How do I setup ssl on a rails 4 app? (nginx + passenger)

13,553

I've just made the decission to go with SSL myself and found an article on the DigitalOcean site on how to do this. It might be the listen 443 default deferred;, which according to that article should be ssl not deferred.

Here's the nginx block they use;

server {
  listen 80 default_server;
  listen [::]:80 default_server ipv6only=on;

  listen 443 ssl;

  root /usr/share/nginx/html;
  index index.html index.htm;

  server_name your_domain.com;
  ssl_certificate /etc/nginx/ssl/nginx.crt;
  ssl_certificate_key /etc/nginx/ssl/nginx.key;

  location / {
    try_files $uri $uri/ =404;
  }
}

UPDATE:

I now have my own site running on SSL. Along with the above I just told Rails to force SSL. In your production environment config;

# ./config/environments/production.rb
config.force_ssl = true

Optionally, you can add these setting in the nginx.conf;

http {
  ssl_session_cache shared:SSL:10m;
  ssl_session_timeout 10m;
  keepalive_timeout 70;
}

UPDATE: 2015-09

Since I wrote this answer I've added a few of extra things to my nginx config, which I believe everyone should also include. Add the following to your server block;

server {
  ssl_prefer_server_ciphers On;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;

  add_header X-Frame-Options DENY;
}

The first three lines (ssl_prefer_server_ciphers, ssl_protocols, ssl_ciphers) are the most import as they make sure you have a good strong SSL settings.

The X-Frame-Options prevents your site from being included via the <iframe> tags. I expect most people will benefit from including this setting.

Share:
13,553

Related videos on Youtube

user1584575
Author by

user1584575

Updated on September 20, 2022

Comments

  • user1584575
    user1584575 about 1 year

    I have a staging rails app running with passenger on nginx. I want to secure the connections with SSL. I have read a lot of resources online but I have yet to make it run on SSL.

    So far, my server block on nginx.conf is:

    server {
         listen 80;
         listen 443 default deferred;
         server_name example.com;
         root /home/deploy/app/public;
         passenger_enabled on;
    
         passenger_set_cgi_param HTTP_X_FORWARDED_PROTO https;
    
         ssl on;
         ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:RSA+3DES:!ADH:!AECDH:!MD5;
         ssl_prefer_server_ciphers on;
         ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
         ssl_certificate     /etc/ssl/server.crt;
         ssl_certificate_key /etc/ssl/server.key;
     }
    

    The site is running but not on HTTPS.

  • Dinesh Saini
    Dinesh Saini almost 9 years
    I have done same setup but Rails do not start however if I run passenger start then it run
  • Islam Azab
    Islam Azab about 8 years
    Did you need to run your passenger with ssl on ?
  • Michael R. Cook
    Michael R. Cook about 8 years
    with the above settings you just need to make sure to set passenger_enabled on.
  • sambehera
    sambehera about 8 years
    I somehow get ERR_SSL_PROTOCOL_ERROR in chrome with the above configuration :(
  • Weston Ganger
    Weston Ganger over 7 years
    Would this fallback to TLSv1 if the browser doesn't support newer versions?