Nginx Rails 5 HTTPS 重定向问题

【问题标题】:Nginx Rails 5 HTTPS Redirect IssueNginx Rails 5 HTTPS 重定向问题
【发布时间】:2026-01-13 16:40:01
【问题描述】:

我在 Digital Ocean Ubuntu 16.04 droplet 中托管了一个新的 Rails 5 应用程序。该设置使用 Nginx 和 Puma 作为应用程序服务器。我注意到重定向存在问题。

例如,如果我以redirect_to services_path 进行重定向,它会尝试重定向到https://jdeen.com,%20jdeen.com/services

我认为这是一个 Nginx 配置问题,认为这与我拥有的正常工作的 Rails 3 应用程序非常相似,我不确定出了什么问题。当我做一个不使用 SSL 的简单配置时,它可以工作。

非常感谢任何帮助。

里亚尔日志

I, [2016-08-16T08:18:01.692852 #17988]  INFO -- : [9c26a134-eef6-4244-9ec2-e9e7cec61910] Started GET "/products" for 112.134.82.41 at 2016-08-16 08:18:01 -0400
I, [2016-08-16T08:18:01.709611 #17988]  INFO -- : [9c26a134-eef6-4244-9ec2-e9e7cec61910] Processing by ProductsController#index as HTML
I, [2016-08-16T08:18:01.718443 #17988]  INFO -- : [9c26a134-eef6-4244-9ec2-e9e7cec61910] Redirected to https://jdeen.com, jdeen.com/services
I, [2016-08-16T08:18:01.720520 #17988]  INFO -- : [9c26a134-eef6-4244-9ec2-e9e7cec61910] Completed 302 Found in 9ms (ActiveRecord: 0.0ms)
I, [2016-08-16T08:18:10.993806 #17988]  INFO -- : [1ac5d13d-1df9-44f0-9f5a-6aaa424231a9] Started GET "/products" for 112.134.82.41 at 2016-08-16 08:18:10 -0400
I, [2016-08-16T08:18:10.995977 #17988]  INFO -- : [1ac5d13d-1df9-44f0-9f5a-6aaa424231a9] Processing by ProductsController#index as HTML
I, [2016-08-16T08:18:10.998905 #17988]  INFO -- : [1ac5d13d-1df9-44f0-9f5a-6aaa424231a9] Redirected to https://jdeen.com, jdeen.com/services
I, [2016-08-16T08:18:10.999999 #17988]  INFO -- : [1ac5d13d-1df9-44f0-9f5a-6aaa424231a9] Completed 302 Found in 2ms (ActiveRecord: 0.0ms)

Nginx 配置:

upstream jdeen_app {
    server 127.0.0.1:3000 fail_timeout=0;
}

server {
    listen 80;
    server_name jdeen.com www.jdeen.com;
    return 301 https://$host$request_uri;
}


server {
    listen 443 ssl;
    server_name jdeen.com www.jdeen.com;

    ssl_certificate /etc/letsencrypt/live/jdeen.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/jdeen.com/privkey.pem;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_dhparam /etc/ssl/certs/dhparam.pem;
    ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA HIGH !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS";
    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:50m;
    ssl_stapling on;
    ssl_stapling_verify on;
    add_header Strict-Transport-Security max-age=15768000;
    server_tokens off;

    root /var/www/jdeen.com/public;

    try_files $uri/index.html $uri @jdeen_app;

    location @jdeen_app {
        proxy_pass http://jdeen_app;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_redirect off;

        proxy_set_header HOST $host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }

    location ~ /.well-known {
        allow all;
    }

    error_page 500 502 503 504 /500.html;
    client_max_body_size 4G;
    keepalive_timeout 10;
}

【问题讨论】:

  • 您复制了具有不同值的 proxy_set_header HOST 指令。 HTTP 标头字段不区分大小写,因此 HostHOST 相等。
  • 你也复制了proxy_set_header X-Forwarded-For指令。
  • @VBart:非常感谢老兄,它成功了!把它作为一个答案,我会接受。

标签: ruby-on-rails nginx ruby-on-rails-5


【解决方案1】:

问题是由重复的Host 标头引起的,该标头使用proxy_set_header 指令设置了两次:

...
proxy_set_header Host $http_host;
proxy_redirect off;

proxy_set_header HOST $host;
...

【讨论】:

    【解决方案2】:

    这就是我设置应用程序的方式。也许这可以帮助你。

    注意,这与独角兽相切。 

    upstream app_server_appname {
    server unix:/path/to/rails_app/app_name/shared/sockets/unicorn.sock fail_timeout=0;
}

server {
    listen 443 ssl;
    root /path/to/rails_app/public;
    server_name somedomain.com;
    index index.htm index.html;

    ssl_certificate /etc/letsencrypt/live/somedomain.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/somedomain.com/privkey.pem;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';


    deny all;

    location / {
            try_files $uri/index.html $uri.html $uri @app;
    }

    location ~ ^/assets/ {
      expires 1s;
      add_header Cache-Control public;

      add_header ETag "";
      break;
    }

    location ~* ^.+\.(jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|mp3|flv|mpeg|avi)$ {
                    try_files $uri @app;
    }

     location @app {
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Host $http_host;
            proxy_set_header   X-Forwarded-Proto https;
            proxy_redirect off;
            proxy_pass http://app_server_appname;
    }
}

    【讨论】:

      猜你喜欢
      相关资源
      最近更新 更多
      热门标签
      Java Python linux javascript C# Mysql Docker 算法 前端 SpringBoot Redis Vue spring .net 设计模式 .net core c++ kubernetes 数据库 机器学习 大数据 数据结构 微服务 js 人工智能 Go Android 面试 程序员 JVM 云原生 后端 ASP.net core 深度学习 CSS k8s git golang PHP devops Nginx Django React mybatis 架构 多线程 Spring Boot 云计算 LeetCode 分布式