Tag Archives: ssl

Adding SSL to a Rails Application

Adding SSL to a new or existing Rails application isn’t really that difficult. If the website exists for a while and you want to move to https, then you must properly redirect (301) visitors to the new url. If it’s a new website, then it’s probably a good idea to use SSL from the start. (it’s must if you collect any kind of sensitive data from the users)

Assumptions : It’s a Rails 4 app, running with nginx, passenger and Ubuntu 14.04 Server. (preferably on VPS, or somehow you should be able to update nginx configs and so). For SSL certificate, I would recommend Comodo PositiveSSL Certificate from NameCheap @ $9 a year, unless you’ve a good reason to spend more on that.

SSL Setup

First, generate a key and then CSR for buying a SSL certificate. Enter the required info as required. Watch out for Common Name / FQDN field, it must match with the domain (in this case : example.com).

openssl genrsa -out example.com.key 2048
openssl req -new -key example.com.key -out example.com.csr

Then copy the content of above csr file to your clipboard (use xclip, a command line utility) and paste that into SSL order form.

xclip -sel clip < path_to_your_csr_directory/example.com.csr

Next, you’ll receive a confirmation email. After confirming that, they will email you the certificate. (usually within few hours)

Once you receive the ssl certificate (usually in *.zip format), extract the zip file (containing certificates) and concatenate them in right order to get a single certificate file.

cat www_example_com.crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > ssl-bundle.crt

Now, you need to upload these two files – ssl-bundle.crt and example.com.key (the private key, generated earlier) to the server. (use scp. e.g scp target_file user@server_ip:file_name)

Preparing Rails for SSL

Enable SSL in production mode, by updating the config/environments/production.rb file.

config.force_ssl = true

And you also need to make sure all the external resources (e.g fonts, images, css, js etc) are loaded securely over https only.

Nginx setup

Login to VPS/Server and create/update your nginx config for ssl.

sudo nano /etc/nginx/sites-available/example.com

A sample nginx config for Rails Application.

Now, enable that nginx config and reload the server.

sudo ln -s /etc/nginx/sites-available/example.com /etc/nginx/sites-enabled/example.com
sudo service nginx reload