Permission denied to Rails when accessing app through https

June 4, 2014 2.1k views
Hello, I am trying to get my Rails 4 working with SSL. I retrieved an SSL certificate from StartSSL.com and the installation on the server seems to have been successful. However, I can't get my app to work with https. It only works with http at this moment. When I try to access it in the browser through https I am getting this error: 2014/06/04 18:05:56 [error] 23306#0: *3 "/home/rails/public/index.html" is forbidden (13: Permission denied), client:, server: myapp.com, request: "GET / HTTP/1.0", host: "myapp.com" This would be my NGINX configuration file in /etc/nginx/nginx.conf: user www-data; worker_processes 4; pid /var/run/nginx.pid; events { worker_connections 1024; } http { sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; server_tokens off; server_names_hash_bucket_size 64; include /etc/nginx/mime.types; default_type application/octet-stream; access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log; gzip on; gzip_disable "msie6"; gzip_types text/plain text/xml text/css text/comma-separated-values; upstream app_server { server fail_timeout=0; } include /etc/nginx/conf.d/*.conf; include /etc/nginx/sites-enabled/*; server { listen 80; server_name myapp.com; rewrite ^ https://$server_name$request_uri? permanent; } server { listen 443; server_name myapp.com; root /home/rails/public; ssl on; ssl_certificate /etc/ssl/myapp.com.crt; ssl_certificate_key /etc/ssl/myapp.com.key; } } What am I missing here and how can this be fixed?
2 Answers
Hi Timo,

How are you running the app? Are you using Unicorn, Passenger, or something similar? You have an upstream set but no proxy_pass. You probably need to adjust the server block listening on 443 to act as a reverse proxy for what ever is acting as an upstream server. Something like:

server {
listen 443;
server_name myapp.com;
root /home/rails/public;
index index.htm index.html;

ssl on;
ssl_certificate /etc/ssl/myapp.com.crt;
ssl_certificate_key /etc/ssl/myapp.com.key;

location / {
try_files $uri/index.html $uri.html $uri @app;

location @app {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://app_server;
That's it, thank you! Yes, you guessed right. I am using Unicorn and NginX.
Have another answer? Share your knowledge.