SSL Certificate, Nginx, Ruby on Rails


Prerequisites. You have google apps set up and can already received e-mails from

Purchase an SSL certificate from DNSimple.

Follow instructions sent to for domain control validation.

In production.rb, change the force_ssl option to true.

config.force_ssl = true

Download your certificates from DNSimple. It can take up to an hour before they appear.

Rsync your SSL certificates to your server.

$ rsync -av www_yoursite_com.pem
$ rsync -av www_yoursite_com.key

On the server, move the certs into /etc/nginx/ or wherever you want to put them.

$ sudo mv ~/ssl/www_yoursite_com.pem /etc/nginx/
$ sudo mv ~/ssl/www_yoursite_com.key /etc/nginx/

Edit your Nginx configuration found in /etc/nginx/sites-available.

The proxy_set_header X-Forwarded-Proto https; is necessary to prevent an infinite redirect loop.

upstream app {
  server unix:/tmp/unicorn.yoursite.sock fail_timeout=0;
server {
  listen 443;

  ssl on;
  ssl_certificate /etc/nginx/www_yoursite_com.pem;
  ssl_certificate_key /etc/nginx/www_yoursite_com.key;

  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

  root /var/www/yoursite/current/public;
  try_files $uri/index.html $uri @app;
  location @app {
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto https;
    proxy_set_header Host $http_host;
    proxy_redirect off;
    proxy_pass http://app;
  error_page 500 502 503 504 /500.html;
  client_max_body_size 4G;
  keepalive_timeout 10;

Restart Nginx.

$ sudo /etc/init.d/nginx restart