November 2nd, 2006

nginx + ssl + rails

by jd

While nginx has been covered here before, it seems the blogosphere is a bit lacking in covering a nginx + ssl + rails setup, which requires a little bit of putting 2 and 2 together and getting 5. The configuration is as such:


server {
  listen 443;
  ssl on;
  # path to your certificate
  ssl_certificate /etc/nginx/certs/server.crt; 
  # path to your ssl key
  ssl_certificate_key /etc/nginx/certs/server.key; 

  # put the rest of your server configuration here.

  location / {
     # set X-FORWARDED_PROTO so ssl_requirement plugin works
     proxy_set_header X-FORWARDED_PROTO https;

     # standard rails+mongrel configuration goes here.
  }
}

The kicker is the proxy_set_header line—it is crucial to allowing your Rails app to know whether the request was sent over http or https.

You will note that there is no server_name directive—this is because it is impossible to do name-based virtual hosts when doing https. You must have a separate IP address for each ssl host—you can specify which IP address to use (if your machine has multiple assigned IPs) by modifying the the listen directive, e.g. listen 101.102.103.104:443.

On a related note, here at Agora Games we recently launched our first production site running on nginx and Rails!

Addendum (13 June 2007): It is worth noting that Ezra’s excellent nginx configuration includes an ssl section, although it unfortunately lacks the ssl commands themselves.

10 comments »
August 27th, 2006

nginx, Yet Another Rails Deployment Option

by kit

There are a nauseating array of options to choose from when deciding how you’re going to stick your Ruby on Rails application up on a web server. There is no real canonical formula (yet), and depending on your needs, there may be multiple passable options—though none of them are entirely pretty or elegant.

The most common stack for a while was Apache or Lighty using FCGI. The release of Mongrel has completely changed that. Mongrel is in itself a very basic web server, similar to WEBrick. Mongrel is capable of serving up your Rails application over HTTP without FCGI. Unfortunately, it is very limited (can’t host multiple sites, doesn’t have a rewrite library, doesn’t support SSL, etc), so in most cases you’ll have to stick another server out in front of it to handle those things and then proxy Rails requests over to Mongrel. So, the question is, what do you put out in front of Mongrel to proxy requests?

I’m not going to discuss all the options, but if you’re looking for what appears to be (at the moment) a setup that is a breeze to install and will churn out more requests/second than anything else, read on.

Read the rest of this entry
17 comments »