-
-
Save rkjha/d898e225266f6bbe75d8 to your computer and use it in GitHub Desktop.
upstream myapp_puma { | |
server unix:/tmp/myapp_puma.sock fail_timeout=0; | |
} | |
# for redirecting to https version of the site | |
server { | |
listen 80; | |
rewrite ^(.*) https://$host$1 permanent; | |
} | |
# for redirecting to non-www version of the site | |
server { | |
listen 80; | |
server_name www.example.com; | |
rewrite ^(.*) http://example.com$1 permanent; | |
} | |
server { | |
listen 443 default ssl; | |
server_name example.com; | |
root /home/username/example.com/current/public; | |
ssl on; | |
ssl_certificate /home/username/.comodo_certs/example.com.crt; | |
ssl_certificate_key /home/username/.comodo_certs/example.com.key; | |
ssl_session_timeout 5m; | |
ssl_protocols SSLv2 SSLv3 TLSv1; | |
ssl_ciphers HIGH:!aNULL:!MD5; | |
ssl_prefer_server_ciphers on; | |
location ^~ /assets/ { | |
gzip_static on; | |
expires max; | |
add_header Cache-Control public; | |
} | |
try_files $uri/index.html $uri @myapp_puma; | |
location @myapp_puma { | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header Host $host; | |
proxy_set_header X-Forwarded-Proto https; | |
proxy_redirect off; | |
proxy_pass http://myapp_puma; | |
} | |
error_page 500 502 503 504 /500.html; | |
client_max_body_size 4G; | |
keepalive_timeout 10; | |
} |
upstream myapp_puma { | |
server unix:/tmp/myapp_puma.sock fail_timeout=0; | |
} | |
# for redirecting to non-www version of the site | |
server { | |
listen 80; | |
server_name www.example.com; | |
rewrite ^(.*) http://example.com$1 permanent; | |
} | |
server { | |
listen 80 default; | |
server_name example.com; | |
root /home/username/example.com/current/public; | |
location ^~ /assets/ { | |
gzip_static on; | |
expires max; | |
add_header Cache-Control public; | |
} | |
try_files $uri/index.html $uri @myapp_puma; | |
location @myapp_puma { | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header Host $host; | |
proxy_set_header X-Forwarded-Proto http; | |
proxy_redirect off; | |
proxy_pass http://myapp_puma; | |
} | |
error_page 500 502 503 504 /500.html; | |
client_max_body_size 4G; | |
keepalive_timeout 10; | |
} | |
## Running puma | |
# bundle exec puma -e production -d -b unix:///tmp/myapp_puma.sock |
Would you please elaborate as to what do you mean by stating not to use those ancient ssl_protocols in 2017 - can you offer an explanation there?
Referencing:
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
Thanks
@codewizardry I'm curious too
@codewizardry @fernandoaleman See the Mozilla SSL Nginx Configuration Generator for your answers.
I think the X-Forwarded-Proto https;
could have fixed my issue but before I added that I tried proxy_set_header X-Forwarded-Ssl on;
and that helped with a problem where devise would redirect to http after signup but chrome just wouldn't like that.
Thank you! This has helped me a lot!
I couldn't quite get SSL to work with NGINX, and puma until finding this with X-Forwarded-proto line. Thanks! Don't know why this line isn't in the many other examples and tutorials I browsed through.
Don't be using those ancient
ssl_protocols
in 2017