精简和SSL的Rails:http请求不会自动重定向到https
[英]Rails with thin and ssl: http request not auto-redirected to https
问题描述
Recently I wanted to secure my rails 4.2.1 app with https the easiest way . 
最近,我想以最简单的方式使用https保护rails 4.2.1应用程序。 I found this question as well as this answer about WEBrick+SSL, both referencing to this post which is unfortunately not reachable any more. 我发现了这个问题以及关于WEBrick + SSL的答案 ,都引用了此帖子 ,很遗憾, 该帖子不再可用。 Then I found this answer recommending to use thin instead (naming other advantages of using thin). 然后,我发现此答案建议使用Thin代替(命名为使用Thin的其他优点)。 Then I followed this step-by-step guide, finally running thin start --ssl --ssl-key-file .ssl/key.pem --ssl-cert-file .ssl/cert.pem -e production with self-signed certificate. 然后,我按照此分步指南进行操作,最后运行thin start --ssl --ssl-key-file .ssl/key.pem --ssl-cert-file .ssl/cert.pem -e production签名证书。 My config/environments/production.rb contains config.force_ssl = true . 我的config/environments/production.rb包含config.force_ssl = true 。
Now I would like to access the web normally by typing example.com expecting to be automatically redirected to https://example.com but this does not happen . 现在,我希望通过键入example.com来正常访问Web,并期望将其自动重定向到https://example.com但这不会发生 。 Typing looong https://example.com works fine. 键入looong https://example.com可以正常工作。 Here is a 2-year-old question with similar issue but any answer doesn't work either and something could have also changed since then. 这是一个已有2年历史的问题,但存在类似的问题,但是任何答案都无法解决,此后可能还会有所变化。
How can I make it work? 我该如何运作? Or is there any different recent but simple enough way to start using ssl with rails? 或者是否有其他不同但又足够简单的方法来开始将SSL与rails一起使用? Thanks! 谢谢!
2 个解决方案
解决方案1
1 2015-07-31 21:12:02
In your config/environment/production.rb file make sure you have the following: 在config / environment / production.rb文件中,确保您具有以下内容:
config.force_ssl = true
Also make sure to update your cookie settings in config/initializers/session_store.rb : 另外,请确保更新config / initializers / session_store.rb中的 cookie设置:
Rails.application.config.session_store :cookie_store, key: '_secure_domain_session', httponly: true, secure: true
You also need to specify secure: true in the config/initializers/devise.rb file if you are using Devise 如果使用的是Devise,还需要在config / initializers / devise.rb文件中指定secure: true 。
Also make sure to clear the cache on your browser 还要确保清除浏览器上的缓存
解决方案2
0 2019-05-13 16:52:29
If you have a load balancer in front of your website that is terminating the TLS/SSL and then connecting via HTTPS to the backend, this would mean the connection from the load balancer to your server is HTTPS, even though the client connection to the load balancer is not. 如果您的网站前面有一个负载均衡器,该负载均衡器终止TLS / SSL,然后通过HTTPS连接到后端,则这意味着从负载均衡器到您的服务器的连接是 HTTPS,即使客户端到负载的连接也是如此平衡器不是。 Your load balancer should send the X-Forwarded-Proto header which Rails should take into account. 您的负载平衡器应发送X-Forwarded-Proto标头,Rails应该将此标头考虑在内。
If you are running Rails under Passenger inside Nginx (or Apache), you may need to configure that to forward the header and/or port. 如果您正在Nginx(或Apache)内部的Passenger下运行Rails,则可能需要对其进行配置以转发标头和/或端口。
passenger_set_header X-Forwarded-Proto $http_x_forwarded_proto;
passenger_set_header X-Forwarded-Port $server_port;
Note, however, that Rails looks first at the HTTPS environment variable before it looks at the header , and that might be set to "on" because connection to your web server is HTTPS. 但是请注意,Rails 首先查看HTTPS环境变量,然后再查看标头 ,并且可以将其设置为"on"因为与Web服务器的连接是HTTPS。
In that case you can redirect all traffic from HTTP to HTTPS inside Nginx : 在这种情况下,您可以在Nginx中将所有流量从HTTP重定向到HTTPS:
if ($http_x_forwarded_proto != 'https') {
rewrite ^ https://$host$uri permanent;
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.