logo标签列表

尝试使用nginx和unicorn配置rails应用程序为SSL时出现了太多重定向错误

ruby-on-railssslnginxssl-certificateunicorn
21
我正在尝试使用Nginx和Unicorn为Rails应用程序配置SSL。 我正在尝试在本地设置它。 为此,我首先使用OpenSSL为Nginx创建了自签名证书。 我遵循了文档 创建自签名证书的步骤。 之后,我在http块内将我的nginx.conf配置如下:
upstream unicorn_myapp {
    # This is the socket we configured in unicorn.rb
    server unix:root_path/tmp/sockets/unicorn.sock fail_timeout=0;
}

server {
    listen 80;
    server_name dev.myapp.com;
    rewrite ^/(.*) http://dev.myapp.com/$1 permanent;
}

server {
    listen                80;
    listen                443 ssl;
    server_name           dev.myapp.com;
    ssl                   on;
    ssl_certificate       /etc/nginx/ssl/server.pem;
    ssl_certificate_key   /etc/nginx/ssl/server.key;
    ssl_protocols         SSLv3 TLSv1;
    ssl_ciphers           ALL:-ADH:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP;
    ssl_session_cache     shared:SSL:10m;

    root root_path/public;

    location / {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_redirect off;

        if (!-f $request_filename) {
            proxy_pass http://unicorn_myapp;
            break;
        }
    }
}

我尝试在本地设置并启动了Unicorn。 我在/etc/hosts中将127.0.0.1映射到dev.myapp.com。 但是,在启动服务器后,当我尝试ping应用程序时,Chrome会出现以下错误:

This webpage has a redirect loop
Error 310 (net::ERR_TOO_MANY_REDIRECTS): There were too many redirects.

在 Firefox 中出现以下错误:

The page isn't redirecting properly
nginix.access.log 显示以下结果:
127.0.0.1 - - [18/Feb/2013:12:56:16 +0530] "GET / HTTP/1.1" 301 5 "-" "Mozilla/5.0 (X11;        Linux i686) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.79 Safari/537.4"
127.0.0.1 - - [18/Feb/2013:12:56:16 +0530] "-" 400 0 "-" "-"
127.0.0.1 - - [18/Feb/2013:12:56:16 +0530] "GET / HTTP/1.1" 301 5 "-" "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.79 Safari/537.4"
127.0.0.1 - - [18/Feb/2013:12:56:16 +0530] "-" 400 0 "-" "-"
127.0.0.1 - - [18/Feb/2013:12:56:16 +0530] "GET / HTTP/1.1" 301 5 "-" "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.79 Safari/537.4"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "-" 400 0 "-" "-"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "-" 400 0 "-" "-"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "-" 400 0 "-" "-"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "-" 400 0 "-" "-"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "GET / HTTP/1.1" 301 5 "-" "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.79 Safari/537.4"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "-" 400 0 "-" "-"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "GET / HTTP/1.1" 301 5 "-" "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.79 Safari/537.4"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "-" 400 0 "-" "-"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "GET / HTTP/1.1" 301 5 "-" "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.79 Safari/537.4"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "-" 400 0 "-" "-"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "GET / HTTP/1.1" 301 5 "-" "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.79 Safari/537.4"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "-" 400 0 "-" "-"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "GET / HTTP/1.1" 301 5 "-" "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.79 Safari/537.4"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "-" 400 0 "-" "-"

请问有谁能帮我找到解决方案吗?

看起来你的80重写转到了http(再次是80),应该改成https? - house9
以上配置如何更改? - apr
4
尝试将“rewrite ^/(.) http://...”更改为“rewrite ^/(.) https://...”,并从第二个服务器块中删除“listen 80”。 - house9
@house9 - 如果你愿意将解决方案总结为自己的答案,我会删除我的回答。(请参见http://meta.stackexchange.com/questions/90263/unanswered-question-answered-in-comments,了解为什么这很有帮助。)谢谢! - DreadPirateShawn
@DreadPirateShawn 不用担心,我会给你的答案点个赞。 - house9
2个回答
78
您缺少一个标题:
proxy_set_header X-Forwarded-Proto https;

让我引用一篇详细的文章,它很好地解释了Rails如何在Nginx上处理HTTPS:

force_ssl 依赖于 HTTP_X_FORWARDED_PROTO HTTP头来确定请求是否为HTTPS请求。如果此设置未设置为 https,则将出现无限重定向循环,因为 force_ssl 始终认为转发的请求不是HTTPS。

2

为了将此问题从“未回答”筛选器中移除,将评论中的答案复制并进行翻译:

尝试将 'rewrite ^/(.*) http://...' 更改为 'rewrite ^/(.*) https://...' 并从第二个服务器块中删除 listen 80

~ 来自 house9 的答案

网页内容由stack overflow 提供, 点击上面的
可以查看英文原文,
原文链接