Configure Self Signed Certificates with Nginx and Rails

Guys,

I was given a task to setup https using self signed certificate using nginx in our latest rails app. This was basically for the paypal page where we were accepting credit card details on our site.

Below is the nginx.conf file configuration which u require in order to implement SSL certificate. If you see closely there are 2 port defined. 1) port 80 2) port 443. Port 80 is for standard http request and port 443 is for https request.

#————————code starts below————————————-

#user nobody;

worker_processes 4;

pid /var/run/nginx.pid;

events {
worker_connections 1024;
}

http {
include /etc/nginx/mime.types;

default_type application/octet-stream;

log_format main ‘$remote_addr – $remote_user [$time_local] ‘
‘”$request” $status $body_bytes_sent “$http_referer” ‘
‘”$http_user_agent” “$http_x_forwarded_for”‘;

sendfile on;
tcp_nopush on;
tcp_nodelay off;
#keepalive_timeout 0;
keepalive_timeout 65;

gzip on;
gzip_http_version 1.0;
gzip_comp_level 2;
gzip_buffers 16 8k;
gzip_types text/plain text/html text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript ;

upstream main{
server 127.0.0.1:8000;
server 127.0.0.1:8001;
server 127.0.0.1:8002;
server 127.0.0.1:8003;
}

server {
listen 80;
#server_name yourdomain.com;

#client_max_body_size 4M;
client_body_buffer_size 128k;
root /var/www/yourapplication/public/;

# needed to forward user.s IP address to rails
proxy_set_header X-Real-IP $remote_addr;

# needed for HTTPS
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect false;
proxy_max_temp_file_size 0;

location ~ ^/(images|javascripts|stylesheets|product)/ {
expires 10y;
}

# If the file exists as a static file serve it directly without
# running all the other rewite tests on it
if (-f $request_filename) {
break;
}

# check for index.html for directory index
# if its there on the filesystem then rewite
# the url to add /index.html to the end of it
# and then break to send it to the next config rules.
if (-f $request_filename/index.html) {
rewrite (.*) $1/index.html break;
}
# redirect the traffic to the upstream mongrel defined as .main.
proxy_pass http://main/;
}
}

#———————–https————

server {
listen 443;
server_name yourdomain.com;
ssl on;
ssl_certificate /etc/ssl/certs/myssl.crt;
ssl_certificate_key /etc/ssl/private/myssl.key;

#client_max_body_size 4M;
client_body_buffer_size 128k;
root /var/www/yourapplication/public/;

# needed to forward user.s IP address to rails
proxy_set_header X-Real-IP $remote_addr;

# needed for HTTPS
proxy_set_header X_FORWARDED_PROTO https;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Url-Scheme $scheme;
proxy_redirect off;
proxy_max_temp_file_size 0;

location ~ ^/(images|javascripts|stylesheets|product)/ {
expires 10y;
}

# If the file exists as a static file serve it directly without
# running all the other rewite tests on it
if (-f $request_filename) {
break;
}

# check for index.html for directory index
# if its there on the filesystem then rewite
# the url to add /index.html to the end of it
# and then break to send it to the next config rules.
if (-f $request_filename/index.html) {
rewrite (.*) $1/index.html break;
}
# redirect the traffic to the upstream mongrel defined as .main.
proxy_pass http://main/;
}
}

#—————————-https———————–

In the code above the most important part is

ssl on;
ssl_certificate /etc/ssl/certs/myssl.crt;
ssl_certificate_key /etc/ssl/private/myssl.key;

Now how to generate self signed certificates i will let u know in my next post. (Though i should have covered it b4 but ne ways will do it now)

Thats all. You can add and remove basic paraments you want from the above given nginx.conf file.
Let me know if you find any issues in implementing SSL for your app.

Be Sociable, Share!