Create and integrate SSL certificate in Rails app Using [ Godaddy + Nginx(1.8) + Puma + Ubuntu Server(14.04 LTS) ]

Login to your server by ssh and then:

  1. Create file YOUR_RAILS_APP_DIRECTORY/config/puma.rb
    Below is puma.rb file content:

    
    
    #!/usr/bin/env puma
    
    directory '/home/ubuntu/YOUR_RAILS_APP_DIRECTORY/public/'
    rackup '/home/ubuntu/YOUR_RAILS_APP_DIRECTORY/config.ru'
    
    environment 'production'
    daemonize true
    
    pidfile '/home/ubuntu/YOUR_RAILS_APP_DIRECTORY/tmp/pids/puma.pid'
    state_path '/home/ubuntu/YOUR_RAILS_APP_DIRECTORY/tmp/pids/puma.state'
    stdout_redirect '/home/ubuntu/YOUR_RAILS_APP_DIRECTORY/log/puma.log'
    threads 2, 5
    bind 'unix:///home/ubuntu/YOUR_RAILS_APP_DIRECTORY/tmp/sockets/puma.sock'
    workers 2
    
  2. Generate CSR certificate

     openssl req -new -newkey rsa:2048 -nodes -keyout SITE_DOMAIN_NAME.key -out SITE_DOMAIN_NAME.csr

    Note: For instance site domain is facebook.com then you will place only facebook.key and facebook.csr

  3. .key file will be used in nginx configurations.
    Copy .csr file’s content and then paste its content to godaddy CSR field.

    After generating ssl certificate using godaddy, download it. Then upload that downloaded zip to Ubuntu Server using scp command.

  4. Unzip the folder there will be two .crt files in it. Chain those files using this command.

    
    cat file_name.crt  file_containing_bundle_in_name.crt > some_name.chained.crt
    

    Note: Place them .chained.crt file in that order that file containing bundle in its name comes after like above command.

  5. The resulting chainned file should be used in the ssl_certificate directive:

    
    server {
        listen              443 ssl;
        server_name         www.example.com;
        ssl_certificate     some_name.chained.crt;
        ssl_certificate_key file_generated_by_openssl_command.key;
        ...
    }
    
  6. Create file /etc/nginx/conf.d/your_app_name.conf

    
    ###########################################SETUP SSL ON NGINX USING PUMA############################
    
    #upstream name should be same name passed in "proxy_pass" option (like in my case 'cuhivetech')
    upstream cuhivetech {
        #puma.sock file will be generated by puma when it will start, you have to bind below mentioned file path in YOUR_APP_PATH/config/puma.rb
            server unix:///home/ubuntu/YOUR_APP_DIRECTORY/tmp/sockets/puma.sock;
    }
    
    #Redirect http requests to https
    server {
        listen 80;
        return 301 https://$host$request_uri;
    }
    # HTTPS server
    server {
        listen 443;
        server_name site_domain.com;
    
        root /home/ubuntu/YOUR_APP_DIRECTORY/public;
            try_files $uri/index.html $uri.html $uri @app;
    
    
        ssl_certificate /home/ubuntu/GODADDY_CERT_DIRECTORY/cuhivetech.chained.crt;
        ssl_certificate_key /home/ubuntu/cuhivetech.key;
    
    
        ssl on;
        ssl_session_cache  builtin:1000  shared:SSL:10m;
        ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
        ssl_prefer_server_ciphers on;
    
    
        proxy_read_timeout  90;
    
    
        location @app {
            proxy_set_header        Host $host;
            proxy_set_header        X-Real-IP $remote_addr;
                  proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
                  proxy_set_header        X-Forwarded-Proto $scheme;
      
                proxy_pass    http://cuhivetech;
                proxy_redirect      http://cuhivetech https://cuhivetech;
          }
    
    
    }
    
  7. Now restart Nginx server using command:

    sudo service nginx restart
  8. Go back to godaddy.com

    • goto domains
    • Click on “Manage DNS” of your specific domain
    • Click on “DNS Zone File”
    • Edit entry in “A (Host)” and add your IP address in “POINTS TO” field.
  9. Now start Web server using command:

    bundle exec puma -C config/puma.rb 
  10. It will take some time to reflect changes. Now You can access site using your domain.

godaddy ssl certificate guide
godaddy request ssl certificate

I am Senior Software Engineer. I love reading, writing, sharing,developing, hiking, movies, trips, mountains, brooks, hills etc.

Tagged with: , , ,
Posted in amazon, DNS, Godaddy, Nginx, production, Puma, Ruby on Rails, Ubuntu
One comment on “Create and integrate SSL certificate in Rails app Using [ Godaddy + Nginx(1.8) + Puma + Ubuntu Server(14.04 LTS) ]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

StackOverFlow
Categories
Archives