尝试使用 nginx 和 unicorn 将 rails 应用程序配置为 SSL 时出现太多重定向错误 [英] Too many redirects error while trying to configure rails application as SSL using nginx and unicorn

问题描述

我正在尝试使用 Nginx 和 Unicorn 配置带有 SSL 的 Rails 应用程序.我正在尝试在本地进行设置.为此，我首先使用 OpenSSL for Nginx 创建了一个自签名证书.我遵循了 document 用于创建自签名证书.之后，我在 http 块内配置了我的 nginx.conf 如下:

I am trying to configure a Rails application with SSL, using Nginx and Unicorn. I am trying to set it up locally. For that I first created a self-signed certificate using OpenSSL for Nginx. I followed the document for creating self-signed certificates. After that I configured my nginx.conf as below, inside the http block:

upstream unicorn_myapp {
    # This is the socket we configured in unicorn.rb
    server unix:root_path/tmp/sockets/unicorn.sock fail_timeout=0;
}

server {
    listen 80;
    server_name dev.myapp.com;
    rewrite ^/(.*) http://dev.myapp.com/$1 permanent;
}

server {
    listen                80;
    listen                443 ssl;
    server_name           dev.myapp.com;
    ssl                   on;
    ssl_certificate       /etc/nginx/ssl/server.pem;
    ssl_certificate_key   /etc/nginx/ssl/server.key;
    ssl_protocols         SSLv3 TLSv1;
    ssl_ciphers           ALL:-ADH:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP;
    ssl_session_cache     shared:SSL:10m;

    root root_path/public;

    location / {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_redirect off;

        if (!-f $request_filename) {
            proxy_pass http://unicorn_myapp;
            break;
        }
    }
}

我尝试在本地设置，并在本地启动 Unicorn.我将 127.0.0.1 映射到 /etc/hosts 中的 dev.myapp.com.但是在启动服务器后，当我尝试 ping 应用程序时，它在 Chrome 中给出了以下错误:

I tried to set it up locally, and started Unicorn locally. I mapped 127.0.0.1 to dev.myapp.com in /etc/hosts. But after starting the server, when I tried to ping the app, it gave the below error in Chrome:

This webpage has a redirect loop
Error 310 (net::ERR_TOO_MANY_REDIRECTS): There were too many redirects.

在 Firefox 中出现以下错误:

and the following error in Firefox:

The page isn't redirecting properly

nginix.access.log 显示如下结果:

127.0.0.1 - - [18/Feb/2013:12:56:16 +0530] "GET / HTTP/1.1" 301 5 "-" "Mozilla/5.0 (X11;        Linux i686) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.79 Safari/537.4"
127.0.0.1 - - [18/Feb/2013:12:56:16 +0530] "-" 400 0 "-" "-"
127.0.0.1 - - [18/Feb/2013:12:56:16 +0530] "GET / HTTP/1.1" 301 5 "-" "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.79 Safari/537.4"
127.0.0.1 - - [18/Feb/2013:12:56:16 +0530] "-" 400 0 "-" "-"
127.0.0.1 - - [18/Feb/2013:12:56:16 +0530] "GET / HTTP/1.1" 301 5 "-" "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.79 Safari/537.4"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "-" 400 0 "-" "-"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "-" 400 0 "-" "-"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "-" 400 0 "-" "-"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "-" 400 0 "-" "-"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "GET / HTTP/1.1" 301 5 "-" "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.79 Safari/537.4"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "-" 400 0 "-" "-"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "GET / HTTP/1.1" 301 5 "-" "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.79 Safari/537.4"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "-" 400 0 "-" "-"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "GET / HTTP/1.1" 301 5 "-" "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.79 Safari/537.4"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "-" 400 0 "-" "-"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "GET / HTTP/1.1" 301 5 "-" "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.79 Safari/537.4"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "-" 400 0 "-" "-"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "GET / HTTP/1.1" 301 5 "-" "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.79 Safari/537.4"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "-" 400 0 "-" "-"

谁能帮我找到解决办法?

Can any one please help me out to find the solution?

推荐答案

你缺少一个标题:

proxy_set_header X-Forwarded-Proto https;

让我引用一个全面的 post 很好地解释了如何Rails 在 Nginx 上处理 HTTPS:

Let me cite a comprehensive post that explains nicely how Rails deals with HTTPS on Nginx:

force_ssl 依赖于 HTTP_X_FORWARDED_PROTO HTTP 标头来确定请求是否为 HTTPS 请求.如果此设置未设置为 https，那么您最终会出现无限重定向循环，因为 force_ssl 将始终认为转发的请求不是 HTTPS.

force_ssl relies on the HTTP_X_FORWARDED_PROTO HTTP header to determine whether or not the request was an HTTPS request. If this setting isn't set to https then you will end up with an infinite redirect loop as force_ssl will always think the forwarded request isn't HTTPS.

这篇关于尝试使用 nginx 和 unicorn 将 rails 应用程序配置为 SSL 时出现太多重定向错误的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！