【发布时间】:2013-02-02 12:55:13
【问题描述】:
我正在尝试使用 Nginx 和 Unicorn 配置带有 SSL 的 Rails 应用程序。
我正在尝试在本地进行设置。为此,我首先使用 OpenSSL for Nginx 创建了一个自签名证书。我按照document 创建自签名证书。之后,我将nginx.conf 配置如下,在http 块内:
upstream unicorn_myapp {
# This is the socket we configured in unicorn.rb
server unix:root_path/tmp/sockets/unicorn.sock fail_timeout=0;
}
server {
listen 80;
server_name dev.myapp.com;
rewrite ^/(.*) http://dev.myapp.com/$1 permanent;
}
server {
listen 80;
listen 443 ssl;
server_name dev.myapp.com;
ssl on;
ssl_certificate /etc/nginx/ssl/server.pem;
ssl_certificate_key /etc/nginx/ssl/server.key;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers ALL:-ADH:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP;
ssl_session_cache shared:SSL:10m;
root root_path/public;
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
if (!-f $request_filename) {
proxy_pass http://unicorn_myapp;
break;
}
}
}
我尝试在本地设置,并在本地启动 Unicorn。我在/etc/hosts 中将127.0.0.1 映射到dev.myapp.com。但是在启动服务器后,当我尝试 ping 应用程序时,它在 Chrome 中给出了以下错误:
This webpage has a redirect loop
Error 310 (net::ERR_TOO_MANY_REDIRECTS): There were too many redirects.
在 Firefox 中出现以下错误:
The page isn't redirecting properly
nginix.access.log 显示以下结果:
127.0.0.1 - - [18/Feb/2013:12:56:16 +0530] "GET / HTTP/1.1" 301 5 "-" "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.79 Safari/537.4"
127.0.0.1 - - [18/Feb/2013:12:56:16 +0530] "-" 400 0 "-" "-"
127.0.0.1 - - [18/Feb/2013:12:56:16 +0530] "GET / HTTP/1.1" 301 5 "-" "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.79 Safari/537.4"
127.0.0.1 - - [18/Feb/2013:12:56:16 +0530] "-" 400 0 "-" "-"
127.0.0.1 - - [18/Feb/2013:12:56:16 +0530] "GET / HTTP/1.1" 301 5 "-" "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.79 Safari/537.4"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "-" 400 0 "-" "-"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "-" 400 0 "-" "-"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "-" 400 0 "-" "-"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "-" 400 0 "-" "-"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "GET / HTTP/1.1" 301 5 "-" "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.79 Safari/537.4"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "-" 400 0 "-" "-"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "GET / HTTP/1.1" 301 5 "-" "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.79 Safari/537.4"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "-" 400 0 "-" "-"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "GET / HTTP/1.1" 301 5 "-" "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.79 Safari/537.4"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "-" 400 0 "-" "-"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "GET / HTTP/1.1" 301 5 "-" "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.79 Safari/537.4"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "-" 400 0 "-" "-"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "GET / HTTP/1.1" 301 5 "-" "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.79 Safari/537.4"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "-" 400 0 "-" "-"
谁能帮我找到解决办法?
【问题讨论】:
-
看起来你的 80 重写转到 http(又是 80),应该是 https 吗?
-
我们如何在上面的配置中改变它?
-
尝试将 'rewrite ^/(.*) http://...' 更改为 'rewrite ^/(.*) https://...' 并从 2nd 中删除 listen 80服务器块
-
@house9 - 如果您想将解决方案概括为您自己的答案,我将删除我的答案。 (请参阅meta.stackexchange.com/questions/90263/… 详细说明为什么这会有所帮助。)谢谢!
-
@DreadPirateShawn 别担心,我会加一个你的答案
标签: ruby-on-rails ssl nginx ssl-certificate unicorn