stackoom
  简体   繁体   中英

nginx configuration for ssl certificate installation with rails application

 原文  2018-05-26 11:41:34       ruby-on-rails/ ssl/ nginx/ passenger

Question

I have a site that I built using ruby on rails on nginx server with passenger. My client decided to install ssl certificate.I am a newbie to that kind of issues and I have never did it before and I need to confirm that my sites-enabled/default file is configured properly. My current configuration is : 

server {
       listen 80;
       listen [::]:80 ipv6only=on;
       server_name www.mysite.com;
       passenger_enabled on;
       rails_env    production;
       root         /home/directory;

       # redirect server error pages to the static page /50x.html
       error_page   500 502 503 504  /50x.html;
       location = /50x.html {
           root   html;
       }

   }

and for adding ssl certificate, I will add another server block like below: 

server {
      listen 443;
      server_name www.mysite.com;
      passenger_enabled on;
      rails_env    production;
      root         /home/directory;

      ssl                  on;
      ssl_certificate      /etc/ssl/my_certificate;
      ssl_certificate_key  /etc/ssl/my_private_key;

      ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
      ssl_ciphers   "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";

      ssl_prefer_server_ciphers   on;
      ssl_session_timeout  10m;
      ssl_session_cache shared:SSL:10m;
      ssl_stapling on



      # redirect server error pages to the static page /50x.html
      error_page   500 502 503 504  /50x.html;
      location = /50x.html {
          root   html;
      }

  }

  • is that a right way and parameters to configure nginx or I need to combine them in one server block ?

  • is there any thing missing should I add to the previous config ?

  • in the : server_name www.mysite.com; can I replace it with my IP address instead of the domain name ?

Thanks for your time in advance

1 answers

solution1
 1 ACCPTED  2018-05-26 13:56:49

  • You can have HTTP and HTTPS servers in the same server section

    server { listen 80; listen [::]:80 ipv6only=on; listen 443 ssl; ... }

  • For complete SSL related configuration I would recommend to use Mozilla generator

  • Yes, but you shouldn't. Nginx will match your first server section even if you haven't set server_name properly, but such configuration is hard to support and troubleshoot

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to configure SSL termination on Nginx with a Rails application Redirection loop with NGinx on a rails application with ssl Mac Nginx Passenger configuration for Rails Application Rails ssl certificate verify failed after Rails.application.initialize Create ssl certificate for rails How can I setup a local SSL certificate and a Rails application? SSL rails nginx What SSL Certificates when using NGINX as loadbalancer for a RAILS Application How do I configure SSL on Nginx and Unicorn for Rails application? Phusion Passenger + Nginx Virtual Host Configuration for Ruby on Rails Application in Debian 6
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM