1. 首页
  2. 问答
  3. Nginx Rails 5 HTTPS重定向问题

Nginx Rails 5 HTTPS重定向问题

2016-08-16 209 views
0

我有一个新的Rails 5应用程序,托管在数字海洋Ubuntu 16.04液滴中。该设置使用Nginx和Puma作为应用程序服务器。我注意到重定向的问题。Nginx Rails 5 HTTPS重定向问题

例如,如果我做一个重定向为redirect_to services_path它会尝试重定向到https://jdeen.com,%20jdeen.com/services

我相信这是一个Nginx配置问题,认为这与我工作的Rails 3应用程序非常相似,我不确定出了什么问题。当我做一个不使用SSL的简单配置时,它可以工作。

任何帮助,高度赞赏。

里亚尔登录

I, [2016-08-16T08:18:01.692852 #17988] INFO -- : [9c26a134-eef6-4244-9ec2-e9e7cec61910] Started GET "/products" for 112.134.82.41 at 2016-08-16 08:18:01 -0400 
I, [2016-08-16T08:18:01.709611 #17988] INFO -- : [9c26a134-eef6-4244-9ec2-e9e7cec61910] Processing by ProductsController#index as HTML 
I, [2016-08-16T08:18:01.718443 #17988] INFO -- : [9c26a134-eef6-4244-9ec2-e9e7cec61910] Redirected to https://jdeen.com, jdeen.com/services 
I, [2016-08-16T08:18:01.720520 #17988] INFO -- : [9c26a134-eef6-4244-9ec2-e9e7cec61910] Completed 302 Found in 9ms (ActiveRecord: 0.0ms) 
I, [2016-08-16T08:18:10.993806 #17988] INFO -- : [1ac5d13d-1df9-44f0-9f5a-6aaa424231a9] Started GET "/products" for 112.134.82.41 at 2016-08-16 08:18:10 -0400 
I, [2016-08-16T08:18:10.995977 #17988] INFO -- : [1ac5d13d-1df9-44f0-9f5a-6aaa424231a9] Processing by ProductsController#index as HTML 
I, [2016-08-16T08:18:10.998905 #17988] INFO -- : [1ac5d13d-1df9-44f0-9f5a-6aaa424231a9] Redirected to https://jdeen.com, jdeen.com/services 
I, [2016-08-16T08:18:10.999999 #17988] INFO -- : [1ac5d13d-1df9-44f0-9f5a-6aaa424231a9] Completed 302 Found in 2ms (ActiveRecord: 0.0ms)

Nginx的配置:

upstream jdeen_app { 
    server 127.0.0.1:3000 fail_timeout=0; 
} 

server { 
    listen 80; 
    server_name jdeen.com www.jdeen.com; 
    return 301 https://$host$request_uri; 
} 


server { 
    listen 443 ssl; 
    server_name jdeen.com www.jdeen.com; 

    ssl_certificate /etc/letsencrypt/live/jdeen.com/fullchain.pem; 
    ssl_certificate_key /etc/letsencrypt/live/jdeen.com/privkey.pem; 

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 
    ssl_prefer_server_ciphers on; 
    ssl_dhparam /etc/ssl/certs/dhparam.pem; 
    ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA HIGH !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"; 
    ssl_session_timeout 1d; 
    ssl_session_cache shared:SSL:50m; 
    ssl_stapling on; 
    ssl_stapling_verify on; 
    add_header Strict-Transport-Security max-age=15768000; 
    server_tokens off; 

    root /var/www/jdeen.com/public; 

    try_files $uri/index.html $uri @jdeen_app; 

    location @jdeen_app { 
     proxy_pass http://jdeen_app; 
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
     proxy_set_header Host $http_host; 
     proxy_redirect off; 

     proxy_set_header HOST $host; 
     proxy_set_header X-Forwarded-Proto $scheme; 
     proxy_set_header X-Real-IP $remote_addr; 
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
    } 

    location ~ /.well-known { 
     allow all; 
    } 

    error_page 500 502 503 504 /500.html; 
    client_max_body_size 4G; 
    keepalive_timeout 10; 
}

来源

2016-08-16 Ziyan Junaideen

+1

您有不同值的'proxy_set_header HOST'指令。 HTTP头域不区分大小写,所以'Host'和'HOST'是相等的。 – VBart

+1

另外你也有'proxy_set_header X-Forwarded-For'指令的重复。 – VBart

+0

@VBart:非常感谢老兄,它的工作!把它作为答案,我会接受。 –

回答

3

问题是由重复的Host头引起的,这是设置两次使用proxy_set_header指令:

... 
proxy_set_header Host $http_host; 
proxy_redirect off; 

proxy_set_header HOST $host; 
...

来源

2016-08-16 13:58:41 VBart

0

这是怎么了我设置了我的应用程序。也许这可以帮助你。

注意,这与Unicorn相切。

upstream app_server_appname { 
    server unix:/path/to/rails_app/app_name/shared/sockets/unicorn.sock fail_timeout=0; 
} 

server { 
    listen 443 ssl; 
    root /path/to/rails_app/public; 
    server_name somedomain.com; 
    index index.htm index.html; 

    ssl_certificate /etc/letsencrypt/live/somedomain.com/fullchain.pem; 
    ssl_certificate_key /etc/letsencrypt/live/somedomain.com/privkey.pem; 
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 
    ssl_prefer_server_ciphers on; 
    ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; 


    deny all; 

    location/{ 
      try_files $uri/index.html $uri.html $uri @app; 
    } 

    location ~ ^/assets/ { 
     expires 1s; 
     add_header Cache-Control public; 

     add_header ETag ""; 
     break; 
    } 

    location ~* ^.+\.(jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|mp3|flv|mpeg|avi)$ { 
        try_files $uri @app; 
    } 

    location @app { 
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
      proxy_set_header Host $http_host; 
      proxy_set_header X-Forwarded-Proto https; 
      proxy_redirect off; 
      proxy_pass http://app_server_appname; 
    } 
}

来源

2016-08-16 14:11:16

相关问题

 相关问题