如何在rails 4应用程序上设置ssl? (nginx +乘客)
[英]How do I setup ssl on a rails 4 app? (nginx + passenger)
问题描述
I have a staging rails app running with passenger on nginx. 
我有一个与nginx上的乘客一起运行的临时rails应用程序。 I want to secure the connections with SSL. 我想保护与SSL的连接。 I have read a lot of resources online but I have yet to make it run on SSL. 我已经在网上阅读了很多资源,但我还没有让它在SSL上运行。
So far, my server block on nginx.conf is: 到目前为止,我在nginx.conf上的服务器块是:
server {
listen 80;
listen 443 default deferred;
server_name example.com;
root /home/deploy/app/public;
passenger_enabled on;
passenger_set_cgi_param HTTP_X_FORWARDED_PROTO https;
ssl on;
ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:RSA+3DES:!ADH:!AECDH:!MD5;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_certificate /etc/ssl/server.crt;
ssl_certificate_key /etc/ssl/server.key;
}
The site is running but not on HTTPS. 该网站正在运行,但不在HTTPS上。
1 个解决方案
解决方案1
28 已采纳 2014-08-08 11:48:20
I've just made the decission to go with SSL myself and found an article on the DigitalOcean site on how to do this. 我刚刚自己决定使用SSL,并在DigitalOcean网站上发现了一篇关于如何做到这一点的文章。 It might be the listen 443 default deferred; 它可能是listen 443 default deferred; , which according to that article should be ssl not deferred . ,根据那篇文章应该ssl不deferred 。
Here's the nginx block they use; 这是他们使用的nginx块;
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
listen 443 ssl;
root /usr/share/nginx/html;
index index.html index.htm;
server_name your_domain.com;
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
location / {
try_files $uri $uri/ =404;
}
}
UPDATE: 更新:
I now have my own site running on SSL. 我现在有自己的网站在SSL上运行。 Along with the above I just told Rails to force SSL. 除了上面我刚刚告诉Rails强制使用SSL。 In your production environment config; 在你的生产环境配置;
# ./config/environments/production.rb
config.force_ssl = true
Optionally, you can add these setting in the nginx.conf ; 或者,您可以在nginx.conf添加这些设置;
http {
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
keepalive_timeout 70;
}
UPDATE: 2015-09 更新:2015-09
Since I wrote this answer I've added a few of extra things to my nginx config, which I believe everyone should also include. 自从我写了这个答案后,我在我的nginx配置中添加了一些额外的东西,我相信每个人都应该包括。 Add the following to your server block; 将以下内容添加到server块中;
server {
ssl_prefer_server_ciphers On;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
add_header X-Frame-Options DENY;
}
The first three lines ( ssl_prefer_server_ciphers , ssl_protocols , ssl_ciphers ) are the most import as they make sure you have a good strong SSL settings. 前三行( ssl_prefer_server_ciphers , ssl_protocols , ssl_ciphers )是最重要的,因为它们确保您具有良好的强SSL设置。
The X-Frame-Options prevents your site from being included via the <iframe> tags. X-Frame-Options阻止您的网站通过<iframe>标记加入。 I expect most people will benefit from including this setting. 我希望大多数人都会受益于此设置。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.