I'm lost in a sea of configurations and every change I make ends up causing a different problem in relation to serving over HTTPS. I've tried all kinds of different combos of the headers. I'm using nginx in front of thin web servers for rails. <div>
<br></div><div>With the below config, serving static content works. Serving rails pages now just bombs over HTTPS with a 400. The prior config I had caused an endless redirect.</div><div><br></div><div>Being a relative newbie to nginx and rails, my guess is that it has something to do with the thin servers serving over the 400x ports, but the upstream below just referencing 443. How should this be configured to serve dynamic rails content over SSL when you have 20 nodes on thin started?</div>
<div><br></div><div>Thanks for any help!<br><div><br></div><div><div>upstream developmentmode{</div><div> server <a href="http://127.0.0.1:4000">127.0.0.1:4000</a>;</div><div> server <a href="http://127.0.0.1:4001">127.0.0.1:4001</a>;</div>
<div> server <a href="http://127.0.0.1:4002">127.0.0.1:4002</a>;</div><div> server <a href="http://127.0.0.1:4003">127.0.0.1:4003</a>;</div><div> server <a href="http://127.0.0.1:4004">127.0.0.1:4004</a>;</div>
<div> server <a href="http://127.0.0.1:4005">127.0.0.1:4005</a>;</div><div> server <a href="http://127.0.0.1:4006">127.0.0.1:4006</a>;</div><div> server <a href="http://127.0.0.1:4007">127.0.0.1:4007</a>;</div>
<div> server <a href="http://127.0.0.1:4008">127.0.0.1:4008</a>;</div><div> server <a href="http://127.0.0.1:4009">127.0.0.1:4009</a>;</div><div> server <a href="http://127.0.0.1:4010">127.0.0.1:4010</a>;</div>
<div> server <a href="http://127.0.0.1:4011">127.0.0.1:4011</a>;</div><div> server <a href="http://127.0.0.1:4012">127.0.0.1:4012</a>;</div><div> server <a href="http://127.0.0.1:4013">127.0.0.1:4013</a>;</div>
<div> server <a href="http://127.0.0.1:4014">127.0.0.1:4014</a>;</div><div> server <a href="http://127.0.0.1:4015">127.0.0.1:4015</a>;</div><div> server <a href="http://127.0.0.1:4016">127.0.0.1:4016</a>;</div>
<div> server <a href="http://127.0.0.1:4017">127.0.0.1:4017</a>;</div><div> server <a href="http://127.0.0.1:4018">127.0.0.1:4018</a>;</div><div> server <a href="http://127.0.0.1:4019">127.0.0.1:4019</a>;</div>
<div> }</div><div><br></div><div>upstream devmode-secure{</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>server <a href="http://127.0.0.1:443">127.0.0.1:443</a>;</div><div>}</div><div><br></div>
<div>server {</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>listen 80;</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>server_name <a href="http://govenga.com">govenga.com</a> <a href="http://www.govenga.com">www.govenga.com</a>;</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>server_name 50.56.121.244;</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>access_log /var/www/dev/log/access.log;</div><div> error_log /var/www/dev/log/error.log;</div>
<div><br></div><div> client_max_body_size 50M;</div><div> client_body_buffer_size 512k;</div><div><br></div><div> root /var/www/dev/public/;</div><div> index index.html;</div><div> location ~* ^.+.(jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|txt|tar|mid|midi|wav|bmp|rtf|ttf|woff|svg|eot)$ {</div>
<div> <span class="Apple-tab-span" style="white-space:pre"> </span>root /var/www/dev/public/;</div><div> expires 10y;</div><div> add_header Cache-Control public;</div><div>
}</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>location ~ ^(/javascripts/.*)$ {</div><div> <span class="Apple-tab-span" style="white-space:pre"> </span>root /var/www/dev/public/;</div>
<div> expires 10y;</div><div> add_header Cache-Control public;</div><div> }</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>location / {</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>proxy_set_header X-Real-IP $remote_addr;</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>proxy_set_header Host $host:$proxy_port;</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>proxy_redirect off;</div><div><br></div><div><span class="Apple-tab-span" style="white-space:pre"> </span> if (-f $request_filename/index.html) {</div><div>
rewrite (.*) $1/index.html break;</div><div> }</div><div> if (-f $request_filename.html) {</div><div> rewrite (.*) $1.html break;</div><div> }</div><div> if (!-f $request_filename) {</div>
<div> proxy_pass <a href="http://developmentmode">http://developmentmode</a>;</div><div> break;</div><div> }</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>}</div><div>}</div></div>
<div><div>server {</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>listen 443;</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>server_name <a href="http://govenga.com">govenga.com</a> <a href="http://www.govenga.com">www.govenga.com</a>;</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>ssl on;</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>ssl_certificate /etc/nginx/certificates/new/govenga.com.crt;</div>
<div> ssl_certificate_key /etc/nginx/certificates/new/govenga_new.key;</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>ssl_client_certificate /etc/nginx/certificates/new/gd_bundle.crt;</div>
<div> keepalive_timeout 70;</div><div>#</div><div> access_log /var/www/dev/log/access.log;</div><div> error_log /var/www/dev/log/error.log;</div><div>#</div><div> client_max_body_size 50M;</div>
<div> client_body_buffer_size 512k;</div><div>#</div><div> root /var/www/dev/public/;</div><div> index index.html;</div><div> location ~* ^.+.(jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|txt|tar|mid|midi|wav|bmp|rtf|ttf|woff|svg|eot)$ {</div>
<div> <span class="Apple-tab-span" style="white-space:pre"> </span>root /var/www/dev/public/;</div><div> expires 1y;</div><div> add_header Cache-Control public;</div><div> }</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span></div><div> <span class="Apple-tab-span" style="white-space:pre"> </span>location / {</div><div> proxy_set_header X-Real-IP $remote_addr;</div><div> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;</div>
<div> proxy_set_header Host $http_host;</div><div> proxy_set_header X-Forwarded-Proto https;</div><div> proxy_redirect off;</div><div> proxy_set_header X-Url-Scheme $scheme;</div><div><br></div><div>
if (-f $request_filename/index.html) {</div><div> rewrite (.*) $1/index.html break;</div><div> }</div><div> if (-f $request_filename.html) {</div><div> rewrite (.*) $1.html break;</div><div> }</div>
<div> if (!-f $request_filename) {</div><div> proxy_pass <a href="https://devmode-secure">https://devmode-secure</a>;</div><div> break;</div><div> }</div><div> }</div><div>}</div></div><div><br>
</div></div>