- Generate Private Key
$ mkdir /etc/ssl/
$ cd /etc/ssl
$ openssl genrsa -out private.key 2048
- Generate CSR
$ openssl req -new -key private.key -out csr.csr
- Request Certificate on Certificate providers like godaddy
- Copy
csr.csr
and paste to your Certificate provider
- Wait for Certificates
- Download Certificates
- Unzip files
- gd-bundle.crt
- 1234567.crt
- Create chained crt file
$ cat 1234567.crt gd-bundle.crt > app.com.chained.crt
- Apply this configuration in /etc/nginx/site-enabled/default
upstream app {
# Path to Puma SOCK file, as defined previously
server unix:/home/ubuntu/<app>/shared/sockets/puma.sock fail_timeout=0;
}
server {
listen 80;
server_name _;
rewrite ^ https://$host$request_uri? permanent;
}
server {
listen 443;
server_name localhost;
ssl on;
ssl_certificate /home/ubuntu/ssl/app.com.chained.crt;
ssl_certificate_key /home/ubuntu/ssl/verfifyme.key;
ssl_prefer_server_ciphers on;
root /home/ubuntu/verifymeee/public;
try_files $uri/index.html $uri @app;
location @app {
proxy_pass http://app;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
}
error_page 500 502 503 504 /500.html;
client_max_body_size 4G;
keepalive_timeout 10;
}
- Test configurations and restart
$ sudo nginx -it
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
$ sudo service nginx restart