ruby on rails - serve ssl webpage via nginx, ssl_error_rx_record_too_long -
please me: there wrong in virtual.conf nginx conf file means when viewing site, error ssl_error_rx_record_too_long rather being able view site. using aws, nginx serve rails apps - working yesterday, crashed entire server , frantically trying fix @ 2am, ready production @ 9:30am.
ssl_certificate /etc/ssl/star_my_site.pem; ssl_certificate_key /etc/ssl/star_my_site.key; # ------------------ # rails app 1 # ------------------ upstream my_app { server unix:///var/run/puma/my_app.sock; } server { listen 80; # server_name rails_app_one.my_site.com.au www.rails_app_one.my_site.com.au; server_name _ localhost; return 301 https://rails_app_one.my_site.com.au; } server { listen 443; server_name _ localhost; location / { proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for; proxy_set_header x-forwarded-proto https; proxy_set_header host $http_host; proxy_redirect off; proxy_pass http://my_app; } location ~ "^/assets/" { root /var/app/current/public; gzip_static on; expires max; add_header cache-control public; } } # ------------------ # rails app 2 # ------------------ upstream rails_app_two_app { server unix:///var/run/puma/rails_app_two_app.sock; } server { listen 80; server_name rails_app_two.my_site.com.au www.rails_app_two.my_site.com.au; return 301 https://rails_app_two.my_site.com.au; } server { listen 443; server_name rails_app_two.my_site.com.au; location / { proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for; proxy_set_header x-forwarded-proto https; proxy_set_header host $http_host; proxy_redirect off; proxy_pass http://rails_app_two_app; } location ~ "^/assets/" { root /var/app/rails_app_two.my_site.com.au/current/public; gzip_static on; expires max; add_header cache-control public; } }
ssl_error_rx_record_too_long means server returning plain http content when browser expecting https content. (you can verify going http://your.site:443 , seeing site.)
you need enable ssl in nginx - declaring ssl_certificate isn't enough.
change listen 443; listen 443 ssl;
(also, i'd suggest putting ssl_certificate in server block, can use different ssl certs other domains.)
edit: https://serverfault.com/questions/497430/error-code-ssl-error-rx-record-too-long has exact same issue, found before 9am production release!
Comments
Post a Comment