-
-
Save brendanstennett/7557500 to your computer and use it in GitHub Desktop.
Setting up SSL with Nginx and Unicorn
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # SSL self signed localhost for rails start to finish, no red warnings. | |
| # 1) Create your private key (any password will do, we remove it below) | |
| $ openssl genrsa -des3 -out server.orig.key 2048 | |
| # 2) Remove the password | |
| $ openssl rsa -in server.orig.key -out server.key | |
| # 3) Generate the csr (Certificate signing request) (Details are important!) | |
| $ openssl req -new -key server.key -out server.csr | |
| # IMPORTANT | |
| # Use localhost.ssl as the common name for development | |
| # Use domain name as common name for production | |
| Country Name (2 letter code) [AU]: | |
| ... | |
| Common Name: localhost.ssl | |
| ... | |
| # 4) Generate self signed ssl certificate | |
| $ openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt | |
| ## Development | |
| # 6) Boot thin (for development) | |
| $ thin start --ssl --ssl-verify --ssl-key-file server.key --ssl-cert-file server.crt | |
| ## Production | |
| # Store all files in /etc/nginx/ssl | |
| # Duplicate nginx server block (not upstream @unicorn) | |
| # ADD the following lines to the server block in their proper places: | |
| server { | |
| listen 443; # Instead of Listen 80 | |
| ssl on; | |
| ssl_certificate /etc/ssl/sslchain.crt; # or /etc/ssl/example.com.crt | |
| ssl_certificate_key /etc/ssl/example.com.key; | |
| location @unicorn { | |
| proxy_set_header X-Forwarded-Proto https; | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment