尝试使用nginx和unicorn将rails应用程序配置为SSL时,重定向错误太多

apr*_*apr 15 ssl ruby-on-rails nginx ssl-certificate unicorn

我正在尝试使用Nginx和Unicorn配置带有SSL的Rails应用程序.我想在本地设置它.为此,我首先使用OpenSSL为Nginx创建了一个自签名证书.我按照文档创建了自签名证书.之后我nginx.confhttp块内部配置了如下:

upstream unicorn_myapp {
    # This is the socket we configured in unicorn.rb
    server unix:root_path/tmp/sockets/unicorn.sock fail_timeout=0;
}

server {
    listen 80;
    server_name dev.myapp.com;
    rewrite ^/(.*) http://dev.myapp.com/$1 permanent;
}

server {
    listen                80;
    listen                443 ssl;
    server_name           dev.myapp.com;
    ssl                   on;
    ssl_certificate       /etc/nginx/ssl/server.pem;
    ssl_certificate_key   /etc/nginx/ssl/server.key;
    ssl_protocols         SSLv3 TLSv1;
    ssl_ciphers           ALL:-ADH:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP;
    ssl_session_cache     shared:SSL:10m;

    root root_path/public;

    location / {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_redirect off;

        if (!-f $request_filename) {
            proxy_pass http://unicorn_myapp;
            break;
        }
    }
}
Run Code Online (Sandbox Code Playgroud)

我尝试在本地设置它,并在本地启动Unicorn.我映射127.0.0.1dev.myapp.com/etc/hosts.但是在启动服务器之后,当我尝试ping应用程序时,它在Chrome中给出了以下错误:

This webpage has a redirect loop
Error 310 (net::ERR_TOO_MANY_REDIRECTS): There were too many redirects.
Run Code Online (Sandbox Code Playgroud)

和Firefox中的以下错误:

The page isn't redirecting properly
Run Code Online (Sandbox Code Playgroud)

nginix.access.log显示以下结果:

127.0.0.1 - - [18/Feb/2013:12:56:16 +0530] "GET / HTTP/1.1" 301 5 "-" "Mozilla/5.0 (X11;        Linux i686) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.79 Safari/537.4"
127.0.0.1 - - [18/Feb/2013:12:56:16 +0530] "-" 400 0 "-" "-"
127.0.0.1 - - [18/Feb/2013:12:56:16 +0530] "GET / HTTP/1.1" 301 5 "-" "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.79 Safari/537.4"
127.0.0.1 - - [18/Feb/2013:12:56:16 +0530] "-" 400 0 "-" "-"
127.0.0.1 - - [18/Feb/2013:12:56:16 +0530] "GET / HTTP/1.1" 301 5 "-" "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.79 Safari/537.4"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "-" 400 0 "-" "-"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "-" 400 0 "-" "-"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "-" 400 0 "-" "-"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "-" 400 0 "-" "-"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "GET / HTTP/1.1" 301 5 "-" "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.79 Safari/537.4"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "-" 400 0 "-" "-"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "GET / HTTP/1.1" 301 5 "-" "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.79 Safari/537.4"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "-" 400 0 "-" "-"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "GET / HTTP/1.1" 301 5 "-" "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.79 Safari/537.4"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "-" 400 0 "-" "-"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "GET / HTTP/1.1" 301 5 "-" "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.79 Safari/537.4"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "-" 400 0 "-" "-"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "GET / HTTP/1.1" 301 5 "-" "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.79 Safari/537.4"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "-" 400 0 "-" "-"
Run Code Online (Sandbox Code Playgroud)

任何人都可以帮我找到解决方案吗?

Eri*_*ton 57

你错过了一个标题:

proxy_set_header X-Forwarded-Proto https;
Run Code Online (Sandbox Code Playgroud)

让我引用一篇全面的文章,很好地解释了Rails如何在Nginx上处理H​​TTPS:

force_ssl依赖于HTTP_X_FORWARDED_PROTOHTTP标头来确定请求是否是HTTPS请求.如果此设置未设置为https那么您将最终得到无限重定向循环,因为force_ssl始终认为转发的请求不是HTTPS.

  • 谢谢!几个小时以来,我一直在抨击这个.你让我免于进一步的精神虐待! (4认同)
  • 伙计,你停止了近两天的痛苦,谢谢你! (2认同)

Dre*_*awn 2

复制评论中的答案,以便从“未回答”过滤器中删除此问题:

尝试将 'rewrite ^/(.*) http://...' 更改为 'rewrite ^/(.*) https://...' 并从第二个服务器块中删除监听 80

~ 每个房子的答案9