first off, wanted to congratulate (spelled correctly?) ruby-forum for
opening this new ‘Rails - deployment’ forum; it’s been long on my list
of “the-sun-will-shine” list and so congrats for the new step up.
pretty simple question i should think, but does anyone know of some link
/ resource / blog explaing using https:// with nginx and mongrel
clusters? i understood that even if i passed some ssh_module via nginx,
i still need to config mongrel as well (?) … does anyone know of some
good place to learn to do this?
first off, wanted to congratulate (spelled correctly?) ruby-forum for
opening this new ‘Rails - deployment’ forum; it’s been long on my list
of “the-sun-will-shine” list and so congrats for the new step up.
Credit should really go to Robby at Planet Argon for starting the
Google Group
pretty simple question i should think, but does anyone know of some link
/ resource / blog explaing using https:// with nginx and mongrel
clusters? i understood that even if i passed some ssh_module via nginx,
i still need to config mongrel as well (?) … does anyone know of some
good place to learn to do this?
Mongrel doesn’t know/care what SSL is. There’s nothing to configure
on that end.
pretty simple question i should think, but does anyone know of some link
/ resource / blog explaing using https:// with nginx and mongrel
clusters?
I’m trying to keep some up-to-date nginx information on [ http://zh.stikipad.com/notes/show/nginx ]. There are also links to ML,
Wiki, articles etc. Maybe will help you.
Typical Configurations Overview For Nginx HTTP(S) Reverse Proxy/Web
No Mongrel stuff but the “Using nginx as https-enabled web server” and
“Using nginx as reverse-proxy server before some another web-serve”
should do it, remember that Mongrel is just a web server.
Serverhttp://blog.kovyrin.net/2006/04/17/typical-nginx-configurations/
From the Nginx - Rails Guru Ezra, “This conf also includes a second
vhost for ssl that points to the same mongrel cluster so you can
hanlde ssl and non ssl with the same cluster and rails request.ssl?
helper will work correctly.” Ruby on Rails Blog / What is Ruby on Rails for?
And I have read that list of nginx has a really good support, but
haven’t tried myself.
very helpful. i’ve already managed to raise the whole app i need to ssl,
so that all of the content in my site (as well as the store partion,
which is really the only part in ssl i need) is in the https protocol.
thing is, i’ve just learned that ssl works according to the ip of the
server, and not the server_name; this is fine, except, i’m running
six-seven rails apps on the same server (one ip) [#vhosts#] and so
whenever i do https://one-of-these-apps/ it redirects to the specific
app i put the ssl_configuration into.
this is a broader problem of the fact that i’d like to confine the
https:// to a certain part of the application (only the store partion,
not the content part) and not according to the whole app. (certainly not
according to the whole ip of the server either).
so if i have a mongrel instance running on /var/www/achia, how do i
setup the nginx.conf to give https support only to the store portion of
the app and NOT to any other parts of the app / other apps on the
server? (i.e, only part of the controllers in the achia app).
either way, thanks for all the above help.
oh, and thanks to Robby@Planet-Argon. good catch.
The easiest (and probably best) solution would be to get a second IP
for your box, and switch your non-ssl sites to it.
As for confining ssl to certain sections of your site, it’s probably
best done through your application. Write a before_filter that checks
to see if the request is using ssl, and redirect if appropriate.
Ex:
before_filter :redirect_to_ssl
def redirect_to_ssl
if(request.env[‘HTTPS’] != “ON”)
redirect_to request.env[‘REQUEST_URI’].sub(/^http/i, “https”)
end
end
before_filter :no_ssl
def no_ssl
if(request.env[‘HTTPS’] == “ON”)
redirect_to request.env[‘REQUEST_URI’].sub(/^https/i, “http”)
end
end
– Wes
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.
