一、申请 https 证书
使用免费的 Let's encrypt, 参考:https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04
二、rails 项目配置 config/environments/production.rb
config.action_cable.url ="wss://www.example.com/cable”
config.action_cable.allowed_request_origins = [ "http://www.example.com", "https://www.example.com" ]
三、服务器上nginx配置 nginx/example.com.conf
# 环境:nginx + puma + rails + action cable
upstream example {
server unix:///var/www/example/shared/tmp/sockets/puma.sock fail_timeout=0;
}
server {
listen 80;
listen 443 ssl;
server_name example.com;
root /var/www/example/current/public;
access_log /var/www/example/shared/log/nginx_access.log;
error_log /var/www/example/shared/log/nginx_error.log;
ssl on;
#listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
location ^~ /assets/ {
gzip_static on;
expires max;
add_header Cache-Control public;
}
location /cable {
proxy_pass http://example/cable;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
}
location ~ ^/(uploads)/ {
expires max;
break;
}
try_files $uri/index.html $uri @example;
location @example {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect off;
proxy_pass http://example;
}
error_page 500 502 503 504 /500.html;
client_max_body_size 20M;
keepalive_timeout 10;
}
参考:
http://railscasts.com/episodes/357-adding-ssl?view=asciicast
https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04
https://www.pluralsight.com/guides/ruby-ruby-on-rails/using-https-with-ruby-on-rails
https://certbot.eff.org/docs/using.html#getting-certificates-and-choosing-plugins