[英]SSL rails nginx
I am trying to install a SSL certificate that I recently acquired from GoDaddy. 我正在尝试安装我最近从GoDaddy获得的SSL证书。 My web application is on Rails 4.2.6 and I am using an Ubuntu Server 14.04.
我的Web应用程序在Rails 4.2.6上,并且我正在使用Ubuntu Server 14.04。 I am also using Phusion Passenger 5.0.28 and Nginx.
我也在使用Phusion Passenger 5.0.28和Nginx。 I don't know if it makes any difference, but I launched the instance using AWS' EC2.
我不知道这有什么不同,但是我使用AWS的EC2启动了实例。
I created a combined file using the two .crt files sent by GoDaddy. 我使用GoDaddy发送的两个.crt文件创建了一个组合文件。
When I edit my application.rb file: 当我编辑application.rb文件时:
config.force_ssl = true
I receive the following error: 我收到以下错误:
ERR_CONNECTION_TIMED_OUT ERR_CONNECTION_TIMED_OUT
There are two files that I have tried editing, with not success so far: 我尝试编辑了两个文件,但到目前为止没有成功:
nginx.conf. nginx.conf。 The server block currently look like this:
服务器块当前如下所示:
server { listen 443 ssl; server_name localhost; ssl_certificate /var/www/primeraraiz5/primeraraiz_combined.crt; ssl_certificate_key /var/www/primeraraiz5/primeraraiz.com.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; location / { root html; index index.html index.htm; } } include /etc/nginx/sites-enabled/*;
rails.conf (in a sites-available directory; which is “symbolically linked” to the sites-enabled directory ). rails.conf(在站点可用目录中;“符号链接”到启用站点的目录)。 The server block looks like this:
服务器块如下所示:
server { listen 443 ssl; passenger_enabled on; passenger_app_env production; root /var/www/primeraraiz5/public; server_name 52.39.200.205 primeraraiz.com; } server { server_name www.primeraraiz.com; return 301 $scheme://primeraraiz.com$request_uri; }
I don't know if I am doing something wrong in these files or if I should change any settings at AWS or with the company that currently hosts my domain. 我不知道我在这些文件中做错了什么,还是应该在AWS或当前托管我的域的公司更改任何设置。
Thanks a lot for your help! 非常感谢你的帮助!
There are a couple of things to do to your configuration. 您的配置有几件事情要做。
The first is the server block containing the redirect. 第一个是包含重定向的服务器块。 Since you haven't provided us with a server that's listening on port 80, I assume that you want to redirect all requests to
http://www.primeraraiz.com;
由于您尚未向我们提供在端口80上监听的服务器,因此我假设您想将所有请求重定向到
http://www.primeraraiz.com;
to HTTPS. 到HTTPS。 If so, replace
$scheme
with https
so that your block looks as follows: 如果是这样,请将
$scheme
替换$scheme
https
以使您的代码块如下所示:
server {
server_name www.primeraraiz.com;
return 301 https://primeraraiz.com$request_uri;
}
Next, the SSL offloading needs to happen in the server block from which you're serving. 接下来,需要在您要服务的服务器块中进行SSL卸载。 In your case, you're offloading SSL for server name
localhost
, and not for primeraraiz.com
which is what I assume you're trying to do. 在您的情况下,您要为服务器名称
localhost
卸载SSL,而不是为primeraraiz.com
卸载SSL,这是我假设您要尝试的操作。 So copy the SSL parameters of your first server block to the one that has server name primeraraiz.com
to end up with: 因此,将第一个服务器块的SSL参数复制到服务器名称为
primeraraiz.com
服务器块,最后得到:
server {
listen 443 ssl;
server_name 52.39.200.205 primeraraiz.com;
ssl_certificate /var/www/primeraraiz5/primeraraiz_combined.crt;
ssl_certificate_key /var/www/primeraraiz5/primeraraiz.com.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
passenger_enabled on;
passenger_app_env production;
root /var/www/primeraraiz5/public;
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.