[英]Is it necessary to force_ssl? Or should the SSL terminate at the load balancer?
On AWS OpsWorks. 在AWS OpsWorks上。 I'm using an ELB, which has my CA's SSL certificate.
我正在使用ELB,它具有我的CA的SSL证书。
The first point of access is always the load balancer (ELB). 访问的第一点始终是负载平衡器(ELB)。 The ELB directs traffic to the instances.
ELB将流量定向到实例。 The instances each have a copy of the Rails app, Unicorn, etc.
每个实例都有一个Rails应用程序,Unicorn等的副本。
One thing to note. 要注意的一件事。 The instances behind the ELB cannot be accessed directly.
ELB后面的实例无法直接访问。
At this point, do I need to force_ssl
in Rails? 此时,我需要在Rails中使用
force_ssl
吗? I hear it's common enough to terminate SSL at the border (ELB). 我听说在边界(ELB)终止SSL很常见。
As far as I've read, force_ssl
gives the following: 据我所读,
force_ssl
给出以下内容:
http://api.rubyonrails.org/classes/ActionController/ForceSSL/ClassMethods.html only indicates http to https redirection. http://api.rubyonrails.org/classes/ActionController/ForceSSL/ClassMethods.html仅指示将HTTP重定向到https。
What does force_ssl do in Rails? force_ssl在Rails中做什么? second answer suggests that
force_ssl
does more than redirection. 第二个答案表明
force_ssl
不只是重定向。
If I decide not to use force_ssl
, I can manage redirects by writing Nginx definitions. 如果我决定不使用
force_ssl
,则可以通过编写Nginx定义来管理重定向。
Given the scenario, it feel like forcing SSL via Rails is obsolete, since the SSL negotiation is already happening in the ELB. 在这种情况下,由于在ELB中已经在进行SSL协商,因此感觉像通过Rails强制使用SSL已经过时了。 Is it still necessary to
force_ssl
? 仍然需要
force_ssl
吗? Are there any added benefits? 还有其他好处吗?
if you're terminating SSL at the ELB level you don't want it. 如果要在ELB级别终止SSL,则不需要它。 (you want to take http traffic and not be redirected).
(您要获取http流量,而不要重定向)。
bear in mind that in this case the traffic between the ELB and your backend instances will be over HTTP (ie not encrypted). 请记住,在这种情况下,ELB和您的后端实例之间的流量将通过HTTP(即未加密)进行。 this is fine for most cases.
在大多数情况下都可以。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.