JustinBKay.org

This week I decided to buy an ssl certificate to start using with one of my websites. The site is running Rails 2.1.1, behind nginx as a reverse proxy. It was a learning experience to be sure and I'll try to document some of the steps that I had to take to get it working.

The first trick was getting the ca-bundle.crt file to be served by nginx. This is the intermediate ca file that allows browsers to recognize your certificate authority. The trick is to concatonate your certificate file and the ca-bundle.crt file and then place them on the webserver. I found that tidbit here. With Apache, you have a server directive for the ca-bundle file so this step is not necessary.

The next trick was to get nginx to let the rails app know what protocol was being used when requests came in using ssl. The magic is this line in the nginx.conf file

 proxy_set_header X-FORWARDED_PROTO https; 

You also need to install the ssl_requirement plugin: ruby script/plugin install ssl_requirement. Which you can read about here.

Last, but not least, you need to tell nginx to turn on ssl and let it know where your certificates are, which is documented here.

That should about get you going with nginx, rails, and 3rd party ssl certificates.