0

I have been trying to get my application working in production. I was able to access the site before changing config.force_ssl = true in my config\environments\production.rb.

I have seen many others with this problem need to add proxy_set_header X-Fowarded-Proto https;

I have tried adding this in my /etc/nginx/sites-available/default but haven't seen a difference.

My full default is below: 

upstream puma {
  server unix:///home/deploy/apps/appname/shared/tmp/sockets/appname-puma.sock;
}

server {
  listen 80;
  listen [::]:80; 
  listen 443 ssl;
  listen [::]:443 ssl; 

  root /var/www/html; 

  index index.html index.htm index.nginx-debian.html

  server_name appname.com www.appname.com

  try_files $uri/index.html $uri @puma;
  location @puma {
    proxy_set_header X-Forwarded-Proto https;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_redirect off;

    proxy_pass http://puma;
  }

}

After making changes I reloaded nginx using sudo service nginx reload followed by sudo service nginx stop and sudo service nginx start

Am I missing something?

EDIT:

I updated my default and removed the config.force_ssl = true: 

upstream puma {
  server unix:///home/kiui/apps/appnamw/shared/tmp/sockets/appname-puma.sock;
}

server {
  listen 80 default_server;
  listen [::]:80 default_server;
  return 301 https://$host$request_uri;
}

server {
  listen 443 ssl;
  keepalive_timeout   70;
  server_name appname.com www.appname.com;
  ssl on;
  ssl_certificate /root/appname.com.chain.cer;
  ssl_certificate_key /root/appname.com.key;
  ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers         AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:RC4-MD5;
  ssl_session_cache   shared:SSL:10m;
  ssl_session_timeout 10m;

  root /home/deploy/apps/appname/current/public;
  access_log /home/deploy/apps/appname/current/log/nginx.access.log;
  error_log /home/deploy/apps/appname/current/log/nginx.error.log info;

  location ^~ /assets/ {
    gzip_static on;
    expires max;
    add_header Cache-Control public;
  }

  try_files $uri/index.html $uri @puma;
  location @puma {
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $host;
    proxy_redirect off;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_pass http://puma;
  }

  error_page 500 502 503 504 /500.html;
  client_max_body_size 10M;
}

I can now access the site with http but not https.

Improve this question
2
  • Are we correct to assume that you replaced appname.com with your actual domain? Commented Feb 12, 2020 at 10:16
  • Yes that is correct. I figured it out, will update the answer Commented Feb 12, 2020 at 13:11

2 Answers 2

Reset to default
1

Could you try the following:

upstream puma {
  server unix:///home/deploy/apps/appname/shared/tmp/sockets/appname-puma.sock;
}

server {
  listen 80;
  server_name appname.com www.appname.com;
  return 301 https://$host$request_uri;
}

server {
  # SSL configuration
  ssl on;
  listen 443 ssl;
  ssl_certificate path-to-your-crt-file;
  ssl_certificate_key path-to-your-key-file;
  server_name appname.com www.appname.com;

  ...
}
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Hi @saratibbetts, what is the response when you type https://www.appname.com into your address bar? And could you check your Nginx logs, both access log and error log.
0

My problem was where I was adding the code above. I was adding it in default rather than nginx.conf. Moving the code above solved the problem.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.