【发布时间】:2018-06-04 22:28:07
【问题描述】:
我想知道如何在 rails 5 应用程序中实施 SSL。该应用程序在开发中运行良好。在生产中,通过 rails admin 通过 SSL 发出的一些 POST 请求不起作用。
如果 SSL 是通过 production.rb 强制执行的,浏览器会返回:
"ERR_TOO_MANY_REDIRECTS"
如果“force_ssl”设置为 false,一些通过 rails admin 的“POST”请求会返回:
HTTP Origin header (https://www.example.com) didn't match request.base_url (http://www.example.com)
提前致谢。
这些是应用设置:
production.rb
# ...
config.force_ssl = true
# ...
nginx.conf
upstream puma {
server unix:///home/bgc/apps/domain/shared/tmp/sockets/domain-puma.sock;
}
server {
listen 80;
listen 443 ssl;
server_name domain.com;
ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers AES256+EECDH:AES256+EDH:!aNULL;
root /home/bgc/apps/domain/current/public;
access_log /home/bgc/apps/domain/current/log/nginx.access.log;
error_log /home/bgc/apps/domain/current/log/nginx.error.log info;
location ^~ /assets/ {
gzip_static on;
expires max;
add_header Cache-Control public;
}
try_files $uri/index.html $uri @puma;
location @puma {
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://puma;
}
error_page 500 502 503 504 /500.html;
client_max_body_size 10M;
keepalive_timeout 10;
}
【问题讨论】:
-
为什么不将80端口重定向到443端口来分离服务器配置,之后一定有一个循环,你能检查一下nginx的访问日志和rails中的日志吗?
server { listen 80 default_server; listen [::]:80 default_server; server_name _; return 301 https://$host$request_uri; }
标签: ruby-on-rails nginx puma rails-admin