X-Forwarded-Proto for Rails在ELB之后的Nginx之后 [英] X-Forwarded-Proto for Rails behind nginx behind ELB

问题描述

我已经坚持了好几个小时.我无法使其正常工作.我尝试了所有我能想到和/或在网上找到的东西.

I'm pretty stuck with this thing for couple of hours. No way I could make it working. I tried everything I can think of and/or found online.

因此，我的应用程序指向ELB(网络). ELB侦听80和443并将流量发送到80(在此SSL终止)到成员实例(即nginx).

So, my application is pointed to ELB (web). ELB listens to 80 and 443 and sends traffic to 80 (SSL is terminated here) to member instance(s) which is nginx.

Nginx代理向多个实例前面的另一个ELB(应用程序)发送应用程序请求.这些实例运行彪马.

Nginx proxies app requests to another ELB (app) in front of multiple instances. These instances run puma.

一切正常，除了当我尝试使用https方案访问URL(我在该控制器中使用force_ssl的位置)时，我得到了重定向循环.

Everything works fine except when I try visiting an URL (where I used force_ssl for that controller) with https scheme, I get a redirection loop.

这是我的Nginx配置看起来像

Here is my nginx configs look like

  location @{{app_name}} {
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_redirect off;
    proxy_pass http://{{app_name}};
    # limit_req zone=one;
    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;
  }

(很明显app_name被ansible取代了.)

(Obviously app_name gets substituted by ansible.)

我尝试对https和$proxy_add_x_forwarded_proto进行硬编码，而不是$scheme，但是没有一个对我有用.我仍然得到循环.

Instead of $scheme, I tried hardcoding https and $proxy_add_x_forwarded_proto but none worked for me. I still get the loop.

然后我开始检查滑轨中的env，无论我在nginx config中设置的标头如何，我都会看到以下值.

Then I started inspecting the env in the rails and I see the following values regardless of header I set in nginx config.

"SERVER_PROTOCOL"=>"HTTP/1.1",
"HTTP_X_FORWARDED_PROTO"=>"http",
"rack.url_scheme"=>"http",

我不确定自己在做什么错.任何帮助表示赞赏！注意:我已经检查了所有找到的SO线程，但没有帮助！

I'm not sure what I'm doing wrong. Any help appreciated! Note: I've already checked all found SO threads and none helped!

推荐答案

在SSL卸载的情况下，通过纯HTTP(80)进行通信并调整Rails配置是很有意义的:

In case of SSL offload it makes sense to communicate via plain HTTP (80) and have rails config adjusted:

config/environments/production.rb

config/environments/production.rb

config.force_ssl = false

这有助于避免重定向循环，并且永远不要在负载平衡器和应用程序的Nginx服务器之间内部使用HTTPS.

It helps to avoid a redirection loop and never use HTTPS internally between load balancer and application's Nginx server.

您还提到了:

我在其中使用force_ssl作为控制器

where I used force_ssl for that controller

请在网站上的所有位置使用HTTPS，并在ELB层上重定向80-> 443.

Please use HTTPS everywhere on the website and redirect 80->443 on ELB layer.

这篇关于X-Forwarded-Proto for Rails在ELB之后的Nginx之后的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！