Nginx SSL 工作但以 http 形式发送请求
Nginx SSL working but sending request as http
我按照 Deploying a Rails App on Ubuntu 14.04 with Capistrano, Nginx, and Puma 将 Rails 应用程序部署到 Digital Ocean。
建议保留nginx.conf (/etc/nginx/sites-enabled/medical-app) 为
upstream puma {
server unix:///home/myappuser/apps/medical-app/shared/tmp/sockets/medical-app-puma.sock;
}
server {
listen 80 default_server deferred;
# server_name example.com;
root /home/myappuser/apps/medical-app/current/public;
access_log /home/myappuser/apps/medical-app/current/log/nginx.access.log;
error_log /home/myappuser/apps/medical-app/current/log/nginx.error.log info;
location ^~ /assets/ {
gzip_static on;
expires max;
add_header Cache-Control public;
}
try_files $uri/index.html $uri @puma;
location @puma {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://puma;
}
error_page 500 502 503 504 /500.html;
client_max_body_size 10M;
keepalive_timeout 10;
}
然后我添加了域并安装了 SSL 使用 让我们加密
它改变了 nginx.conf (/etc/nginx/sites-enabled/medical-app) 如下
upstream puma {
server unix:///home/myappuser/apps/medical-app/shared/tmp/sockets/medical-app-puma.sock;
}
server {
listen 80 default_server deferred;
# server_name example.com;
root /home/myappuser/apps/medical-app/current/public;
access_log /home/myappuser/apps/medical-app/current/log/nginx.access.log;
error_log /home/myappuser/apps/medical-app/current/log/nginx.error.log info;
location ^~ /assets/ {
gzip_static on;
expires max;
add_header Cache-Control public;
}
try_files $uri/index.html $uri @puma;
location @puma {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://puma;
}
error_page 500 502 503 504 /500.html;
client_max_body_size 10M;
keepalive_timeout 10;
}
server {
# server_name example.com;
root /home/myappuser/apps/medical-app/current/public;
access_log /home/myappuser/apps/medical-app/current/log/nginx.access.log;
error_log /home/myappuser/apps/medical-app/current/log/nginx.error.log info;
location ^~ /assets/ {
gzip_static on;
expires max;
add_header Cache-Control public;
}
try_files $uri/index.html $uri @puma;
location @puma {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://puma;
}
error_page 500 502 503 504 /500.html;
client_max_body_size 10M;
keepalive_timeout 10;
server_name www.medtib.com medtib.com; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/www.medtib.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/www.medtib.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = medtib.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = www.medtib.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 ;
server_name www.medtib.com medtib.com;
return 404; # managed by Certbot
}
现在 https 工作正常 但如果我通过 Rails 配置启用强制 SSL
config.force_ssl = true
然后它给出错误页面无法处理消息 重定向太多次
如果我尝试使用需要 https 的 Facebook 登录,则会出现以下错误
我对 nginx 等一无所知
您应该将 X-Forwarded-Proto header 转发给您的应用程序,以告知您的应用程序使用了哪种协议。 (https,http)
输入以下内容:
proxy_set_header X-Forwarded-Proto $scheme;
之前:
proxy_pass http://puma;
它应该可以解决问题。
我按照 Deploying a Rails App on Ubuntu 14.04 with Capistrano, Nginx, and Puma 将 Rails 应用程序部署到 Digital Ocean。
建议保留nginx.conf (/etc/nginx/sites-enabled/medical-app) 为
upstream puma {
server unix:///home/myappuser/apps/medical-app/shared/tmp/sockets/medical-app-puma.sock;
}
server {
listen 80 default_server deferred;
# server_name example.com;
root /home/myappuser/apps/medical-app/current/public;
access_log /home/myappuser/apps/medical-app/current/log/nginx.access.log;
error_log /home/myappuser/apps/medical-app/current/log/nginx.error.log info;
location ^~ /assets/ {
gzip_static on;
expires max;
add_header Cache-Control public;
}
try_files $uri/index.html $uri @puma;
location @puma {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://puma;
}
error_page 500 502 503 504 /500.html;
client_max_body_size 10M;
keepalive_timeout 10;
}
然后我添加了域并安装了 SSL 使用 让我们加密 它改变了 nginx.conf (/etc/nginx/sites-enabled/medical-app) 如下
upstream puma {
server unix:///home/myappuser/apps/medical-app/shared/tmp/sockets/medical-app-puma.sock;
}
server {
listen 80 default_server deferred;
# server_name example.com;
root /home/myappuser/apps/medical-app/current/public;
access_log /home/myappuser/apps/medical-app/current/log/nginx.access.log;
error_log /home/myappuser/apps/medical-app/current/log/nginx.error.log info;
location ^~ /assets/ {
gzip_static on;
expires max;
add_header Cache-Control public;
}
try_files $uri/index.html $uri @puma;
location @puma {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://puma;
}
error_page 500 502 503 504 /500.html;
client_max_body_size 10M;
keepalive_timeout 10;
}
server {
# server_name example.com;
root /home/myappuser/apps/medical-app/current/public;
access_log /home/myappuser/apps/medical-app/current/log/nginx.access.log;
error_log /home/myappuser/apps/medical-app/current/log/nginx.error.log info;
location ^~ /assets/ {
gzip_static on;
expires max;
add_header Cache-Control public;
}
try_files $uri/index.html $uri @puma;
location @puma {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://puma;
}
error_page 500 502 503 504 /500.html;
client_max_body_size 10M;
keepalive_timeout 10;
server_name www.medtib.com medtib.com; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/www.medtib.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/www.medtib.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = medtib.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = www.medtib.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 ;
server_name www.medtib.com medtib.com;
return 404; # managed by Certbot
}
现在 https 工作正常 但如果我通过 Rails 配置启用强制 SSL
config.force_ssl = true
然后它给出错误页面无法处理消息 重定向太多次
如果我尝试使用需要 https 的 Facebook 登录,则会出现以下错误
我对 nginx 等一无所知
您应该将 X-Forwarded-Proto header 转发给您的应用程序,以告知您的应用程序使用了哪种协议。 (https,http)
输入以下内容:
proxy_set_header X-Forwarded-Proto $scheme;
之前:
proxy_pass http://puma;
它应该可以解决问题。