Running Puma with SSL and Nginx

Question

I have Angular apps running on a Rails API.

• Web Server: Nginx
• App Server: Puma
• SSL Certificate: LetsEncrypt
• Hosted on: AWS EC2 running Ubuntu 16.04.3 LTS

I am able to serve my Angular apps with SSL but I am having issues with running the Rails API on SSL. In production.rb, I have added config.force_ssl = true. I run the Rails server using RAILS_ENV=production rails server --binding=*public ip of instance*. Here is my nginx config file for the api:

upstream app{
    server localhost:3000;
}
server {
    listen 80;
    listen [::]:80;

    server_name api.domain.com;
    return 302 https://$server_name$request_uri;
}
server{

    #SSL Configuration

    listen 443 ssl;
    listen [::]:443 ssl;
    include snippets/snakeoil.conf;

    server_name api.domain.com;
    location / {
            proxy_pass https://app;
            proxy_set_header Host $host;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}

And this is the snakeoil.conf file that I have included:

ssl_certificate /etc/letsencrypt/live/www.domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.domain.com/privkey.pem;

When I make a request to api.domain.com, I get a 502 Bad Gateway error. Rails throws this 2018-02-19 07:07:02 +0000: HTTP parse error, malformed request (): #<Puma::HttpParserError: Invalid HTTP format, parsing fails.

Is this an issue with the configuration or do I have to change something in the application code?

Answer 1

Puma understands only http requests but you are forcing it to handle https requests.

Replacing "proxy_pass https://app" with "proxy_pass http://app" should fix your problem.