Home  >  Article  >  Backend Development  >  Add https support to the site

Add https support to the site

WBOY
WBOYOriginal
2016-08-08 09:29:401080browse
This article is quoted from http://blog.linjunhalida.com/blog/using-https-for-rails/
https is an encryption protocol for http, which can ensure the communication data during the user's access to the website It is encrypted, which prevents third-party monitoring and protects user privacy. Here is a summary of how to add https support to Rails. First of all, assuming that your rails is already running at http://yourserver.com, the server is ubuntu, and the local access method is 127.0.0.1:8787, then you need to use nginx to provide it https service. First install nginx and openssl:
<codeandale mono console new font-style:inherit font-variant:inherit font-weight:inherit line-height:inherit vertical-align:baseline>sudo apt-get install nginx openssl
</codeandale>
Generate the server’s secret public key:
<codeandale mono console new font-style:inherit font-variant:inherit font-weight:inherit line-height:inherit vertical-align:baseline>openssl req -new -nodes -keyout server.key -out server.csr
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
</codeandale>
Explanation of several generated files:
  • server.key The server’s private key.
  • server.csr (certificate signing request) https certificate signing request.
  • server.crt generated server certificate.
  • Then with these files, we can configure the nginx service.

    Generate nginx configuration file:

    <codeandale mono console new font-style:inherit font-variant:inherit font-weight:inherit line-height:inherit vertical-align:baseline>sudo touch /etc/nginx/sites-available/yourserver
    sudo ln -s /etc/nginx/sites-available/yourserver /etc/nginx/sites-enabled
    sudo vi /etc/nginx/sites-available/yourserver
    </codeandale>

    里面的内容:

    <span>1</span><span>2</span><span>3</span><span>4</span><span>5</span><span>6</span><span>7</span><span>8</span><span>9</span><span>10</span><span>11</span><span>12</span><span>13</span><span>14</span><span>15</span><span>16</span><span>17</span><span>18</span><span>19</span><span>20</span><span>21</span><span>22</span><span>23</span><span>24</span><span>25</span>
    <codeandale mono console new background:rgb><span><span>upstream unicorn {
    </span><span>  server 127.0.0.1:8787 fail_timeout=0;
    </span><span>}
    </span><span>server {
    </span><span>  listen       443;
    </span><span>  server_name  yourserver.com;
    </span><span></span><span>  ssl                  on;
    </span><span>  ssl_certificate      yourpath/server.crt;
    </span><span>  ssl_certificate_key  yourpath/server.key;
    </span><span></span><span>  ssl_session_timeout  5m;
    </span><span></span><span>  ssl_protocols  SSLv2 SSLv3 TLSv1;
    </span><span>  ssl_ciphers  HIGH:!aNULL:!MD5;
    </span><span>  ssl_prefer_server_ciphers   on;
    </span><span></span><span>  location / {
    </span><span>      proxy_set_header Host $host;
    </span><span>      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    </span><span>      proxy_set_header X-Forwarded-Proto https;
    </span><span>      proxy_redirect off;
    </span><span>      proxy_pass http://localserver;
    </span><span>  }
    </span><span>}</span></span></codeandale>

    需要修改里面的server_name,yourpath。

    然后重新启动nginx:

    <codeandale mono console new font-style:inherit font-variant:inherit font-weight:inherit line-height:inherit vertical-align:baseline>sudo service nginx restart
    </codeandale>

    如果没有报错,那么你就可以通过https://yourserver.com来访问你的网站了。

    不过,浏览器会阻止你继续访问,或者需要你的确认。 浏览器会保存一份可信网站的列表,你的服务器加密是自己生成的,不在里面。 如果你的网站是商用的,最好去注册一下。这里有一个指引。

    引用资料:

    • railscast

    Posted by 机械唯物主义 Mar 24th, 2013  rails


    以上就介绍了给站点加上https支持,包括了方面的内容,希望对PHP教程有兴趣的朋友有所帮助。

    Statement:
    The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn