[英]Missing production secret_key_base in rails
I have recently deployed an app and got internal server error because of missing production secret_key_base.我最近部署了一个应用程序,但由于缺少生产 secret_key_base 出现内部服务器错误。 After hours of testing, I managed to solve this problem with two methods:
经过数小时的测试,我设法通过两种方法解决了这个问题:
Method 1:方法一:
I generated a new secret_key with rake secret
and replaced it with <%= ENV["SECRET_KEY_BASE"] %>
in secrets.yml
.我生成具有新SECRET_KEY
rake secret
,并用它取代<%= ENV["SECRET_KEY_BASE"] %>
在secrets.yml
。 Deployed the app again and this time it worked.再次部署该应用程序,这次它起作用了。 But I think that this method is wrong.
但我认为这种方法是错误的。
Method 2:方法二:
I generated a new secret_key with rake secret
and added it to environments/production.rb
like config.secret_key_base = 'd1f4810e662acf46a33960e3aa5bd0************************
, without changing secrets.yml
(default is production: <%= ENV["SECRET_KEY_BASE"] %>
).我用
rake secret
生成了一个新的 secret_key 并将它添加到environments/production.rb
就像config.secret_key_base = 'd1f4810e662acf46a33960e3aa5bd0************************
,没有更改secrets.yml
(默认为production: <%= ENV["SECRET_KEY_BASE"] %>
)。 Deployed the app again and it works fine.再次部署该应用程序,它工作正常。
My questions:我的问题:
I have finally found the corrent method.我终于找到了正确的方法。 None of the methods mentioned in question are the correct one.
所提到的方法都不是正确的方法。
Correct method:正确方法:
We ourselves should generate a secret key (by rake secret
) then create an environment variables for SECRET_KEY_BASE by running following command from command prompt:我们自己应该生成一个密钥(通过
rake secret
),然后通过从命令提示符运行以下命令为 SECRET_KEY_BASE 创建一个环境变量:
rhc set-env SECRET_KEY_BASE=3dc8b0885b3043c0e38aa2e1dc64******************** -a myapp
after running this command, connect to your server via SSH and run env
so you should see your SECRET_KEY_BASE in the list.运行此命令后,通过 SSH 连接到您的服务器并运行
env
以便您应该在列表中看到您的 SECRET_KEY_BASE。
Now restart you app rhc app-stop myapp
and rhc app-start myapp
, then you are good to go.现在重启你的 app
rhc app-stop myapp
和rhc app-start myapp
,然后你就可以开始了。
If you're on a normal Ubuntu machine just put export SECRET_KEY_BASE=" <<< output from rake secret here >>> "
in your ~/.bashrc
.如果您使用的是普通的 Ubuntu 机器,只需将
export SECRET_KEY_BASE=" <<< output from rake secret here >>> "
放在您的~/.bashrc
。
Run source ~/.bashrc
and restart the app.运行
source ~/.bashrc
并重新启动应用程序。
There is another option that should be a little more secure and that is to add it to the Apache/Nginx configuration file.还有一个更安全的选项,那就是将它添加到 Apache/Nginx 配置文件中。 I'm using Apache and have just used:
我正在使用 Apache 并且刚刚使用过:
SetEnv SECRET_KEY_BASE my_secret
Then just leave the secrets.yml file set to:然后只需将 secrets.yml 文件设置为:
production: <%= ENV["SECRET_KEY_BASE"] %>
For a production web server I'm not sure it's valid to assume that a .bashrc
file is run and will get your ENV variable set, but I think this way is certain to set it.对于生产网络服务器,我不确定假设
.bashrc
文件正在运行并会设置您的 ENV 变量是否有效,但我认为这种方式肯定会设置它。 I'm not and expert so ready to have any risks or reasons why it's not a good idea pointed out to me.我不是专家,所以准备好承担任何风险或原因,为什么这不是一个好主意向我指出。
Method 1 is correct.方法一是正确的。 You don't want to store your secrets in the code.
您不想在代码中存储您的秘密。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.