Configuring Nginx, Puma, Certbot, and Rails - A Developer's Guide

The day has arrived. You are ready to put your new Rails application into production. Great! Your production Rails app will work a lot like it did in development, but you'll want to put a web server in front of it.

In development, you used Puma to serve request by typing bundle exec rails c. But Puma is not a web server, it's an application server, and it's not really up to the task of handling all HTTP traffic that hits your production server.

Here's what you'll do. You'll use Nginx (a web server) to handle HTTP requests and pass them along to Puma. It's easy!

Here's a diagram:

---------------------------
| Browser:HTTPS --> Nginx |
| Nginx:HTTP    --> Puma  |
--------------------------

Here are the steps involved:

  1. Install Nginx on your server.
  2. Install Certbot on your server.
  3. Configure Nginx to redirect HTTP traffic to HTTPS.
  4. Confgiure Nginx to proxy HTTPS traffic to Puma as HTTP traffic.
  5. Done!

Debugging

If your production app works on HTTP but not HTTPS for some reason, here's how to debug it:

  1. Check your Puma logs to see if there are any errors.
  2. Check your Nginx logs to see if there are any errors.
  3. Hmm.
  4. Try restarting Nginx. Nothing? Try restarting Puma. That should work. It didn't?
  5. Try... why is this not working?
  6. Ok, just redeploy the entire application. That'll fix it.
  7. It's STILL NOT WORKING????
  8. What is going on. I swear this is exactly what I did last time....
  9. Fine. Destroy the whole server and provision a new one. Now deploy again.
  10. WHY IS IT NOT WORKING OVER HTTPS? What IS going ON????? AHHHHHHHHHHH
  11. I hate this. This is supposed to be easy.
  12. Wow. I guess I don't have imposter syndrome. I'm actually an imposter. I can't figure this out. What if I was the only dev at the company? Would I have to tell everyone that we can't have our app cause I'm too stupid to figure this out?
  13. AHHHHHH. It's been 5 hours. There's nothing in the logs. What's going ONNNNNNNNNNN???!?!
  14. Oh... my EC2 instance is in security group that doesn't allow HTTPS requests. Whoops. Let me fix that.
  15. Hey, it works!