Nginx gotchas when used with Capistrano and SSL certificates


A couple of weeks ago, I was helping release a Rails app which requires SSL support and load balancing. The app runs on Unicorn, uses Nginx as a load balancer and Capistrano for deployment. In this post, I’ll describe the tips and tricks that I found a long the way.

First off, make sure you don’t have this line in your deploy.rb:

set :server_list, lambda { [fetch(:app_server)] }

Otherwise, Nginx won’t start

To verify that Nginx is running, do ‘ps -elf | grep nginx’, or look into the response header

Secondly, make sure that you have

proxy_set_header X_FORWARDED_PROTO https

Otherwise, you will run into an endless redirect loop which make your site inaccessible

Make sure that you have

server_name domain.com *.domain.com

Otherwise any request to page.domain.com will be redirected to http://.domain.com (yes this was shown in my browser address bar)

To ensure that you can grab the IP address of the client connecting to your site (and not your server instance), you need

proxy_set_header X-Real-OP $remote_addr

In order to support both ‘http’ and ‘https’, you should have these lines in the location /

Advertisements