I would like to know how to enforce SSL in a rails 5 app. The app works fine in development. In production some POST requests over SSL via rails admin do not work.
If SSL is enforced via production.rb, the browser returns:
"ERR_TOO_MANY_REDIRECTS"
And if "force_ssl" is set to false, some "POST" requests via rails admin return:
HTTP Origin header (https://www.example.com) didn't match request.base_url (http://www.example.com)
Thanks in advance.
These are the app settings:
production.rb
# ...
config.force_ssl = true
# ...
nginx.conf
upstream puma {
server unix:///home/bgc/apps/domain/shared/tmp/sockets/domain-puma.sock;
}
server {
listen 80;
listen 443 ssl;
server_name domain.com;
ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers AES256+EECDH:AES256+EDH:!aNULL;
root /home/bgc/apps/domain/current/public;
access_log /home/bgc/apps/domain/current/log/nginx.access.log;
error_log /home/bgc/apps/domain/current/log/nginx.error.log info;
location ^~ /assets/ {
gzip_static on;
expires max;
add_header Cache-Control public;
}
try_files $uri/index.html $uri @puma;
location @puma {
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://puma;
}
error_page 500 502 503 504 /500.html;
client_max_body_size 10M;
keepalive_timeout 10;
}
The reason for this is pretty simple. When you are using the Nginx server with ssl, it will already sort out the ssl for you. If you remove config.force_ssl = true
from production.rb and it will be sorted.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.