I am trying to install a SSL certificate that I recently acquired from GoDaddy. My web application is on Rails 4.2.6 and I am using an Ubuntu Server 14.04. I am also using Phusion Passenger 5.0.28 and Nginx. I don't know if it makes any difference, but I launched the instance using AWS' EC2.
I created a combined file using the two .crt files sent by GoDaddy.
When I edit my application.rb file:
config.force_ssl = true
I receive the following error:
ERR_CONNECTION_TIMED_OUT
There are two files that I have tried editing, with not success so far:
nginx.conf. The server block currently look like this:
server { listen 443 ssl; server_name localhost; ssl_certificate /var/www/primeraraiz5/primeraraiz_combined.crt; ssl_certificate_key /var/www/primeraraiz5/primeraraiz.com.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; location / { root html; index index.html index.htm; } } include /etc/nginx/sites-enabled/*;
rails.conf (in a sites-available directory; which is “symbolically linked” to the sites-enabled directory ). The server block looks like this:
server { listen 443 ssl; passenger_enabled on; passenger_app_env production; root /var/www/primeraraiz5/public; server_name 52.39.200.205 primeraraiz.com; } server { server_name www.primeraraiz.com; return 301 $scheme://primeraraiz.com$request_uri; }
I don't know if I am doing something wrong in these files or if I should change any settings at AWS or with the company that currently hosts my domain.
Thanks a lot for your help!
There are a couple of things to do to your configuration.
The first is the server block containing the redirect. Since you haven't provided us with a server that's listening on port 80, I assume that you want to redirect all requests to http://www.primeraraiz.com;
to HTTPS. If so, replace $scheme
with https
so that your block looks as follows:
server {
server_name www.primeraraiz.com;
return 301 https://primeraraiz.com$request_uri;
}
Next, the SSL offloading needs to happen in the server block from which you're serving. In your case, you're offloading SSL for server name localhost
, and not for primeraraiz.com
which is what I assume you're trying to do. So copy the SSL parameters of your first server block to the one that has server name primeraraiz.com
to end up with:
server {
listen 443 ssl;
server_name 52.39.200.205 primeraraiz.com;
ssl_certificate /var/www/primeraraiz5/primeraraiz_combined.crt;
ssl_certificate_key /var/www/primeraraiz5/primeraraiz.com.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
passenger_enabled on;
passenger_app_env production;
root /var/www/primeraraiz5/public;
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.