Nginx Rails 5 HTTPS 重定向问题
Nginx Rails 5 HTTPS Redirect Issue
我有一个新的 Rails 5 应用程序托管在 Digital Ocean Ubuntu 16.04 droplet 中。该设置使用 Nginx 和 Puma 作为应用程序服务器。我注意到重定向有问题。
例如,如果我将重定向设为 redirect_to services_path,它会尝试重定向到 https://jdeen.com,%20jdeen.com/services。
我认为这是一个 Nginx 配置问题,认为这与我的 Rails 3 应用程序非常相似,但我不确定哪里出了问题。当我做一个不使用 SSL 的简单配置时它起作用了。
非常感谢任何帮助。
里亚尔原木
I, [2016-08-16T08:18:01.692852 #17988] INFO -- : [9c26a134-eef6-4244-9ec2-e9e7cec61910] Started GET "/products" for 112.134.82.41 at 2016-08-16 08:18:01 -0400
I, [2016-08-16T08:18:01.709611 #17988] INFO -- : [9c26a134-eef6-4244-9ec2-e9e7cec61910] Processing by ProductsController#index as HTML
I, [2016-08-16T08:18:01.718443 #17988] INFO -- : [9c26a134-eef6-4244-9ec2-e9e7cec61910] Redirected to https://jdeen.com, jdeen.com/services
I, [2016-08-16T08:18:01.720520 #17988] INFO -- : [9c26a134-eef6-4244-9ec2-e9e7cec61910] Completed 302 Found in 9ms (ActiveRecord: 0.0ms)
I, [2016-08-16T08:18:10.993806 #17988] INFO -- : [1ac5d13d-1df9-44f0-9f5a-6aaa424231a9] Started GET "/products" for 112.134.82.41 at 2016-08-16 08:18:10 -0400
I, [2016-08-16T08:18:10.995977 #17988] INFO -- : [1ac5d13d-1df9-44f0-9f5a-6aaa424231a9] Processing by ProductsController#index as HTML
I, [2016-08-16T08:18:10.998905 #17988] INFO -- : [1ac5d13d-1df9-44f0-9f5a-6aaa424231a9] Redirected to https://jdeen.com, jdeen.com/services
I, [2016-08-16T08:18:10.999999 #17988] INFO -- : [1ac5d13d-1df9-44f0-9f5a-6aaa424231a9] Completed 302 Found in 2ms (ActiveRecord: 0.0ms)
Nginx 配置:
upstream jdeen_app {
server 127.0.0.1:3000 fail_timeout=0;
}
server {
listen 80;
server_name jdeen.com www.jdeen.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name jdeen.com www.jdeen.com;
ssl_certificate /etc/letsencrypt/live/jdeen.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/jdeen.com/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA HIGH !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS";
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security max-age=15768000;
server_tokens off;
root /var/www/jdeen.com/public;
try_files $uri/index.html $uri @jdeen_app;
location @jdeen_app {
proxy_pass http://jdeen_app;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_set_header HOST $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location ~ /.well-known {
allow all;
}
error_page 500 502 503 504 /500.html;
client_max_body_size 4G;
keepalive_timeout 10;
}
问题是由重复的 Host header 引起的,使用 proxy_set_header 指令设置了两次:
...
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_set_header HOST $host;
...
