rails 中缺少生产 secret_key_base
[英]Missing production secret_key_base in rails
问题描述
I have recently deployed an app and got internal server error because of missing production secret_key_base.
我最近部署了一个应用程序,但由于缺少生产 secret_key_base 出现内部服务器错误。 After hours of testing, I managed to solve this problem with two methods:经过数小时的测试,我设法通过两种方法解决了这个问题:
Method 1:方法一:
I generated a new secret_key with rake secret and replaced it with <%= ENV["SECRET_KEY_BASE"] %> in secrets.yml .我生成具有新SECRET_KEY rake secret ,并用它取代<%= ENV["SECRET_KEY_BASE"] %>在secrets.yml 。 Deployed the app again and this time it worked.再次部署该应用程序,这次它起作用了。 But I think that this method is wrong.但我认为这种方法是错误的。
Method 2:方法二:
I generated a new secret_key with rake secret and added it to environments/production.rb like config.secret_key_base = 'd1f4810e662acf46a33960e3aa5bd0************************ , without changing secrets.yml (default is production: <%= ENV["SECRET_KEY_BASE"] %> ).我用rake secret生成了一个新的 secret_key 并将它添加到environments/production.rb就像config.secret_key_base = 'd1f4810e662acf46a33960e3aa5bd0************************ ,没有更改secrets.yml (默认为production: <%= ENV["SECRET_KEY_BASE"] %> )。 Deployed the app again and it works fine.再次部署该应用程序,它工作正常。
My questions:我的问题:
- Which method is the best?哪种方法最好?
- If the 2nd method is correct, why rails does not generate a secret_key_base in production.rb by default?如果第二种方法是正确的,为什么rails默认不在production.rb中生成secret_key_base?
- Is there any other method to do that?有没有其他方法可以做到这一点?
4 个解决方案
解决方案1
31 已采纳 2014-05-19 10:19:50
I have finally found the corrent method.我终于找到了正确的方法。 None of the methods mentioned in question are the correct one.所提到的方法都不是正确的方法。
Correct method:正确方法:
We ourselves should generate a secret key (by rake secret ) then create an environment variables for SECRET_KEY_BASE by running following command from command prompt:我们自己应该生成一个密钥(通过rake secret ),然后通过从命令提示符运行以下命令为 SECRET_KEY_BASE 创建一个环境变量:
rhc set-env SECRET_KEY_BASE=3dc8b0885b3043c0e38aa2e1dc64******************** -a myapp
after running this command, connect to your server via SSH and run env so you should see your SECRET_KEY_BASE in the list.运行此命令后,通过 SSH 连接到您的服务器并运行env以便您应该在列表中看到您的 SECRET_KEY_BASE。
Now restart you app rhc app-stop myapp and rhc app-start myapp , then you are good to go.现在重启你的 app rhc app-stop myapp和rhc app-start myapp ,然后你就可以开始了。
解决方案2
6 2015-10-24 12:44:07
If you're on a normal Ubuntu machine just put export SECRET_KEY_BASE=" <<< output from rake secret here >>> " in your ~/.bashrc .如果您使用的是普通的 Ubuntu 机器,只需将export SECRET_KEY_BASE=" <<< output from rake secret here >>> "放在您的~/.bashrc 。
Run source ~/.bashrc and restart the app.运行source ~/.bashrc并重新启动应用程序。
解决方案3
3 2015-11-17 13:00:58
There is another option that should be a little more secure and that is to add it to the Apache/Nginx configuration file.还有一个更安全的选项,那就是将它添加到 Apache/Nginx 配置文件中。 I'm using Apache and have just used:我正在使用 Apache 并且刚刚使用过:
SetEnv SECRET_KEY_BASE my_secret
Then just leave the secrets.yml file set to:然后只需将 secrets.yml 文件设置为:
production: <%= ENV["SECRET_KEY_BASE"] %>
For a production web server I'm not sure it's valid to assume that a .bashrc file is run and will get your ENV variable set, but I think this way is certain to set it.对于生产网络服务器,我不确定假设.bashrc文件正在运行并会设置您的 ENV 变量是否有效,但我认为这种方式肯定会设置它。 I'm not and expert so ready to have any risks or reasons why it's not a good idea pointed out to me.我不是专家,所以准备好承担任何风险或原因,为什么这不是一个好主意向我指出。
解决方案4
0 2015-06-02 18:58:54
Method 1 is correct.方法一是正确的。 You don't want to store your secrets in the code.您不想在代码中存储您的秘密。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.