让我们加密“欢迎使用Nginx"的Nginx代替Rails应用 [英] Nginx with Let's encrypt "Welcome to Nginx" instead of rails app

问题描述

我最近将Ruby on Rails应用程序部署到了带有Nginx，passenger& amp;的普通Ubuntu 16.04 DigitalOcean小滴.让我们加密.

I have recently deployed my Ruby on Rails application to a plain Ubuntu 16.04 DigitalOcean droplet with Nginx, passenger & Let's encrypt.

rails应用程序仅适用于乘客和Nginx，但在安装Let's Encrypt之后，它指向欢迎使用Nginx"页面，而不是我的rails应用程序.

The rails app worked fine with just passenger and Nginx but after I installed Let's Encrypt, it points to the "Welcome to Nginx" page instead of my rails app.

我可以进行更改以查看欢迎使用Nginx！"页并在浏览器中查看结果.

I am able to make changes to see the "Welcome to Nginx!" page and see the results in the browser.

当我将启用站点的配置中的根目录更改为应用程序路径而不是/html时，出现403禁止错误.

When I change the root location in my sites-enabled configs to my application path instead of /html I get a 403 Forbidden error.

这是我的应用程序所在的位置:/var/www/myapp/code/

This is where my application is: /var/www/myapp/code/

我不知道会有什么...当我尝试将根目录更改为应用程序的/public目录时，我不断收到"403 Forbidden nginx/1.14.0".我什至将/html文件夹移到了myapp目录中，并加载了欢迎使用Nginx！".页面也在那里.我需要做一些事情来处理我应用程序视图中的index.html.erb文件，还是我需要创建一个没有任何ERB的自定义index.html?

I don't know what gives... I keep getting "403 Forbidden nginx/1.14.0" when I try to change the root to my app's /public directory. I've even moved the /html folder into myapp directory and it loads the "Welcome to Nginx!" page there too. Is there something I need to do for it to process my index.html.erb files in my app's views, or, do I need to make a custom index.html without any ERB?

我的/public目录中没有索引文件.为了使nginx指向我在Rails应用程序的路由中定义的root_path，我需要做什么?

I do not have an index file in my /public directory. What do I need to do for nginx to point to my root_path defined in my rails app's routes?

(工作)的权限均设置为root rails 欢迎来到Nginx！"索引路径和myapp/code/public路径.

The permissions are set to root rails for both the (working) "Welcome to Nginx!" index path and myapp/code/public path.

我希望获得帮助，谢谢！

I would love some help, thank you!

我的/etc/nginx/sites-enabled/default(无评论):

server {
    root /var/www/myapp/code/public;

    index index.html.erb index.html index.htm index.nginx-debian.html;

    server_name _;

    location / {
            # First attempt to serve request as file, then
            # as directory, then fall back to displaying a 404.
            try_files $uri $uri/ =404;
    }

  listen [::]:443 ssl ipv6only=on; # managed by Certbot
  listen 443 ssl; # managed by Certbot
  ssl_certificate /etc/letsencrypt/live/transverseaudio.com/fullchain.pem; # managed by Certbot
  ssl_certificate_key /etc/letsencrypt/live/transverseaudio.com/privkey.pem; # managed by Certbot
  include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
  ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

server {
    if ($host = www.transverseaudio.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    if ($host = transverseaudio.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


        listen 80 default_server;
        listen [::]:80 default_server;

        server_name _;
    return 404; # managed by Certbot

}

我的/etc/nginx/sites-enabled/myapp.conf:

server {
  listen 80;
  server_name transverseaudio.com www.transverseaudio.com;

  # Tell Nginx and Passenger where your app's 'public' directory is
  root /var/www/myapp/code/public;

  # Turn on Passenger
  passenger_enabled on;
  passenger_ruby /usr/local/rvm/gems/ruby-2.5.1/wrappers/ruby;
}

我进一步研究了Ruby + Rails配置并验证了安装的正确版本:

I looked further into my Ruby + Rails config and verified the right versions where installed:

轨道-v = Rails 5.2.0

Ruby -v = ruby 2.5.1p57 (2018-03-29 revision 63029) [x86_64-linux]

Ruby -v = ruby 2.5.1p57 (2018-03-29 revision 63029) [x86_64-linux]

推荐答案

您描述了旅途中的多个不同问题.让我们解决它们，以便它们(应该)出现.

you describe multiple different problems in your journey. let's tackle them in order they (should) have appeared.

默认页面

您已正确标识服务器在默认主页/var/www/html中为您的根服务.如果您不想让nginx对该目录进行读取访问，则可以尝试将/var/www/html符号链接到应用程序的公共目录. 实际的问题是，您正在基于名称的托管，并且域名是在默认站点而不是myapp.conf上配置的.如果将默认列出的server_name移到myapp.conf中的server_name指令，就足够了.

You have correctly identified that the server is serving your root at /var/www/html which is the default homepage. You could try symlinking /var/www/html to you app's public dir, if you don't want to give nginx read access to that directory. The actual issue is, that you are doing a name based hosting and your domain name is configured on the default site and not your myapp.conf. If you move the server_name listed in default to the server_name directive in myapp.conf it would be enough.

Passanger也应该接听请求:

Also Passanger is should pick up the requests:

当Passenger处理请求时，Nginx会首先尝试在公共目录中找到匹配的文件，如果找到一个将直接提供服务而不将请求传递给您的应用程序的文件，因为许多Web应用程序框架都使用此目录存储静态文件默认情况下(例如Rails，Sinatra).来自对于机架应用程序，如何使乘客独立服务于.erb文件的输出，而不是发送.erb文件本身?

禁止使用403

成功更改虚拟主机的根之后，nginx可能无法在其中读取数据.这可能是由于文件权限错误所致，即运行nginx的用户无法读取目录/文件.

After successfully changing the root of the virtual host, nginx might not be able to read the data there. This could be due to bad file permissions, i.e. the user running nginx cannot read the directory/file.

如果您没有索引文档并且目录索引被禁用，也会发生这种情况.您可以创建索引文档或添加一些重写规则.

Also this happens if you don't have an index document and directory indexing is disabled. You can either create a index document or add some rewrite rule.

500

如果您tail nginx的日志文件，它应该为您提供有关错误消息的更多详细信息. 500是服务器端错误，因此nginx至少应该给您一个提示.我认为这是因为您的服务器部分/文件中缺少该文件.

if you tail the logfiles of nginx, it should give you more details for the error message. 500 is a server side error, so nginx should at least give you a hint. I assume it's because of missing in your server section/file.

# Turn on Passenger
passenger_enabled on;
passenger_ruby /usr/local/rvm/gems/ruby-2.3.0/wrappers/ruby;

包装

还要确保您的nginx.conf中有include /etc/nginx/passenger.conf;.

ensure also that you have include /etc/nginx/passenger.conf; in your nginx.conf.

因此将其全部包装起来，我建议删除默认值以使其不受干扰.

so wrapping it all up, I recommend removing the default to get it out of the way.

# redirect non https traffic for the correct domains
server {
    if ($host = www.transverseaudio.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    if ($host = transverseaudio.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    listen 80 default_server;
    listen [::]:80 default_server;

    server_name _;
    return 404; # managed by Certbot

}

server {
  listen [::]:443 ssl ipv6only=on;
  listen 443 ssl;
  ssl_certificate /etc/letsencrypt/live/transverseaudio.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/transverseaudio.com/privkey.pem;
  include /etc/letsencrypt/options-ssl-nginx.conf;
  ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

  # server for these domains
  server_name transverseaudio.com www.transverseaudio.com;

  # first try to serve the erb version.
  index index.html;

  # Tell Nginx and Passenger where your app's 'public' directory is
  root /var/www/myapp/code/public;

  # Turn on Passenger
  passenger_enabled on;
  passenger_ruby /usr/local/rvm/gems/ruby-2.5.1/wrappers/ruby;
}

这篇关于让我们加密“欢迎使用Nginx"的Nginx代替Rails应用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！