My solution was to accept ssl in everything and also serve the assets as ssl assets.
<%
@path = "/etc/nginx/rubber/unicorn_nginx.conf"
%>
upstream unicorn_server {
# This is the socket we configured in unicorn.rb
server unix:/var/run/unicorn.sock
fail_timeout=0;
}
server {
listen <%= rubber_env.unicorn_listen_port %>;
client_max_body_size 4G;
server_name <%= [ rubber_env.domain, rubber_env.web_aliases ].flatten.compact.join(" ") %>;
keepalive_timeout 5;
# Location of our static files
root <%= Rubber.root + "/public" %>;
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
# If you don't find the filename in the static files
# Then request it from the unicorn server
if (!-f $request_filename) {
proxy_pass http://unicorn_server;
break;
}
}
location ~ ^/(assets)/ {
expires 1y;
add_header Cache-Control public;
add_header ETag "";
break;
gzip_static on; # to serve pre-gzipped version
}
# this rewrites all the requests to the maintenance.html
# page if it exists in the doc root. This is for capistrano's
# disable web task
if (-f $document_root/system/maintenance.html)
{
rewrite ^(.*)$ /system/maintenance.html last;
break;
}
error_page 500 502 503 504 /500.html;
location = /500.html
{
root <%= Rubber.root + "/public" %>;
}
error_page 404 /404.html;
location = /404.html
{
root <%= Rubber.root + "/public" %>;
}
}
server {
listen 443 ssl;
ssl_certificate /etc/ssl/certs/server.crt;
ssl_certificate_key /etc/ssl/private/server.pem;
ssl_session_cache shared:SSL:10m;
client_max_body_size 4G;
server_name <%= [ rubber_env.domain, rubber_env.web_aliases ].flatten.compact.join(" ") %>;
keepalive_timeout 5;
# Location of our static files
root <%= Rubber.root + "/public" %>;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://unicorn_server;
}
location ^~ /assets/ {
gzip_static on;
expires max;
add_header Cache-Control public;
}
# this rewrites all the requests to the maintenance.html
# page if it exists in the doc root. This is for capistrano's
# disable web task
if (-f $document_root/system/maintenance.html)
{
rewrite ^(.*)$ /system/maintenance.html last;
break;
}
error_page 500 502 503 504 /500.html;
location = /500.html
{
root <%= Rubber.root + "/public" %>;
}
error_page 404 /404.html;
location = /404.html
{
root <%= Rubber.root + "/public" %>;
}
}