这就是我设置应用程序的方式。也许这可以帮到你。
请注意,这与独角兽相切。
upstream app_server_appname {
server unix:/path/to/rails_app/app_name/shared/sockets/unicorn.sock fail_timeout=0;
}
server {
listen 443 ssl;
root /path/to/rails_app/public;
server_name somedomain.com;
index index.htm index.html;
ssl_certificate /etc/letsencrypt/live/somedomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/somedomain.com/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
deny all;
location / {
try_files $uri/index.html $uri.html $uri @app;
}
location ~ ^/assets/ {
expires 1s;
add_header Cache-Control public;
add_header ETag "";
break;
}
location ~* ^.+\.(jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|mp3|flv|mpeg|avi)$ {
try_files $uri @app;
}
location @app {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_pass http://app_server_appname;
}
}
我有一个新的 Rails 5 应用程序托管在 Digital Ocean Ubuntu 16.04 droplet 中。该设置使用 Nginx 和 Puma 作为应用程序服务器。我注意到重定向有问题。
例如,如果我将重定向设为 redirect_to services_path,它会尝试重定向到 https://jdeen.com,%20jdeen.com/services。
我认为这是一个 Nginx 配置问题,认为这与我的 Rails 3 应用程序非常相似,但我不确定哪里出了问题。当我做一个不使用 SSL 的简单配置时它起作用了。
非常感谢任何帮助。
里亚尔原木
I, [2016-08-16T08:18:01.692852 #17988] INFO -- : [9c26a134-eef6-4244-9ec2-e9e7cec61910] Started GET "/products" for 112.134.82.41 at 2016-08-16 08:18:01 -0400
I, [2016-08-16T08:18:01.709611 #17988] INFO -- : [9c26a134-eef6-4244-9ec2-e9e7cec61910] Processing by ProductsController#index as HTML
I, [2016-08-16T08:18:01.718443 #17988] INFO -- : [9c26a134-eef6-4244-9ec2-e9e7cec61910] Redirected to https://jdeen.com, jdeen.com/services
I, [2016-08-16T08:18:01.720520 #17988] INFO -- : [9c26a134-eef6-4244-9ec2-e9e7cec61910] Completed 302 Found in 9ms (ActiveRecord: 0.0ms)
I, [2016-08-16T08:18:10.993806 #17988] INFO -- : [1ac5d13d-1df9-44f0-9f5a-6aaa424231a9] Started GET "/products" for 112.134.82.41 at 2016-08-16 08:18:10 -0400
I, [2016-08-16T08:18:10.995977 #17988] INFO -- : [1ac5d13d-1df9-44f0-9f5a-6aaa424231a9] Processing by ProductsController#index as HTML
I, [2016-08-16T08:18:10.998905 #17988] INFO -- : [1ac5d13d-1df9-44f0-9f5a-6aaa424231a9] Redirected to https://jdeen.com, jdeen.com/services
I, [2016-08-16T08:18:10.999999 #17988] INFO -- : [1ac5d13d-1df9-44f0-9f5a-6aaa424231a9] Completed 302 Found in 2ms (ActiveRecord: 0.0ms)
Nginx 配置:
upstream jdeen_app {
server 127.0.0.1:3000 fail_timeout=0;
}
server {
listen 80;
server_name jdeen.com www.jdeen.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name jdeen.com www.jdeen.com;
ssl_certificate /etc/letsencrypt/live/jdeen.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/jdeen.com/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA HIGH !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS";
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security max-age=15768000;
server_tokens off;
root /var/www/jdeen.com/public;
try_files $uri/index.html $uri @jdeen_app;
location @jdeen_app {
proxy_pass http://jdeen_app;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_set_header HOST $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location ~ /.well-known {
allow all;
}
error_page 500 502 503 504 /500.html;
client_max_body_size 4G;
keepalive_timeout 10;
}
问题是由重复的 Host header 引起的,使用 proxy_set_header 指令设置了两次:
...
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_set_header HOST $host;
...
这就是我设置应用程序的方式。也许这可以帮到你。
请注意,这与独角兽相切。
upstream app_server_appname {
server unix:/path/to/rails_app/app_name/shared/sockets/unicorn.sock fail_timeout=0;
}
server {
listen 443 ssl;
root /path/to/rails_app/public;
server_name somedomain.com;
index index.htm index.html;
ssl_certificate /etc/letsencrypt/live/somedomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/somedomain.com/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
deny all;
location / {
try_files $uri/index.html $uri.html $uri @app;
}
location ~ ^/assets/ {
expires 1s;
add_header Cache-Control public;
add_header ETag "";
break;
}
location ~* ^.+\.(jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|mp3|flv|mpeg|avi)$ {
try_files $uri @app;
}
location @app {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_pass http://app_server_appname;
}
}