rails 项目搭建 https

一、申请 https 证书

使用免费的 Let's encrypt, 参考:https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04

二、rails 项目配置 config/environments/production.rb

config.action_cable.url ="wss://www.example.com/cable”

config.action_cable.allowed_request_origins = [ "http://www.example.com", "https://www.example.com" ]

三、服务器上nginx配置 nginx/example.com.conf

# 环境:nginx + puma + rails + action cable

upstream example {

  server unix:///var/www/example/shared/tmp/sockets/puma.sock fail_timeout=0;

}

server {

  listen 80;

  listen 443 ssl;

  server_name example.com;

  root /var/www/example/current/public;

  access_log /var/www/example/shared/log/nginx_access.log;

  error_log /var/www/example/shared/log/nginx_error.log;

  ssl on;

  #listen 443 ssl; # managed by Certbot

  ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot

  ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot

  include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot

  location ^~ /assets/ {

    gzip_static on;

    expires max;

    add_header Cache-Control public;

  }

  location /cable {

    proxy_pass http://example/cable;

    proxy_http_version 1.1;

    proxy_set_header Upgrade $http_upgrade;

    proxy_set_header Connection "Upgrade";

    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    proxy_set_header Host $http_host;

    proxy_set_header X-Real-IP $remote_addr;

    proxy_set_header X-Forwarded-Proto https;

    proxy_redirect off;

}

  location ~ ^/(uploads)/  {

    expires max;

    break;

  }

try_files $uri/index.html $uri @example;

location @example {

    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    proxy_set_header Host $http_host;

    proxy_set_header X-Forwarded-Proto $scheme;

    proxy_redirect off;

  proxy_pass http://example;

  }

  error_page 500 502 503 504 /500.html;

  client_max_body_size 20M;

  keepalive_timeout 10;

}


参考:

http://railscasts.com/episodes/357-adding-ssl?view=asciicast

https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04

https://www.pluralsight.com/guides/ruby-ruby-on-rails/using-https-with-ruby-on-rails

https://certbot.eff.org/docs/using.html#getting-certificates-and-choosing-plugins

你可能感兴趣的:(rails 项目搭建 https)