates from DNSimple. It can take up to an hour before they appear.

Rsync your SSL certificates to your server.

$ rsync -av www_yoursite_com.pem deploy@yoursite.com:~/ssl/

$ rsync -av www_yoursite_com.key deploy@yoursite.com:~/ssl/

On the server, move the certs into /etc/nginx/ or wherever you want to put them.

$ sudo mv ~/ssl/www_yoursite_com.pem /etc/nginx/

$ sudo mv ~/ssl/www_yoursite_com.key /etc/nginx/

Edit your Nginx configuration found in /etc/nginx/sites-available.

The proxy_set_header X-Forwarded-Proto https; is necessary to prevent an infinite redirect loop.

upstream app {
  server unix:/tmp/unicorn.yoursite.sock fail_timeout=0;
}
server {
  listen 443;

  ssl on;
  ssl_certificate /etc/nginx/www_yoursite_com.pem;
  ssl_certificate_key /etc/nginx/www_yoursite_com.key;

  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

  server_name www.yoursite.com yoursite.com;
  root /var/www/yoursite/current/public;
  try_files $uri/index.html $uri @app;
  location @app {
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto https;
    proxy_set_header Host $http_host;
    proxy_redirect off;
    proxy_pass http://app;
  }
  error_page 500 502 503 504 /500.html;
  client_max_body_size 4G;
  keepalive_timeout 10;
}

Restart Nginx.

$ sudo /etc/init.d/nginx restart

Sources

http://stackoverflow.com/questions/14930452/too-many-redirects-error-while-trying-to-configure-rails-application-as-ssl-usin

http://seaneshbaugh.com/posts/configuring-nginx-and-unicorn-for-force_ssl