stackoom
  简体   繁体   中英

Nginx Rails 5 HTTPS Redirect Issue

 原文  2016-08-16 12:25:31       ruby-on-rails/ nginx/ ruby-on-rails-5

Question

I got a new Rails 5 application hosted in a Digital Ocean Ubuntu 16.04 droplet. The setup uses Nginx with Puma as the application server. I noticed an issue with redirects.

For example, if I do a redirect as redirect_to services_path it tries to redirect to https://jdeen.com,%20jdeen.com/services .

I believe this is a Nginx config issue, thought this is very identical to a working Rails 3 application I had, I am not sure what has gone wrong. It works when I do a simple config not to use SSL.

Any help is highly appreciated.

Rials log 

I, [2016-08-16T08:18:01.692852 #17988]  INFO -- : [9c26a134-eef6-4244-9ec2-e9e7cec61910] Started GET "/products" for 112.134.82.41 at 2016-08-16 08:18:01 -0400
I, [2016-08-16T08:18:01.709611 #17988]  INFO -- : [9c26a134-eef6-4244-9ec2-e9e7cec61910] Processing by ProductsController#index as HTML
I, [2016-08-16T08:18:01.718443 #17988]  INFO -- : [9c26a134-eef6-4244-9ec2-e9e7cec61910] Redirected to https://jdeen.com, jdeen.com/services
I, [2016-08-16T08:18:01.720520 #17988]  INFO -- : [9c26a134-eef6-4244-9ec2-e9e7cec61910] Completed 302 Found in 9ms (ActiveRecord: 0.0ms)
I, [2016-08-16T08:18:10.993806 #17988]  INFO -- : [1ac5d13d-1df9-44f0-9f5a-6aaa424231a9] Started GET "/products" for 112.134.82.41 at 2016-08-16 08:18:10 -0400
I, [2016-08-16T08:18:10.995977 #17988]  INFO -- : [1ac5d13d-1df9-44f0-9f5a-6aaa424231a9] Processing by ProductsController#index as HTML
I, [2016-08-16T08:18:10.998905 #17988]  INFO -- : [1ac5d13d-1df9-44f0-9f5a-6aaa424231a9] Redirected to https://jdeen.com, jdeen.com/services
I, [2016-08-16T08:18:10.999999 #17988]  INFO -- : [1ac5d13d-1df9-44f0-9f5a-6aaa424231a9] Completed 302 Found in 2ms (ActiveRecord: 0.0ms)

Nginx config: 

upstream jdeen_app {
    server 127.0.0.1:3000 fail_timeout=0;
}

server {
    listen 80;
    server_name jdeen.com www.jdeen.com;
    return 301 https://$host$request_uri;
}


server {
    listen 443 ssl;
    server_name jdeen.com www.jdeen.com;

    ssl_certificate /etc/letsencrypt/live/jdeen.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/jdeen.com/privkey.pem;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_dhparam /etc/ssl/certs/dhparam.pem;
    ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA HIGH !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS";
    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:50m;
    ssl_stapling on;
    ssl_stapling_verify on;
    add_header Strict-Transport-Security max-age=15768000;
    server_tokens off;

    root /var/www/jdeen.com/public;

    try_files $uri/index.html $uri @jdeen_app;

    location @jdeen_app {
        proxy_pass http://jdeen_app;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_redirect off;

        proxy_set_header HOST $host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }

    location ~ /.well-known {
        allow all;
    }

    error_page 500 502 503 504 /500.html;
    client_max_body_size 4G;
    keepalive_timeout 10;
}

2 answers

solution1
 5 ACCPTED  2016-08-16 13:58:41

The problem is caused by duplicate Host header, that was set twice using proxy_set_header directives: 

...
proxy_set_header Host $http_host;
proxy_redirect off;

proxy_set_header HOST $host;
...

solution2
 0  2016-08-16 14:11:16

this is how I set up my apps. Maybe this can help you.

Note, this goes in tangent with Unicorn. 

upstream app_server_appname {
    server unix:/path/to/rails_app/app_name/shared/sockets/unicorn.sock fail_timeout=0;
}

server {
    listen 443 ssl;
    root /path/to/rails_app/public;
    server_name somedomain.com;
    index index.htm index.html;

    ssl_certificate /etc/letsencrypt/live/somedomain.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/somedomain.com/privkey.pem;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';


    deny all;

    location / {
            try_files $uri/index.html $uri.html $uri @app;
    }

    location ~ ^/assets/ {
      expires 1s;
      add_header Cache-Control public;

      add_header ETag "";
      break;
    }

    location ~* ^.+\.(jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|mp3|flv|mpeg|avi)$ {
                    try_files $uri @app;
    }

     location @app {
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Host $http_host;
            proxy_set_header   X-Forwarded-Proto https;
            proxy_redirect off;
            proxy_pass http://app_server_appname;
    }
}

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Nginx HTTPS issue to redirect from www to non-www Rails Https redirect to http Rails redirect with https Nginx Redirect HTTP to HTTPS automatically Display issue with redirect on nginx Rails/Nginx redirects http to https Rails - Puma - Nginx : How to redirect all to https://www.example.com? Rails app tries to redirect to https Rails Heroku SSL https:// redirect NGINX showing blank page on http to https redirect
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM