help with ssl config nginx -> thin -> rails
Karl Johnson
karljohn at gmail.com
Thu Jan 12 18:30:43 UTC 2012
I'm lost in a sea of configurations and every change I make ends up causing
a different problem in relation to serving over HTTPS. I've tried all kinds
of different combos of the headers. I'm using nginx in front of thin web
servers for rails.
With the below config, serving static content works. Serving rails pages
now just bombs over HTTPS with a 400. The prior config I had caused an
endless redirect.
Being a relative newbie to nginx and rails, my guess is that it has
something to do with the thin servers serving over the 400x ports, but the
upstream below just referencing 443. How should this be configured to serve
dynamic rails content over SSL when you have 20 nodes on thin started?
Thanks for any help!
upstream developmentmode{
server 127.0.0.1:4000;
server 127.0.0.1:4001;
server 127.0.0.1:4002;
server 127.0.0.1:4003;
server 127.0.0.1:4004;
server 127.0.0.1:4005;
server 127.0.0.1:4006;
server 127.0.0.1:4007;
server 127.0.0.1:4008;
server 127.0.0.1:4009;
server 127.0.0.1:4010;
server 127.0.0.1:4011;
server 127.0.0.1:4012;
server 127.0.0.1:4013;
server 127.0.0.1:4014;
server 127.0.0.1:4015;
server 127.0.0.1:4016;
server 127.0.0.1:4017;
server 127.0.0.1:4018;
server 127.0.0.1:4019;
}
upstream devmode-secure{
server 127.0.0.1:443;
}
server {
listen 80;
server_name govenga.com www.govenga.com;
server_name 50.56.121.244;
access_log /var/www/dev/log/access.log;
error_log /var/www/dev/log/error.log;
client_max_body_size 50M;
client_body_buffer_size 512k;
root /var/www/dev/public/;
index index.html;
location ~*
^.+.(jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|txt|tar|mid|midi|wav|bmp|rtf|ttf|woff|svg|eot)$
{
root /var/www/dev/public/;
expires 10y;
add_header Cache-Control public;
}
location ~ ^(/javascripts/.*)$ {
root /var/www/dev/public/;
expires 10y;
add_header Cache-Control public;
}
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host:$proxy_port;
proxy_redirect off;
if (-f $request_filename/index.html) {
rewrite (.*) $1/index.html break;
}
if (-f $request_filename.html) {
rewrite (.*) $1.html break;
}
if (!-f $request_filename) {
proxy_pass http://developmentmode;
break;
}
}
}
server {
listen 443;
server_name govenga.com www.govenga.com;
ssl on;
ssl_certificate /etc/nginx/certificates/new/govenga.com.crt;
ssl_certificate_key /etc/nginx/certificates/new/govenga_new.key;
ssl_client_certificate /etc/nginx/certificates/new/gd_bundle.crt;
keepalive_timeout 70;
#
access_log /var/www/dev/log/access.log;
error_log /var/www/dev/log/error.log;
#
client_max_body_size 50M;
client_body_buffer_size 512k;
#
root /var/www/dev/public/;
index index.html;
location ~*
^.+.(jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|txt|tar|mid|midi|wav|bmp|rtf|ttf|woff|svg|eot)$
{
root /var/www/dev/public/;
expires 1y;
add_header Cache-Control public;
}
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_set_header X-Url-Scheme $scheme;
if (-f $request_filename/index.html) {
rewrite (.*) $1/index.html break;
}
if (-f $request_filename.html) {
rewrite (.*) $1.html break;
}
if (!-f $request_filename) {
proxy_pass https://devmode-secure;
break;
}
}
}
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20120112/75e8de79/attachment.html>
More information about the nginx
mailing list