I was trying to make my Rails website serve all the web-pages and assets with both, http or https, but what happens is that when I enter in https mode it is being redirected to http and the assets are never served with as https protocol.
My nginx configuration is the following one:
server {
listen <%= rubber_env.unicorn_listen_port %>;
listen 443 ssl;
ssl_certificate /etc/ssl/certs/server.crt;
ssl_certificate_key /etc/ssl/private/server.key;
ssl_session_cache shared:SSL:10m;
client_max_body_size 4G;
server_name <%= [ rubber_env.domain, rubber_env.web_aliases ].flatten.compact.join(" ") %>;
keepalive_timeout 5;
# Location of our static files
root <%= Rubber.root + "/public" %>;
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
# If you don't find the filename in the static files
# Then request it from the unicorn server
if (!-f $request_filename) {
proxy_pass http://unicorn_server;
break;
}
}
location ~ ^/(assets)/ {
expires 1y;
add_header Cache-Control public;
add_header ETag "";
break;
gzip_static on; # to serve pre-gzipped version
}
# this rewrites all the requests to the maintenance.html
# page if it exists in the doc root. This is for capistrano's
# disable web task
if (-f $document_root/system/maintenance.html)
{
rewrite ^(.*)$ /system/maintenance.html last;
break;
}
error_page 500 502 503 504 /500.html;
location = /500.html
{
root <%= Rubber.root + "/public" %>;
}
error_page 404 /404.html;
location = /404.html
{
root <%= Rubber.root + "/public" %>;
}
}
It would be better if I could serve the static assets with nginx in https or http, but if it is not possible, I can serve them with Rails and pay the performance penalty, since this will only be used in the bookmarklet that we are creating.
Do you know how to make this nginx config works with ssl serving the assets?
If you need I can add the unicorn and haproxy configuration too.
Thank you!
My solution was to accept ssl in everything and also serve the assets as ssl assets.
<%
@path = "/etc/nginx/rubber/unicorn_nginx.conf"
%>
upstream unicorn_server {
# This is the socket we configured in unicorn.rb
server unix:/var/run/unicorn.sock
fail_timeout=0;
}
server {
listen <%= rubber_env.unicorn_listen_port %>;
client_max_body_size 4G;
server_name <%= [ rubber_env.domain, rubber_env.web_aliases ].flatten.compact.join(" ") %>;
keepalive_timeout 5;
# Location of our static files
root <%= Rubber.root + "/public" %>;
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
# If you don't find the filename in the static files
# Then request it from the unicorn server
if (!-f $request_filename) {
proxy_pass http://unicorn_server;
break;
}
}
location ~ ^/(assets)/ {
expires 1y;
add_header Cache-Control public;
add_header ETag "";
break;
gzip_static on; # to serve pre-gzipped version
}
# this rewrites all the requests to the maintenance.html
# page if it exists in the doc root. This is for capistrano's
# disable web task
if (-f $document_root/system/maintenance.html)
{
rewrite ^(.*)$ /system/maintenance.html last;
break;
}
error_page 500 502 503 504 /500.html;
location = /500.html
{
root <%= Rubber.root + "/public" %>;
}
error_page 404 /404.html;
location = /404.html
{
root <%= Rubber.root + "/public" %>;
}
}
server {
listen 443 ssl;
ssl_certificate /etc/ssl/certs/server.crt;
ssl_certificate_key /etc/ssl/private/server.pem;
ssl_session_cache shared:SSL:10m;
client_max_body_size 4G;
server_name <%= [ rubber_env.domain, rubber_env.web_aliases ].flatten.compact.join(" ") %>;
keepalive_timeout 5;
# Location of our static files
root <%= Rubber.root + "/public" %>;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://unicorn_server;
}
location ^~ /assets/ {
gzip_static on;
expires max;
add_header Cache-Control public;
}
# this rewrites all the requests to the maintenance.html
# page if it exists in the doc root. This is for capistrano's
# disable web task
if (-f $document_root/system/maintenance.html)
{
rewrite ^(.*)$ /system/maintenance.html last;
break;
}
error_page 500 502 503 504 /500.html;
location = /500.html
{
root <%= Rubber.root + "/public" %>;
}
error_page 404 /404.html;
location = /404.html
{
root <%= Rubber.root + "/public" %>;
}
}