我正在尝试使用 Nginx 和 Unicorn 配置带有 SSL 的 Rails 应用程序。
我正在尝试在本地进行设置。为此,我首先使用 OpenSSL 为 Nginx 创建了一个自签名证书。我关注了document用于创建自签名证书。之后,我在 http
block 中如下配置了我的 nginx.conf
:
upstream unicorn_myapp {
# This is the socket we configured in unicorn.rb
server unix:root_path/tmp/sockets/unicorn.sock fail_timeout=0;
}
server {
listen 80;
server_name dev.myapp.com;
rewrite ^/(.*) http://dev.myapp.com/$1 permanent;
}
server {
listen 80;
listen 443 ssl;
server_name dev.myapp.com;
ssl on;
ssl_certificate /etc/nginx/ssl/server.pem;
ssl_certificate_key /etc/nginx/ssl/server.key;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers ALL:-ADH:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP;
ssl_session_cache shared:SSL:10m;
root root_path/public;
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
if (!-f $request_filename) {
proxy_pass http://unicorn_myapp;
break;
}
}
}
我尝试在本地进行设置,并在本地启动了 Unicorn。我将 127.0.0.1
映射到 /etc/hosts
中的 dev.myapp.com
。但是在启动服务器后,当我尝试 ping 应用程序时,它在 Chrome 中给出了以下错误:
This webpage has a redirect loop
Error 310 (net::ERR_TOO_MANY_REDIRECTS): There were too many redirects.
在 Firefox 中出现以下错误:
The page isn't redirecting properly
nginix.access.log
显示以下结果:
127.0.0.1 - - [18/Feb/2013:12:56:16 +0530] "GET / HTTP/1.1" 301 5 "-" "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.79 Safari/537.4"
127.0.0.1 - - [18/Feb/2013:12:56:16 +0530] "-" 400 0 "-" "-"
127.0.0.1 - - [18/Feb/2013:12:56:16 +0530] "GET / HTTP/1.1" 301 5 "-" "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.79 Safari/537.4"
127.0.0.1 - - [18/Feb/2013:12:56:16 +0530] "-" 400 0 "-" "-"
127.0.0.1 - - [18/Feb/2013:12:56:16 +0530] "GET / HTTP/1.1" 301 5 "-" "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.79 Safari/537.4"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "-" 400 0 "-" "-"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "-" 400 0 "-" "-"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "-" 400 0 "-" "-"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "-" 400 0 "-" "-"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "GET / HTTP/1.1" 301 5 "-" "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.79 Safari/537.4"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "-" 400 0 "-" "-"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "GET / HTTP/1.1" 301 5 "-" "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.79 Safari/537.4"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "-" 400 0 "-" "-"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "GET / HTTP/1.1" 301 5 "-" "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.79 Safari/537.4"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "-" 400 0 "-" "-"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "GET / HTTP/1.1" 301 5 "-" "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.79 Safari/537.4"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "-" 400 0 "-" "-"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "GET / HTTP/1.1" 301 5 "-" "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.79 Safari/537.4"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "-" 400 0 "-" "-"
谁能帮我找到解决方案?
最佳答案
您缺少标题:
proxy_set_header X-Forwarded-Proto https;
让我引用一个综合post这很好地解释了 Rails 如何处理 Nginx 上的 HTTPS:
force_ssl
relies on theHTTP_X_FORWARDED_PROTO
HTTP header to determine whether or not the request was an HTTPS request. If this setting isn't set tohttps
then you will end up with an infinite redirect loop asforce_ssl
will always think the forwarded request isn't HTTPS.
关于ruby-on-rails - 尝试使用 nginx 和 unicorn 将 Rails 应用程序配置为 SSL 时出现太多重定向错误,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/14930452/