[英]Missing `secret_key_base` for 'production' environment on Ubuntu 18.04 server (Rails 6.0), multiple topics tried
This topic has a SOLUTION embeded at the end.该主题的末尾嵌入了解决方案。
I'm deploying for the first time a Rails app on a VPS on Ubuntu 18.04.我第一次在 Ubuntu 18.04 上的 VPS 上部署 Rails 应用程序。 with Nginx.
与 Nginx。 I followed the good tutorial of Gorails "Deploy Ruby on Rails To Production in 2019".
我遵循了Gorails的好教程“在 2019 年将 Ruby on Rails 部署到生产环境”。 Everything worked, until I had the "Incomplete response received from application" page.
一切正常,直到我收到“从应用程序收到的不完整响应”页面。
I checked the nginx logs on /var/log/nginx/error.log
and saw the typical message "Missing secret_key_base
for 'production' environment, set this string with rails credentials:edit
"我检查了
/var/log/nginx/error.log
上的 nginx 日志,看到了典型的消息“‘生产’环境缺少secret_key_base
,使用rails credentials:edit
设置此字符串rails credentials:edit
”
As the method of Gorails didn't seems to work (after a bundle exec rails secret
on his console app-side, he add a file /my_website/.rbenv-vars with a SECRET_KEY_BASE line, filled with the generated secret key), I decided to follow the multiples topics answering to this question.由于 Gorails 的方法似乎不起作用(在他的控制台应用程序端的
bundle exec rails secret
之后,他添加了一个文件 /my_website/.rbenv-vars 与 SECRET_KEY_BASE 行,填充了生成的密钥),我决定按照多个主题回答这个问题。 Here is the thing, I'm not sure if the followings steps are the goods one.这是事情,我不确定以下步骤是否是货物之一。
bundle exec rails secret
on my console, server-side, as deploy user.bundle exec rails secret
。 So I have my GENERATED_KEY_1~/.bashrc
: export SECRET_KEY_BASE="GENERATED_KEY_1"
~/.bashrc
: export SECRET_KEY_BASE="GENERATED_KEY_1"
source ~/.bashrc
source ~/.bashrc
echo $SECRET_KEY_BASE
, and I have the good key displayed (GENERATED_KEY_1)echo $SECRET_KEY_BASE
检查我的密钥,并显示了好的密钥(GENERATED_KEY_1)development:
secret_key_base: ORIGINAL_KEY
test:
secret_key_base: ORIGINAL_KEY
production:
secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>
and added Dotenv to my Gemfile, required it in application.rb并将 Dotenv 添加到我的 Gemfile 中,在 application.rb 中需要它
But none of this worked, after restarted nginx server.但是在重新启动 nginx 服务器后,这些都不起作用。 So I restarted the previous step, with the root-user.
所以我用 root 用户重新启动了上一步。
But again, it failed.但又一次失败了。 My questions are:
我的问题是:
rails_env production; to rails_env development;
but I haven't any rails line) rails_env production; to rails_env development;
但我没有任何 rails 线) Thank you, I'm a little bit desperate ^^谢谢,我有点绝望^^
During my many tests, I logged with the root user, and run EDITOR="vim" rails credentials:edit
.在我的许多测试中,我使用 root 用户登录,并运行
EDITOR="vim" rails credentials:edit
。 This command had generated a master.key
, which doesn't exist on your Github repo.此命令生成了一个
master.key
,它在您的 Github 存储库中不存在。
But first, I didn't modified it.但首先,我没有修改它。 I think that was the main problem, as the application use it to decrypt your
credentials.yml.enc
file.我认为这是主要问题,因为应用程序使用它来解密您的
credentials.yml.enc
文件。 When I understood it, I edited the master.key
with the content of the master.key
on my computer app.当我的理解是,我编辑的
master.key
与内容master.key
我的电脑上的应用程序。
Even after editing credentials.yml.enc
with <%= ENV["SECRET_KEY_BASE"] %>
, this solution works.即使在使用
<%= ENV["SECRET_KEY_BASE"] %>
编辑了credentials.yml.enc
之后,这个解决方案<%= ENV["SECRET_KEY_BASE"] %>
有效。 This corresponds to the answer of Lyzard Kyng , even if it's a bit different.这对应于Lyzard Kyng的答案,即使它有点不同。
I can't run EDITOR="vim" rails credentials:edit
with the deploy user, it doesn't work.我无法使用部署用户运行
