SSL导轨Nginx
[英]SSL rails nginx
问题描述
I am trying to install a SSL certificate that I recently acquired from GoDaddy. 
我正在尝试安装我最近从GoDaddy获得的SSL证书。 My web application is on Rails 4.2.6 and I am using an Ubuntu Server 14.04. 我的Web应用程序在Rails 4.2.6上,并且我正在使用Ubuntu Server 14.04。 I am also using Phusion Passenger 5.0.28 and Nginx. 我也在使用Phusion Passenger 5.0.28和Nginx。 I don't know if it makes any difference, but I launched the instance using AWS' EC2. 我不知道这有什么不同,但是我使用AWS的EC2启动了实例。
I created a combined file using the two .crt files sent by GoDaddy. 我使用GoDaddy发送的两个.crt文件创建了一个组合文件。
When I edit my application.rb file: 当我编辑application.rb文件时:
config.force_ssl = true
I receive the following error: 我收到以下错误:
ERR_CONNECTION_TIMED_OUT ERR_CONNECTION_TIMED_OUT
There are two files that I have tried editing, with not success so far: 我尝试编辑了两个文件,但到目前为止没有成功:
nginx.conf.
nginx.conf。 The server block currently look like this: 服务器块当前如下所示: server { listen 443 ssl; server_name localhost; ssl_certificate /var/www/primeraraiz5/primeraraiz_combined.crt; ssl_certificate_key /var/www/primeraraiz5/primeraraiz.com.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; location / { root html; index index.html index.htm; } } include /etc/nginx/sites-enabled/*;rails.conf (in a sites-available directory; which is “symbolically linked” to the sites-enabled directory ).
rails.conf(在站点可用目录中;“符号链接”到启用站点的目录)。 The server block looks like this: 服务器块如下所示: server { listen 443 ssl; passenger_enabled on; passenger_app_env production; root /var/www/primeraraiz5/public; server_name 52.39.200.205 primeraraiz.com; } server { server_name www.primeraraiz.com; return 301 $scheme://primeraraiz.com$request_uri; }
I don't know if I am doing something wrong in these files or if I should change any settings at AWS or with the company that currently hosts my domain. 我不知道我在这些文件中做错了什么,还是应该在AWS或当前托管我的域的公司更改任何设置。
Thanks a lot for your help! 非常感谢你的帮助!
1 个解决方案
解决方案1
1 2016-08-17 16:16:06
There are a couple of things to do to your configuration. 您的配置有几件事情要做。
The first is the server block containing the redirect. 第一个是包含重定向的服务器块。 Since you haven't provided us with a server that's listening on port 80, I assume that you want to redirect all requests to http://www.primeraraiz.com; 由于您尚未向我们提供在端口80上监听的服务器,因此我假设您想将所有请求重定向到http://www.primeraraiz.com; to HTTPS. 到HTTPS。 If so, replace $scheme with https so that your block looks as follows: 如果是这样,请将$scheme替换$scheme https以使您的代码块如下所示:
server {
server_name www.primeraraiz.com;
return 301 https://primeraraiz.com$request_uri;
}
Next, the SSL offloading needs to happen in the server block from which you're serving. 接下来,需要在您要服务的服务器块中进行SSL卸载。 In your case, you're offloading SSL for server name localhost , and not for primeraraiz.com which is what I assume you're trying to do. 在您的情况下,您要为服务器名称localhost卸载SSL,而不是为primeraraiz.com卸载SSL,这是我假设您要尝试的操作。 So copy the SSL parameters of your first server block to the one that has server name primeraraiz.com to end up with: 因此,将第一个服务器块的SSL参数复制到服务器名称为primeraraiz.com服务器块,最后得到:
server {
listen 443 ssl;
server_name 52.39.200.205 primeraraiz.com;
ssl_certificate /var/www/primeraraiz5/primeraraiz_combined.crt;
ssl_certificate_key /var/www/primeraraiz5/primeraraiz.com.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
passenger_enabled on;
passenger_app_env production;
root /var/www/primeraraiz5/public;
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.