Any resources?

Hi,

first off, wanted to congratulate (spelled correctly?) ruby-forum for
opening this new ‘Rails - deployment’ forum; it’s been long on my list
of “the-sun-will-shine” list and so congrats for the new step up. :slight_smile:

pretty simple question i should think, but does anyone know of some link
/ resource / blog explaing using https:// with nginx and mongrel
clusters? i understood that even if i passed some ssh_module via nginx,
i still need to config mongrel as well (?) … does anyone know of some
good place to learn to do this?

tia,

s

On 2/1/07, harper [email protected] wrote:

Hi,

first off, wanted to congratulate (spelled correctly?) ruby-forum for
opening this new ‘Rails - deployment’ forum; it’s been long on my list
of “the-sun-will-shine” list and so congrats for the new step up. :slight_smile:

Credit should really go to Robby at Planet Argon for starting the
Google Group :slight_smile:

pretty simple question i should think, but does anyone know of some link
/ resource / blog explaing using https:// with nginx and mongrel
clusters? i understood that even if i passed some ssh_module via nginx,
i still need to config mongrel as well (?) … does anyone know of some
good place to learn to do this?

Mongrel doesn’t know/care what SSL is. There’s nothing to configure
on that end.


Rick O.
http://weblog.techno-weenie.net
http://mephistoblog.com

On Feb 2, 12:01 am, harper [email protected] wrote:

pretty simple question i should think, but does anyone know of some link
/ resource / blog explaing using https:// with nginx and mongrel
clusters?

I’m trying to keep some up-to-date nginx information on [
http://zh.stikipad.com/notes/show/nginx ]. There are also links to ML,
Wiki, articles etc. Maybe will help you.

Harper,

This should help you:

  • Typical Configurations Overview For Nginx HTTP(S) Reverse Proxy/Web
    No Mongrel stuff but the “Using nginx as https-enabled web server” and
    “Using nginx as reverse-proxy server before some another web-serve”
    should do it, remember that Mongrel is just a web server.
    Serverhttp://blog.kovyrin.net/2006/04/17/typical-nginx-configurations/

  • Using Tracd with Nginx in Cluster Mode
    No Rails Stuff but it has a recipe for “Nginx + SSL”
    http://trac.edgewall.org/wiki/TracNginxRecipe

  • nginx + ssl + rails
    http://notrocketsurgery.com/articles/2006/11/02/ngnix-ssl-rails

  • New Nginx.conf with optimizations

From the Nginx - Rails Guru Ezra, “This conf also includes a second
vhost for ssl that points to the same mongrel cluster so you can
hanlde ssl and non ssl with the same cluster and rails request.ssl?
helper will work correctly.”
http://brainspl.at/articles/2007/01/03/new-nginx-conf-with-optimizations

And I have read that list of nginx has a really good support, but
haven’t tried myself.


Aníbal Rojas
http://www.rubycorner.com
http://www.hasmanydevelopers.com

hi all && many thanks.

very helpful. i’ve already managed to raise the whole app i need to ssl,
so that all of the content in my site (as well as the store partion,
which is really the only part in ssl i need) is in the https protocol.

thing is, i’ve just learned that ssl works according to the ip of the
server, and not the server_name; this is fine, except, i’m running
six-seven rails apps on the same server (one ip) [#vhosts#] and so
whenever i do https://one-of-these-apps/ it redirects to the specific
app i put the ssl_configuration into.

example -->

http://www.octava.co.il/ # goes to octava (good)
https://www.achia.co.il/ # goes to achia in ssl (good)
https://www.octava.co.il/ # goes to achia in ssl (bad)

this is a broader problem of the fact that i’d like to confine the
https:// to a certain part of the application (only the store partion,
not the content part) and not according to the whole app. (certainly not
according to the whole ip of the server either).

so if i have a mongrel instance running on /var/www/achia, how do i
setup the nginx.conf to give https support only to the store portion of
the app and NOT to any other parts of the app / other apps on the
server? (i.e, only part of the controllers in the achia app).

either way, thanks for all the above help.
oh, and thanks to [email protected] good catch.

-s

Hi Harper,

The easiest (and probably best) solution would be to get a second IP
for your box, and switch your non-ssl sites to it.

As for confining ssl to certain sections of your site, it’s probably
best done through your application. Write a before_filter that checks
to see if the request is using ssl, and redirect if appropriate.

Ex:

before_filter :redirect_to_ssl

def redirect_to_ssl
if(request.env[‘HTTPS’] != “ON”)
redirect_to request.env[‘REQUEST_URI’].sub(/^http/i, “https”)
end
end

before_filter :no_ssl

def no_ssl
if(request.env[‘HTTPS’] == “ON”)
redirect_to request.env[‘REQUEST_URI’].sub(/^https/i, “http”)
end
end

– Wes

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs