Haproxy + Nginx + Unicorn - Not serving static assets with SSL

StackOverflow https://stackoverflow.com/questions/16471533

Question

I was trying to make my Rails website serve all the web-pages and assets with both, http or https, but what happens is that when I enter in https mode it is being redirected to http and the assets are never served with as https protocol.

My nginx configuration is the following one:

server {
  listen <%= rubber_env.unicorn_listen_port %>;
  listen 443 ssl;

  ssl_certificate       /etc/ssl/certs/server.crt;
  ssl_certificate_key   /etc/ssl/private/server.key;
  ssl_session_cache     shared:SSL:10m;

  client_max_body_size 4G;
  server_name <%= [ rubber_env.domain, rubber_env.web_aliases ].flatten.compact.join(" ") %>;

  keepalive_timeout 5;

  # Location of our static files
  root <%= Rubber.root + "/public" %>;

  location / {
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_redirect off;

    # If you don't find the filename in the static files
    # Then request it from the unicorn server
    if (!-f $request_filename) {
      proxy_pass http://unicorn_server;
      break;
    }
  }

  location ~ ^/(assets)/  {
    expires 1y;
    add_header Cache-Control public;

    add_header ETag "";
    break;
    gzip_static on; # to serve pre-gzipped version
  }

    # this rewrites all the requests to the maintenance.html
    # page if it exists in the doc root. This is for capistrano's
    # disable web task
    if (-f $document_root/system/maintenance.html)
    {
      rewrite  ^(.*)$  /system/maintenance.html last;
      break;
    }

    error_page   500 502 503 504  /500.html;
    location = /500.html
    {
      root <%= Rubber.root + "/public" %>;
    }
    error_page 404  /404.html;
    location = /404.html
    {
      root <%= Rubber.root + "/public" %>;
    }
}

It would be better if I could serve the static assets with nginx in https or http, but if it is not possible, I can serve them with Rails and pay the performance penalty, since this will only be used in the bookmarklet that we are creating.

Do you know how to make this nginx config works with ssl serving the assets?

If you need I can add the unicorn and haproxy configuration too.

Thank you!

Was it helpful?

Solution

My solution was to accept ssl in everything and also serve the assets as ssl assets.

<%
  @path = "/etc/nginx/rubber/unicorn_nginx.conf"
%>


upstream unicorn_server {
 # This is the socket we configured in unicorn.rb
 server unix:/var/run/unicorn.sock
 fail_timeout=0;
}

server {
  listen <%= rubber_env.unicorn_listen_port %>;

  client_max_body_size 4G;
  server_name <%= [ rubber_env.domain, rubber_env.web_aliases ].flatten.compact.join(" ") %>;

  keepalive_timeout 5;

  # Location of our static files
  root <%= Rubber.root + "/public" %>;

  location / {
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_redirect off;

    # If you don't find the filename in the static files
    # Then request it from the unicorn server
    if (!-f $request_filename) {
      proxy_pass http://unicorn_server;
      break;
    }
  }

  location ~ ^/(assets)/  {
    expires 1y;
    add_header Cache-Control public;

    add_header ETag "";
    break;
    gzip_static on; # to serve pre-gzipped version
  }

    # this rewrites all the requests to the maintenance.html
    # page if it exists in the doc root. This is for capistrano's
    # disable web task
    if (-f $document_root/system/maintenance.html)
    {
      rewrite  ^(.*)$  /system/maintenance.html last;
      break;
    }

    error_page   500 502 503 504  /500.html;
    location = /500.html
    {
      root <%= Rubber.root + "/public" %>;
    }
    error_page 404  /404.html;
    location = /404.html
    {
      root <%= Rubber.root + "/public" %>;
    }
}

server {
  listen 443 ssl;

  ssl_certificate       /etc/ssl/certs/server.crt;
  ssl_certificate_key   /etc/ssl/private/server.pem;
  ssl_session_cache     shared:SSL:10m;

  client_max_body_size 4G;
  server_name <%= [ rubber_env.domain, rubber_env.web_aliases ].flatten.compact.join(" ") %>;

  keepalive_timeout 5;

  # Location of our static files
  root <%= Rubber.root + "/public" %>;

  location / {
    proxy_set_header  X-Real-IP       $remote_addr;
    proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header  X-Forwarded-Proto https;
    proxy_set_header  Host $http_host;
    proxy_redirect    off;
    proxy_pass        http://unicorn_server;
  }

  location ^~ /assets/ {
    gzip_static on;
    expires max;
    add_header Cache-Control public;
  }  

  # this rewrites all the requests to the maintenance.html
  # page if it exists in the doc root. This is for capistrano's
  # disable web task
  if (-f $document_root/system/maintenance.html)
  {
    rewrite  ^(.*)$  /system/maintenance.html last;
    break;
  }

  error_page   500 502 503 504  /500.html;
  location = /500.html
  {
    root <%= Rubber.root + "/public" %>;
  }
  error_page 404  /404.html;
  location = /404.html
  {
    root <%= Rubber.root + "/public" %>;
  }
}
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top