0

I have a RoR app running in Nginx. I deploy the application to server using capistrano and puma. It works well under this nginx configuration:

upstream puma {
  server unix:///home/kiui/apps/kiui/shared/tmp/sockets/kiui-puma.sock;
}

server {
  listen 80;
  keepalive_timeout   70;
  server_name kiuiapp.com;

  root /home/kiui/apps/kiui/current/public;
  access_log /home/kiui/apps/kiui/current/log/nginx.access.log;
  error_log /home/kiui/apps/kiui/current/log/nginx.error.log info;

  location ^~ /assets/ {
    gzip_static on;
    expires max;
    add_header Cache-Control public;
  }

  try_files $uri/index.html $uri @puma;
  location @puma {
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $host;
    proxy_redirect off;

    proxy_pass http://puma;
  }

  error_page 500 502 503 504 /500.html;
  client_max_body_size 10M;
}

But I need run the rails app with https to use a Facebook app in it. I created a auto signed ssl certificate following this tutorial create autosigned ssl certificate and changed the nginx configuration to that: 

upstream puma {
  server unix:///home/kiui/apps/kiui/shared/tmp/sockets/kiui-puma.sock;
}

server {
  listen 443 ssl;
  keepalive_timeout   70;
  server_name kiuiapp.com;

  ssl on;
  ssl_certificate /etc/ssl/kiui.crt;
  ssl_certificate_key /etc/ssl/kiui.key;
  ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers         AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:RC4-MD5;
  ssl_session_cache   shared:SSL:10m;
  ssl_session_timeout 10m;

  root /home/kiui/apps/kiui/current/public;
  access_log /home/kiui/apps/kiui/current/log/nginx.access.log;
  error_log /home/kiui/apps/kiui/current/log/nginx.error.log info;

  location ^~ /assets/ {
    gzip_static on;
    expires max;
    add_header Cache-Control public;
  }

  try_files $uri/index.html $uri @puma;
  location @puma {
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $host;
    proxy_redirect off;

    proxy_pass http://puma;
  }

  error_page 500 502 503 504 /500.html;
  client_max_body_size 10M;
}

It not work! The browser give me ERR_CONNECTION_TIMED_OUTerror. Someone could help me?

Improve this question
5
  • Why do you have the line listen 443 ssl commented out? HTTPS uses the port 443 by default, so if nginx is not listening to that port, browsers will not be able to connect. Commented Jul 26, 2018 at 14:53
  • This doesn't seem like a RoR question to me. Perhaps you should remove the tag? Commented Jul 26, 2018 at 14:57
  • Sorry @JackBracken, i'm changed configuration and forget uncomment listen 443 sslcode. I remove ruby on rails tag @jvillian. Thanks Commented Jul 26, 2018 at 15:14
  • Did you solve it? Commented Aug 21, 2018 at 5:31
  • Yes, @BerkhanBerkdemir. I think the problem was the ssl certificate chain. I didn´t create it well. Commented Aug 22, 2018 at 7:10

1 Answer 1

Reset to default
1

SOLUTION:

upstream puma {
  server unix:///home/kiui/apps/kiui/shared/tmp/sockets/kiui-puma.sock;
}

server {
  listen 80 default_server;
  listen [::]:80 default_server;
  return 301 https://$host$request_uri;
}

server {
  listen 443 ssl;
  keepalive_timeout   70;
  server_name kiuiapp.com;
  ssl on;
  ssl_certificate /root/kiuiapp.com.chain.cer;
  ssl_certificate_key /root/kiuiapp.com.key;
  ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers         AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:RC4-MD5;
  ssl_session_cache   shared:SSL:10m;
  ssl_session_timeout 10m;

  root /home/kiui/apps/kiui/current/public;
  access_log /home/kiui/apps/kiui/current/log/nginx.access.log;
  error_log /home/kiui/apps/kiui/current/log/nginx.error.log info;

  location ^~ /assets/ {
    gzip_static on;
    expires max;
    add_header Cache-Control public;
  }

  try_files $uri/index.html $uri @puma;
  location @puma {
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $host;
    proxy_redirect off;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_pass http://puma;
  }

  error_page 500 502 503 504 /500.html;
  client_max_body_size 10M;
}

I think the problem was the ssl certificate chain. It was not well created.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.