一、申請 https 證書
使用免費的 Let's encrypt, 參考:https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04
二、rails 項目配置 config/environments/production.rb
config.action_cable.url ="wss://www.example.com/cable”
config.action_cable.allowed_request_origins = [ "http://www.example.com", "https://www.example.com" ]
三、服務器上nginx配置 nginx/example.com.conf
# 環境:nginx + puma + rails + action cable
upstream example {
? server unix:///var/www/example/shared/tmp/sockets/puma.sock fail_timeout=0;
}
server {
? listen 80;
? listen 443 ssl;
? server_name example.com;
? root /var/www/example/current/public;
? access_log /var/www/example/shared/log/nginx_access.log;
? error_log /var/www/example/shared/log/nginx_error.log;
? ssl on;
? #listen 443 ssl; # managed by Certbot
? ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
? ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
? include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
? location ^~ /assets/ {
? ? gzip_static on;
? ? expires max;
? ? add_header Cache-Control public;
? }
? location /cable {
? ? proxy_pass http://example/cable;
? ? proxy_http_version 1.1;
? ? proxy_set_header Upgrade $http_upgrade;
? ? proxy_set_header Connection "Upgrade";
? ? proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
? ? proxy_set_header Host $http_host;
? ? proxy_set_header X-Real-IP $remote_addr;
? ? proxy_set_header X-Forwarded-Proto https;
? ? proxy_redirect off;
}
? location ~ ^/(uploads)/??{
? ? expires max;
? ? break;
? }
try_files $uri/index.html $uri @example;
location @example {
? ? proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
? ? proxy_set_header Host $http_host;
? ? proxy_set_header X-Forwarded-Proto $scheme;
? ? proxy_redirect off;
? proxy_pass http://example;
? }
? error_page 500 502 503 504 /500.html;
? client_max_body_size 20M;
? keepalive_timeout 10;
}
參考:
http://railscasts.com/episodes/357-adding-ssl?view=asciicast
https://www.pluralsight.com/guides/ruby-ruby-on-rails/using-https-with-ruby-on-rails
https://certbot.eff.org/docs/using.html#getting-certificates-and-choosing-plugins
