How do I setup ssl on a rails 4 app? (nginx + passenger)
I've just made the decission to go with SSL myself and found an article on the DigitalOcean site on how to do this. It might be the listen 443 default deferred;
, which according to that article should be ssl
not deferred
.
Here's the nginx block they use;
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
listen 443 ssl;
root /usr/share/nginx/html;
index index.html index.htm;
server_name your_domain.com;
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
location / {
try_files $uri $uri/ =404;
}
}
UPDATE:
I now have my own site running on SSL. Along with the above I just told Rails to force SSL. In your production environment config;
# ./config/environments/production.rb
config.force_ssl = true
Optionally, you can add these setting in the nginx.conf
;
http {
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
keepalive_timeout 70;
}
UPDATE: 2015-09
Since I wrote this answer I've added a few of extra things to my nginx
config, which I believe everyone should also include. Add the following to your server
block;
server {
ssl_prefer_server_ciphers On;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
add_header X-Frame-Options DENY;
}
The first three lines (ssl_prefer_server_ciphers
, ssl_protocols
, ssl_ciphers
) are the most import as they make sure you have a good strong SSL settings.
The X-Frame-Options
prevents your site from being included via the <iframe>
tags. I expect most people will benefit from including this setting.
Related videos on Youtube
user1584575
Updated on September 20, 2022Comments
-
user1584575 about 1 year
I have a staging rails app running with passenger on nginx. I want to secure the connections with SSL. I have read a lot of resources online but I have yet to make it run on SSL.
So far, my server block on nginx.conf is:
server { listen 80; listen 443 default deferred; server_name example.com; root /home/deploy/app/public; passenger_enabled on; passenger_set_cgi_param HTTP_X_FORWARDED_PROTO https; ssl on; ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:RSA+3DES:!ADH:!AECDH:!MD5; ssl_prefer_server_ciphers on; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_certificate /etc/ssl/server.crt; ssl_certificate_key /etc/ssl/server.key; }
The site is running but not on HTTPS.
-
Dinesh Saini almost 9 yearsI have done same setup but Rails do not start however if I run passenger start then it run
-
Islam Azab about 8 yearsDid you need to run your passenger with ssl on ?
-
Michael R. Cook about 8 yearswith the above settings you just need to make sure to set
passenger_enabled on
. -
sambehera about 8 yearsI somehow get ERR_SSL_PROTOCOL_ERROR in chrome with the above configuration :(
-
Weston Ganger over 7 yearsWould this fallback to TLSv1 if the browser doesn't support newer versions?