EDITOR="vim" rails credentials:edit
,它不起作用。
Rails 5.2 and later uses encrypted credentials for storing sensitive app's information, which includes secret_key_base
by default. Rails 5.2 及更高版本使用加密凭据来存储敏感应用程序的信息,默认情况下包括
secret_key_base
。 These credentials are encrypted with the key stored in master.key
file.这些凭据使用存储在
master.key
文件中的密钥进行加密。 Git repository, generated by default Rails application setup, includes credentials.yml.enc
but ignores master.key
. Git 存储库由默认的 Rails 应用程序设置生成,包括
credentials.yml.enc
但忽略master.key
。 After the deployment, which usually involves git push
, Rails production environment should be augmented with this key some way.在部署之后,通常涉及
git push
, Rails 生产环境应该以某种方式使用此密钥进行扩充。
So you have two options.所以你有两个选择。 You can securely upload
master.key
to production host via scp
or sftp
.您可以通过
scp
或sftp
安全地将master.key
上传到生产主机。 Or you can establish shell environment variable RAILS_MASTER_KEY
within the context of a user that runs rails server
process.或者,您可以在运行
rails server
进程的用户的上下文中建立shell 环境变量RAILS_MASTER_KEY
。 The former option is preferred, but as you have dotenv-rails
gem installed, you'd create .env.production
file under app's root and put there a line前一个选项是首选,但由于您安装了
dotenv-rails
gem,您将在应用程序的根目录下创建.env.production
文件并在其中放置一行
RAILS_MASTER_KEY="your_master-key_content"
Don't forget to ensure that gem dotenv-rails
isn't restricted within Gemfile
by development and test Rails environments.不要忘记确保 gem
dotenv-rails
不受开发和测试Rails 环境限制在Gemfile
。
By the way since passenger
module ver.顺便说一下,自
passenger
模块版本以来。 5.0.0 you can set shell environment variables right from nginx.conf
5.0.0 你可以直接从
nginx.conf
设置shell 环境变量
run rake secret
in your local machine and this will generate a key for you在您的本地机器上运行
rake secret
,这将为您生成一个密钥
make config/secrets.yml
file制作
config/secrets.yml
文件
add the generated secret key here在此处添加生成的密钥
production:
secret_key_base: asdja1234sdbjah1234sdbjhasdbj1234ahds…
and redeploy the application after commiting并在提交后重新部署应用程序
i had the same issue and resolved by this method.我有同样的问题并通过这种方法解决。
It would be more secure to generate your key on the server and use it there, rather than push it to your repo from a local machine.在服务器上生成您的密钥并在那里使用它会更安全,而不是将它从本地机器推送到您的存储库。
Instead of ~/.bashrc
do this for using environment variables;而不是
~/.bashrc
这样做是为了使用环境变量;
root
user, navigate to the #
directory (can probably just use cd ..
)root
用户,导航到#
目录(可能只使用cd ..
)nano home/<yourAppUser>/.bash_profile
to navigate to (and create) the file to store the ENV
nano home/<yourAppUser>/.bash_profile
导航到(并创建)文件以存储ENV
export SECRET_KEY_BASE="GENERATED_KEY_1"
export SECRET_KEY_BASE="GENERATED_KEY_1"
You can store your database password here as well.您也可以在此处存储您的数据库密码。
1_ Set credentials with 1_ 设置凭据
rails credentials:edit
2_ Upload master.key file to your production server. 2_ 将master.key文件上传到您的生产服务器。
If deploy with capistrano, copy master.key to shared folder (shared_path) and then add this to deploy.rb :如果使用 capistrano 部署,请将 master.key复制到共享文件夹(shared_path),然后将其添加到deploy.rb :
namespace :config do
task :symlink do
on roles(:app) do
execute :ln, "-s #{shared_path}/master.key #{release_path}/config/master.key"
end
end
end
after 'deploy:symlink:shared', 'config:symlink'
In my case, on rails credentials:edit
, the file indentation were not accurate which gave the error on deployment.就我而言,在
rails credentials:edit
,文件缩进不准确,这导致了部署错误。 So make sure the indentation is correct on your local before deploying.因此,在部署之前,请确保本地缩进是正确的。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.