使用Meteor-Up，SSL和NGINX将Meteor部署到生产中 [英] Deploying Meteor to production with Meteor-Up, SSL and NGINX

问题描述

我很难使用以https和NGINX为代理的流星雨将流星应用程序(以下简称"myApp")部署到生产环境中.特别是，我认为我在配置正确的端口和/或路径时遇到麻烦.

I'm having difficulty deploying my meteor app ("myApp" below) into production using meteor-up with https and NGINX as a proxy. In particular, I think I am having trouble configuring the correct ports and/or paths.

部署在大多数方面都有效.它运行在带有mongohq(现在为compose.io)数据库的数字海洋小滴上.我的mup setup，mup reconfig(现在在我的mup.json文件上多次运行)和带有流星的mup deploy命令都报告没有错误.如果我在数字海洋中进入我的ubuntu环境并运行status myApp，它将报告myApp start/running, process 10049，当我检查mongohq数据库时，可以看到myApp的预期集合已创建并植入了种子.在此基础上，我认为该应用程序可以正常运行.

The deployment has worked in most respects. It is running on a digital ocean droplet with a mongohq (now compose.io) database. My mup setup, mup reconfig (run now many times on my mup.json file) and mup deploy commands with meteor-up all report no errors. If I ssh into my ubuntu environment on digital ocean and run status myApp it reports myApp start/running, process 10049, and when I check my mongohq database, I can see the expected collections for myApp were created and seeded. I think on this basis that the app is running properly.

我的问题是我无法找到它来访问该站点，并且没有使用NGINX服务器的经验，所以我无法确定我是否在做一些非常基础的事情以及设置端口和转发错误.

My problem is that I cannot locate it visiting the site, and having no experience with NGINX servers, I cannot tell if I am doing something very basic and wrong setting up the ports and forwarding.

我已在下面复制了我的NGINX配置文件和mup.json文件的相关部分.

I have reproduced the relevant parts of my NGINX config file and mup.json file below.

我预期在以下设置中的行为是，如果我的流星应用程序在mup.json中的端口3000上侦听，则该应用程序应该在我访问该站点时出现.实际上，如果我将mup.json的env.PORT设置为3000，则在访问该站点时，我的浏览器会告诉我存在重定向循环.如果我将mup的env.PORT更改为80，或者完全不使用env.PORT，我会收到一条502 Bad Gateway消息-这是可以预期的，因为myApp应该在localhost:3000上侦听，而且我不希望找到其他任何地方.

The behavior I expected with the setup below is that if my meteor app listens on port 3000 in mup.json the app should appear when I visit the site. In fact, if I set mup.json's env.PORT to 3000, when visiting the site my browser tells me there is a redirect loop. If I change mup's env.PORT to 80, or leave the env.PORT out entirely, I receive a 502 Bad Gateway message - this part is to be expected because myApp should be listening on localhost:3000 and I wouldn't expect to find anything anywhere else.

感谢所有帮助.

"env": {
  "PORT": 3000,
  "NODE_ENV": "production",
  "ROOT_URL": "http://myApp.com",
  "MONGO_URL": // working ok, not reproduced here,
  "MONGO_OPLOG_URL": // working ok I think,
  "MAIL_URL": // working ok
}

NGINX

server_tokens off;

# according to a digital ocean guide i followed here, https://www.digitalocean.com/community/tutorials/how-to-deploy-a-meteor-js-application-on-ubuntu-14-04-with-nginx, this section is needed to proxy web-socket connections

map $http_upgrade $connection_upgrade {
      default upgrade;
      ''      close;
}

# HTTP

server {
      listen 80 default_server;
      listen [::]:80 default_server ipv6only=on;
      server_name myApp.com;
      # redirect non-SSL to SSL
      location / {
              rewrite ^ https://$server_name$request_uri? permanent;
      }
}

# HTTPS

server {
      listen 443 ssl spdy;

      # this domain must match Common Name (CN) in the SSL certificate

      server_name myApp.com;

      root html;
      index index.html index.htm;

      ssl_certificate /etc/nginx/ssl/tempcert.crt;
      ssl_certificate_key /etc/nginx/ssl/tempcert.key;

      ssl_stapling on;
      ssl_session_cache shared:SSL:10m;
      ssl_session_timeout 5m;

      ssl_prefer_server_ciphers on;
      ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
      ssl_ciphers 'long string I didn't reproduce here'

      add_header Strict-Transport-Security "max-age=31536000;";

      location / {
              proxy_pass http://localhost:3000;
              proxy_http_version 1.1;
              proxy_set_header Upgrade $http_upgrade;
              proxy_set_header Connection "upgrade";
              proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
              proxy_set_header Host $host;
              proxy_set_header X-Real-IP $remote_addr;
      }
}

还请注意，SSL证书已配置并且可以正常工作，因此我认为这与如何配置端口，路径和转发有关.我不知道重定向循环来自哪里.

Also note that the SSL certificates are configured and work fine so I think it is something with how the ports, paths and forwarding is configured. I don't know where the redirect loop is coming from.

推荐答案

对于将来遇到此问题的任何人，我都可以通过从捆绑的流星应用中删除force-ssl软件包来解决问题.显然，force-ssl和NGINX代理是冗余的，或者如果一起使用会导致过多的重定向.我找不到的材料中对此没有很好的记录.

For anyone coming across this in the future, I was able to solve things by removing the force-ssl package from my bundled meteor app. Apparently force-ssl and an NGINX proxy are either redundant or if used together can cause too many redirects. This was not well-documented in the materials I was able to locate.

如果有一种配置支持将force-ssl与用于某些目的的代理一起使用，并且比完全删除该软件包更可取，请发布，因为我很想知道.谢谢.

If there is a configuration that supports using force-ssl together with a proxy that serves some purpose and is preferable to removing the package altogether, please post as I would be interested to know. Thanks.

这篇关于使用Meteor-Up，SSL和NGINX将Meteor部署到生产中的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！