在Ubuntu 18.04服务器(Rails 6.0)上缺少“生产"环境的"secret_key_base"，尝试了多个主题 [英] Missing `secret_key_base` for 'production' environment on Ubuntu 18.04 server (Rails 6.0), multiple topics tried

问题描述

此主题的末尾嵌入了解决方案.

我第一次在Ubuntu 18.04的VPS上部署Rails应用程序.与Nginx. 我遵循了 Gorails 在2019年将Ruby on Rails投入生产"的教程. 一切正常，直到出现收到来自应用程序的不完整答复"页面.

I'm deploying for the first time a Rails app on a VPS on Ubuntu 18.04. with Nginx. I followed the good tutorial of Gorails "Deploy Ruby on Rails To Production in 2019". Everything worked, until I had the "Incomplete response received from application" page.

我检查了/var/log/nginx/error.log上的nginx日志，并看到了典型的消息缺少'c1>以用于'生产'环境，请使用rails credentials:edit设置此字符串"

I checked the nginx logs on /var/log/nginx/error.logand saw the typical message "Missing secret_key_base for 'production' environment, set this string with rails credentials:edit"

由于Gorails的方法似乎不起作用(在控制台应用程序端上的bundle exec rails secret之后，他添加了文件/my_website/.rbenv-vars和SECRET_KEY_BASE行，并填充了生成的密钥) ，我决定关注回答此问题的多重题. 这是东西，我不确定下面的步骤是否有用.

As the method of Gorails didn't seems to work (after a bundle exec rails secret on his console app-side, he add a file /my_website/.rbenv-vars with a SECRET_KEY_BASE line, filled with the generated secret key), I decided to follow the multiples topics answering to this question. Here is the thing, I'm not sure if the followings steps are the goods one.

1. 我以部署用户身份在服务器端的控制台上运行bundle exec rails secret.所以我有我的GENERATED_KEY_1
2. 我添加到~/.bashrc:export SECRET_KEY_BASE="GENERATED_KEY_1"
3. 我source ~/.bashrc
4. 我用echo $SECRET_KEY_BASE检查密钥，并且显示了正确的密钥(GENERATED_KEY_1)
5. 我将凭据文件编辑为

1. I run bundle exec rails secreton my console, server-side, as deploy user. So I have my GENERATED_KEY_1
2. I add to ~/.bashrc : export SECRET_KEY_BASE="GENERATED_KEY_1"
3. I source ~/.bashrc
4. I check my key with echo $SECRET_KEY_BASE, and I have the good key displayed (GENERATED_KEY_1)
5. I edited my credential file as

development:
  secret_key_base: ORIGINAL_KEY

test:
  secret_key_base: ORIGINAL_KEY

production:
  secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>

并将Dotenv添加到我的Gemfile中，在application.rb中需要它

and added Dotenv to my Gemfile, required it in application.rb

但是在重启nginx服务器之后，这些都不起作用. 因此，我以root用户重新启动了上一步.

But none of this worked, after restarted nginx server. So I restarted the previous step, with the root-user.

但同样，它失败了. 我的问题是:

But again, it failed. My questions are:

• 我想念什么?
• 我总是知道相同的错误消息，所以我怎么知道它是否在合适的位置搜索密钥?
• 我应该生成哪个密钥?应用程序端?服务器端 ?以root用户或部署用户身份?
• 在/etc/nginx/sites-available/default中还有其他配置吗? (我在主题上看到，这些人更改了rails_env production; to rails_env development;，但我没有任何限制)

• what I am missing ?
• How can I know, if it's searching the key in the good place, as I have always the same error message ?
• Which key am I suppose to generate ? App-side ? Server-side ? As root or deploy user ?
• Do I have something else to configure in /etc/nginx/sites-available/default ? (I saw on this topic that this guys changed a rails_env production; to rails_env development; but I haven't any rails line)

谢谢，我有点绝望^^

Thank you, I'm a little bit desperate ^^

在进行许多测试期间，我以root用户身份登录，然后运行EDITOR="vim" rails credentials:edit.此命令已生成master.key，该文件在您的Github存储库中不存在.

During my many tests, I logged with the root user, and run EDITOR="vim" rails credentials:edit. This command had generated a master.key, which doesn't exist on your Github repo.

但是首先，我没有对其进行修改.我认为这是主要问题，因为应用程序使用它来解密您的credentials.yml.enc文件.理解后，我在计算机应用程序中使用master.key的内容编辑了master.key.

But first, I didn't modified it. I think that was the main problem, as the application use it to decrypt your credentials.yml.enc file. When I understood it, I edited the master.key with the content of the master.key on my computer app.

即使使用<%= ENV["SECRET_KEY_BASE"] %>编辑credentials.yml.enc之后，此解决方案仍然有效.这与 Lyzard Kyng 的答案相对应，即使有些不同.

Even after editing credentials.yml.encwith <%= ENV["SECRET_KEY_BASE"] %>, this solution works. This corresponds to the answer of Lyzard Kyng, even if it's a bit different.

我无法与部署用户一起运行EDITOR="vim" rails credentials:edit，它不起作用.

I can't run EDITOR="vim" rails credentials:editwith the deploy user, it doesn't work.

推荐答案

Rails 5.2和更高版本使用加密的凭据存储敏感的应用程序信息，默认情况下包括secret_key_base.这些凭据使用存储在master.key文件中的密钥进行加密.默认的Rails应用程序安装程序生成的Git存储库包含credentials.yml.enc，但忽略master.key.部署后(通常涉及git push)，应该使用此键来增强 Rails生产环境.

Rails 5.2 and later uses encrypted credentials for storing sensitive app's information, which includes secret_key_base by default. These credentials are encrypted with the key stored in master.key file. Git repository, generated by default Rails application setup, includes credentials.yml.enc but ignores master.key. After the deployment, which usually involves git push, Rails production environment should be augmented with this key some way.

因此，您有两个选择.您可以通过scp或sftp将master.key安全地上传到生产主机.或者，您可以在运行rails server进程的用户的上下文中建立 shell环境变量RAILS_MASTER_KEY.前一种方法是首选，但是当您安装了dotenv-rails gem时，您将在应用程序的根目录下创建.env.production文件，并在其中放置一行

So you have two options. You can securely upload master.key to production host via scp or sftp. Or you can establish shell environment variable RAILS_MASTER_KEY within the context of a user that runs rails server process. The former option is preferred, but as you have dotenv-rails gem installed, you'd create .env.production file under app's root and put there a line

RAILS_MASTER_KEY="your_master-key_content"

不要忘记确保 development 和 test Rails环境不会在Gemfile中限制gem dotenv-rails.

Don't forget to ensure that gem dotenv-rails isn't restricted within Gemfile by development and test Rails environments.

从passenger模块版本开始. 5.0.0您可以设置 shell环境变量直接从nginx.conf

By the way since passenger module ver. 5.0.0 you can set shell environment variables right from nginx.conf

这篇关于在Ubuntu 18.04服务器(Rails 6.0)上缺少“生产"环境的"secret_key_base"，尝试了多个主题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！