Uncategorized

Sample nginx (with Phusion Passenger) configuration file to enable SSL

Read my earlier post if you want Phusion Passenger to compile nginx with SSL support. If your nginx server already supports SSL, read on.

Phusion Passenger fills up most of the configuration in nginx.conf for you with a nice set of defaults. You just have to do a little more work if you want to modify the nginx configuration file to enable SSL on your site.

The first thing to do is purchase a SSL certificate and install it on your server. If you don’t know how, here’s a great post on installing SSL on Ubuntu with nginx. Once you’ve installed the certificate, you should be good to go.

Let’s say that you’ve got a domain name called mydomain.com and the root for your Ruby on Rails application is located at /home/mydomain/current/public on your server. The following shows a sample of the configuration required to get SSL enabled for your application:

server  {
    	       listen 80;
               server_name mydomain.com;
               root /home/mydomain/current/public;
               passenger_enabled on;
               rails_env production;
        }

# HTTPS server
server  {
               listen 443;
               server_name mydomain.com;
               root /home/mydomain/current/public;
               passenger_enabled on;
               rails_env production;

               ssl on;
               ssl_certificate /etc/ssl/certs/mydomain.com.crt;
               ssl_certificate_key /etc/ssl/private/mydomain.com.key;

               ssl_session_timeout  5m;
        }
Uncategorized

Getting Phusion Passenger to install nginx with SSL support

Phusion Passenger or mod_rails has taken away almost all the pain once associated with deploying Ruby on Rails applications. Phusion Passenger recently added support for the nginx web server.  My application required SSL support, but Phusion Passenger does not by default compile nginx with SSL support. I’m new to System Administration and even newer to Unix, having used Windows Servers all my life, so I decided to document my steps to make it easier for others with the same problem.

Download and unzip the source code for OpenSSL

Make sure to visit OpenSSL to determine the name of the latest source code tarball to download. In my case it was openssl-1.0.0-beta3.tar.gz

cd /tmp
wget http://www.openssl.org/source/openssl-1.0.0-beta3.tar.gz
tar -xvzf openssl-1.0.0-beta3.tar.gz

Download and unzip the source code for nginx

Make sure to visit nginx to determine the name of the latest source code tarball to download. In my case it was nginx-0.8.14.tar.gz

wget http://sysoev.ru/nginx/nginx-0.8.14.tar.gz
tar zxf nginx-0.8.14.tar.gz

Install and run Phusion Passenger

gem install passenger
passenger-install-nginx-module
  • Watch Phusion Passenger do its thing and when it asks you “Automatically download and install Nginx?”, answer 2
  • Specify the directory where you unzipped the nginx source code (/tmp/nginx-0.8.14 in my case)
  • Specify the directory where you want to install nginx to (/opt/nginx in my case)
  • When asked “Extra arguments to pass to configure script:”, reply with:
--with-http_ssl_module --with-openssl=/tmp/openssl-1.0.0-beta3

Keep in mind that if you downloaded the latest version of the source code, your values might be slightly different from mine.

That’s it! I’ve also posted a sample configuration file for nginx to enable SSL.