尝试使用 nginx 和 unicorn 将 rails 应用程序配置为 SSL 时出现太多重定向错误 [英] Too many redirects error while trying to configure rails application as SSL using nginx and unicorn
问题描述
我正在尝试使用 Nginx 和 Unicorn 配置带有 SSL 的 Rails 应用程序.我正在尝试在本地进行设置.为此,我首先使用 OpenSSL for Nginx 创建了一个自签名证书.我遵循了 document 用于创建自签名证书.之后,我在 http
块内配置了我的 nginx.conf
如下:
I am trying to configure a Rails application with SSL, using Nginx and Unicorn.
I am trying to set it up locally. For that I first created a self-signed certificate using OpenSSL for Nginx. I followed the document for creating self-signed certificates. After that I configured my nginx.conf
as below, inside the http
block:
upstream unicorn_myapp {
# This is the socket we configured in unicorn.rb
server unix:root_path/tmp/sockets/unicorn.sock fail_timeout=0;
}
server {
listen 80;
server_name dev.myapp.com;
rewrite ^/(.*) http://dev.myapp.com/$1 permanent;
}
server {
listen 80;
listen 443 ssl;
server_name dev.myapp.com;
ssl on;
ssl_certificate /etc/nginx/ssl/server.pem;
ssl_certificate_key /etc/nginx/ssl/server.key;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers ALL:-ADH:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP;
ssl_session_cache shared:SSL:10m;
root root_path/public;
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
if (!-f $request_filename) {
proxy_pass http://unicorn_myapp;
break;
}
}
}
我尝试在本地设置,并在本地启动 Unicorn.我将 127.0.0.1
映射到 /etc/hosts
中的 dev.myapp.com
.但是在启动服务器后,当我尝试 ping 应用程序时,它在 Chrome 中给出了以下错误:
I tried to set it up locally, and started Unicorn locally. I mapped 127.0.0.1
to dev.myapp.com
in /etc/hosts
. But after starting the server, when I tried to ping the app, it gave the below error in Chrome:
This webpage has a redirect loop
Error 310 (net::ERR_TOO_MANY_REDIRECTS): There were too many redirects.
在 Firefox 中出现以下错误:
and the following error in Firefox:
The page isn't redirecting properly
nginix.access.log
显示如下结果:
127.0.0.1 - - [18/Feb/2013:12:56:16 +0530] "GET / HTTP/1.1" 301 5 "-" "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.79 Safari/537.4"
127.0.0.1 - - [18/Feb/2013:12:56:16 +0530] "-" 400 0 "-" "-"
127.0.0.1 - - [18/Feb/2013:12:56:16 +0530] "GET / HTTP/1.1" 301 5 "-" "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.79 Safari/537.4"
127.0.0.1 - - [18/Feb/2013:12:56:16 +0530] "-" 400 0 "-" "-"
127.0.0.1 - - [18/Feb/2013:12:56:16 +0530] "GET / HTTP/1.1" 301 5 "-" "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.79 Safari/537.4"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "-" 400 0 "-" "-"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "-" 400 0 "-" "-"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "-" 400 0 "-" "-"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "-" 400 0 "-" "-"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "GET / HTTP/1.1" 301 5 "-" "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.79 Safari/537.4"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "-" 400 0 "-" "-"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "GET / HTTP/1.1" 301 5 "-" "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.79 Safari/537.4"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "-" 400 0 "-" "-"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "GET / HTTP/1.1" 301 5 "-" "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.79 Safari/537.4"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "-" 400 0 "-" "-"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "GET / HTTP/1.1" 301 5 "-" "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.79 Safari/537.4"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "-" 400 0 "-" "-"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "GET / HTTP/1.1" 301 5 "-" "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.79 Safari/537.4"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "-" 400 0 "-" "-"
谁能帮我找到解决办法?
Can any one please help me out to find the solution?
推荐答案
你缺少一个标题:
proxy_set_header X-Forwarded-Proto https;
让我引用一个全面的 post 很好地解释了如何Rails 在 Nginx 上处理 HTTPS:
Let me cite a comprehensive post that explains nicely how Rails deals with HTTPS on Nginx:
force_ssl
依赖于 HTTP_X_FORWARDED_PROTO
HTTP 标头来确定请求是否为 HTTPS 请求.如果此设置未设置为 https
,那么您最终会出现无限重定向循环,因为 force_ssl
将始终认为转发的请求不是 HTTPS.
force_ssl
relies on theHTTP_X_FORWARDED_PROTO
HTTP header to determine whether or not the request was an HTTPS request. If this setting isn't set tohttps
then you will end up with an infinite redirect loop asforce_ssl
will always think the forwarded request isn't HTTPS.
这篇关于尝试使用 nginx 和 unicorn 将 rails 应用程序配置为 SSL 时出现太多重定向错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!