Question

Permission denied to Rails when accessing app through https

Posted June 4, 2014 4.1k views
Hello, I am trying to get my Rails 4 working with SSL. I retrieved an SSL certificate from StartSSL.com and the installation on the server seems to have been successful. However, I can't get my app to work with https. It only works with http at this moment. When I try to access it in the browser through https I am getting this error: 2014/06/04 18:05:56 [error] 23306#0: *3 "/home/rails/public/index.html" is forbidden (13: Permission denied), client: 23.251.149.69, server: myapp.com, request: "GET / HTTP/1.0", host: "myapp.com" This would be my NGINX configuration file in /etc/nginx/nginx.conf: user www-data; worker_processes 4; pid /var/run/nginx.pid; events { worker_connections 1024; } http { sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; server_tokens off; server_names_hash_bucket_size 64; include /etc/nginx/mime.types; default_type application/octet-stream; access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log; gzip on; gzip_disable "msie6"; gzip_types text/plain text/xml text/css text/comma-separated-values; upstream app_server { server 127.0.0.1:8080 fail_timeout=0; } include /etc/nginx/conf.d/*.conf; include /etc/nginx/sites-enabled/*; server { listen 80; server_name myapp.com; rewrite ^ https://$server_name$request_uri? permanent; } server { listen 443; server_name myapp.com; root /home/rails/public; ssl on; ssl_certificate /etc/ssl/myapp.com.crt; ssl_certificate_key /etc/ssl/myapp.com.key; } } What am I missing here and how can this be fixed?

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

2 answers
Hi Timo,

How are you running the app? Are you using Unicorn, Passenger, or something similar? You have an upstream set but no proxy_pass. You probably need to adjust the server block listening on 443 to act as a reverse proxy for what ever is acting as an upstream server. Something like:


server {
listen 443;
server_name myapp.com;
root /home/rails/public;
index index.htm index.html;

ssl on;
ssl_certificate /etc/ssl/myapp.com.crt;
ssl_certificate_key /etc/ssl/myapp.com.key;

location / {
try_files $uri/index.html $uri.html $uri @app;
}

location @app {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://app_server;
}
}
That's it, thank you! Yes, you guessed right. I am using Unicorn and NginX.
Submit an Answer