I am trying to install a SSL certificate that I recently acquired from GoDaddy. My web application is on Rails 4.2.6 and I am using an Ubuntu Server 14.04. I am also using Phusion Passenger 5.0.28 and Nginx. I don’t know if it makes any difference, but I launched the instance using AWS’ EC2.
I created a combined file using the two .crt files sent by GoDaddy.
When I edit my application.rb file:
config.force_ssl = true
I receive the following error:
ERR_CONNECTION_TIMED_OUT
There are two files that I have tried editing, with not success so far:
nginx.conf. The server block currently look like this:
server {
listen 443 ssl;
server_name localhost;
ssl_certificate /var/www/primeraraiz5/primeraraiz_combined.crt;
ssl_certificate_key /var/www/primeraraiz5/primeraraiz.com.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root html;
index index.html index.htm;
}
}
include /etc/nginx/sites-enabled/*;
rails.conf (in a sites-available directory; which is “symbolically linked” to the sites-enabled directory ). The server block looks like this:
server {
listen 443 ssl;
passenger_enabled on;
passenger_app_env production;
root /var/www/primeraraiz5/public;
server_name 52.39.200.205 primeraraiz.com;
}
server {
server_name www.primeraraiz.com;
return 301 $scheme://primeraraiz.com$request_uri;
}
I don’t know if I am doing something wrong in these files or if I should change any settings at AWS or with the company that currently hosts my domain.
Thanks a lot for your help!
There are a couple of things to do to your configuration.
The first is the server block containing the redirect. Since you haven't provided us with a server that's listening on port 80, I assume that you want to redirect all requests to http://www.primeraraiz.com; to HTTPS. If so, replace $scheme with https so that your block looks as follows:
server {
server_name www.primeraraiz.com;
return 301 https://primeraraiz.com$request_uri;
}
Next, the SSL offloading needs to happen in the server block from which you're serving. In your case, you're offloading SSL for server name localhost, and not for primeraraiz.com which is what I assume you're trying to do. So copy the SSL parameters of your first server block to the one that has server name primeraraiz.com to end up with:
server {
listen 443 ssl;
server_name 52.39.200.205 primeraraiz.com;
ssl_certificate /var/www/primeraraiz5/primeraraiz_combined.crt;
ssl_certificate_key /var/www/primeraraiz5/primeraraiz.com.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
passenger_enabled on;
passenger_app_env production;
root /var/www/primeraraiz5/public;
}
Related
Ok. So I am trying to enable HTTPS with Nginx using Docker container.
My nginx.conf now looks like this:
server {
listen 443 ssl;
server_name localhost;
ssl_certificate ssl/domain.crt;
ssl_certificate_key ssl/domain.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
Btw I have a working version with HTTP, which looks like this:
server {
listen 80;
server_name localhost;
When I am starting the docker container, I get an error saying: "[emerg] 1#1: cannot load certificate "/etc/nginx/ssl/domain.crt":"
I have created the encrypting with openssl, and it is put in the "ssl"-folder where the rest of my project is. But the problem seems to be here? Does anybody have a solution for this?
I have created a domain(domain.com) and subdomain (abc.domain.com), and also generated SSL certificates for both by using letsencrypt. Both the Django projects are hosted on AWS EC2 and created proxy server for them which is as follow:
server {
listen 443 ssl;
server_name example.com;
location / {
proxy_pass https://1.2.3.4:444;
proxy_ssl_server_name on;
proxy_ssl_verify on;
proxy_ssl_certificate /home/domain/fullchain.pem;
proxy_ssl_certificate_key /home/domain/privkey.pem;
}
}
server {
listen 443 ssl;
server_name abc.example.com;
location / {
proxy_pass https://1.2.3.4:445;
proxy_ssl_server_name on;
proxy_ssl_verify on;
proxy_ssl_certificate /home/subdomain/fullchain.pem;
proxy_ssl_certificate_key /home/subdomain/privkey.pem;
}
}
I strats the proxy server and both the projects, starting not giving any problem the problem is that when i enter https://example.com on the browser it is not showing the page, but when i pull domain with port no. https://example.com:444, it starts showing the page. I do not know what I am missing.
In order to make https://example.com work you need to correctly configure Nginx with SSL configuration which include using ssl_certificate and ssl_certificate_key directives as it does not seem that you are using them.
Using proxy_ssl_certificate is for using HTTPS connection between Nginx and the Proxied Server which in your case the django application.
Using ssl_certificate is for using HTTPS connection between the user's browser and Nginx which you need to make https://example.com works as expected
For more details check configuring HTTPS servers
I have my Phusion Passenger Nginx configured to as below :
server {
listen 80;
server_name blog.abc.com;
passenger_enabled on;
root /app/public;
}
Im about to host the main site abc.com also in this machine. How can I do that (Its a separate app)? Is it possible to add another server block like this :
server {
listen 80;
server_name abc.com;
passenger_enabled on;
root /app2/public;
}
Phusion Passenger author here. Yes. Just add another virtual host block for the other app. It works exactly as expected.
I configured my second app on sub-uri of first app. Below is the nginx conf and settings what i done.
nginx.conf:
server {
listen 80;
server_name localhost;
location / {
root /var/www/demo/public;
passenger_enabled on;
rails_env production;
}
location /test {
root /var/www/demo;
passenger_base_uri /test;
passenger_enabled on;
}
Then add symbolic link:
ln -s /var/www/logger/public /var/www/demo/test
Been trying to search for a time but can't seem to find a solution. I want to set multiple apps in one server via nginx. Current nginx.conf is as follows:
server {
listen 80;
server_name mydomain.co;
root /mydomain/current/public;
passenger_enabled on;
rails_env production;
}
server {
listen 80;
server_name testing.mydomain.co;
root /mydomain-test/current/public;
passenger_enabled on;
rails_env test;
}
It serves up the correct environment (test) but doesn't serve the correct codebase. I checked the directory mydomain-test via ssh and it contains the recent code but is not being served by nginx.
Basically, what I want is:
mydomain.co to serve /mydomain/current/public
testing.mydomain.co to serve /mydomain/current/public
How is this done correctly?
I believe the root directive should be in the location section. I am unsure of the rails directive and passenger_enabled directive but the rest is similar to what I use and works. Might be best to also specify the index script (i have it set to index.php but change as appropriate).
Once you have made the changes be sure to restart nginx.
server {
listen 80;
server_name mydomain.co;
location / {
root /mydomain/current/public;
index index.php;
}
passenger_enabled on;
rails_env production;
}
server {
listen 80;
server_name testing.mydomain.co;
location / {
root /mydomain-test/current/public;
index index.php;
}
passenger_enabled on;
rails_env test;
}
I have two Ruby applications, one is under Rails and the another is under Sinatra.
How can I deploy both these apps in Nginx and Passenger with one in the root ("localhost:3000") and the other in subroot ("localhost:3000/test")?
The Rails application is running with this configuration. Everything seems to work OK:
server {
listen 80;
server_name localhost;
location / {
root /var/www/demo/public;
passenger_enabled on;
rails_env production;
}
location /test/ {
root /var/www/test/public;
passenger_base_uri /test/;
proxy_pass http://10.0.3.12:80/test/;
passenger_enabled on;
}
I am not able to access the second application.
The server returns 404 for the second app and the first app is still running.
I believe you need to define local servers, that only listen on local port and define your passenger apps there. Your actual server listening on port should only act as proxy.
server {
listen localhost:8181;
server_name test_app;
root /var/www/test/public;
passenger_enabled on;
}
server {
listen localhost:8182;
server_name demo_app;
root /var/www/demo/public;
passenger_enabled on;
rails_env production;
}
server {
listen 80;
server_name localhost;
location / {
proxy_pass http://localhost:8182/;
}
location /test/ {
proxy_pass http://localhost:8181/;
}
}
I didn't have chance to test this config, so it might have some minor flaws, but it should be correct in high-level terms.
In nginx.conf:
server {
listen 80;
server_name localhost;
location / {
root /var/www/new/public;
passenger_enabled on;
rails_env production;
}
location /test {
root /var/www/demo;
passenger_base_uri /test;
passenger_enabled on;
}
Add a soft link:
ln -s /var/www/loggerapp/public /var/www/new/test