AWS EC2,Nginx SSL问题

发布时间：2021-01-24 04:54:41 所属栏目：Nginx 来源：互联网

导读：我正在AWS EC2实例上运行rails应用程序,Nginx 1.4.6充当反向代理并提供SSL证书.我很确定我的问题是我的Nginx配置.这里是：upstream puma { server unix:///home/deploy/apps/appname/shared/tmp/sockets/appname-puma.sock; } server

我正在AWS EC2实例上运行rails应用程序,Nginx 1.4.6充当反向代理并提供SSL证书.

我很确定我的问题是我的Nginx配置.这里是：

upstream puma {
  server unix:///home/deploy/apps/appname/shared/tmp/sockets/appname-puma.sock;
}

server {
  listen 443;

  ssl on;
  ssl_certificate /etc/nginx/ssl/appname.chained.crt;
  ssl_certificate_key /etc/nginx/ssl/appname.key;

  root /home/deploy/apps/appname/current/public;
  access_log /home/deploy/apps/appname/current/log/nginx.access.log;
  error_log /home/deploy/apps/appname/current/log/nginx.error.log info;

  try_files $uri/index.html $uri @puma;
  location @puma {
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_redirect off;

    proxy_pass http://puma;
  }

  error_page 500 502 503 504 /500.html;
  client_max_body_size 10M;
  keepalive_timeout 10;
}

server {
  listen 80;
  return 301 https://$host$request_uri;
}

当我尝试运行curl -v https://appname.co.uk时,curl返回：

* Rebuilt URL to: https://appname.co.uk/
*   Trying 52.27.236.227...
* found 187 certificates in /etc/ssl/certs/ca-certificates.crt
* found 758 certificates in /etc/ssl/certs
* ALPN,offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_256_GCM_SHA384
*    server certificate verification OK
*    server certificate status verification SKIPPED
*    server certificate expiration date OK
*    server certificate activation date OK
*    certificate public key: RSA
*    certificate version: #3
*    subject: OU=Domain Control Validated,*    start date: Mon,21 Dec 2015 16:31:38 GMT
*    expire date: Wed,21 Dec 2016 16:31:38 GMT
*    issuer: C=US,ST=Arizona,L=Scottsdale,O=GoDaddy.com,Inc.,OU=http://certs.godaddy.com/repository/,CN=Go Daddy Secure     Certificate Authority - G2
*    compression: NULL
* ALPN,server did not agree to a protocol
> GET / HTTP/1.1
> User-Agent: curl/7.43.0
> Accept: */*
> 
< HTTP/1.1 301 Moved Permanently
< Server: nginx/1.4.6 (Ubuntu)
< Date: Sat,26 Dec 2015 15:51:14 GMT
< Content-Type: text/html
< Transfer-Encoding: chunked
< Connection: keep-alive
<

这应该显示我的rails应用程序的主页.是* ALPN,服务器不同意协议行有意义吗？为什么Nginx会返回301永久移动？

非常感谢,如果有更多信息可以使用,请告诉我.

最佳答案您的nginx配置没有在端口443上显示任何重定向,并且您声称在nginx前没有负载均衡器,因此重定向可能来自的另一个地方是……您的应用程序.

我看到你在https上运行应用程序,但你没有告诉Rails这个.特别是,您的nginx配置丢失了：

        proxy_set_header X-Forwarded-Proto $scheme;

我怀疑你的应用程序知道自己想要的URL,并且正在尝试重定向到它,因为它认为它所带来的URL不是规范的.

添加它,看看重定向是否停止.

（编辑：日照站长网）

【声明】本站内容均来自网络，其相关言论仅代表作者个人观点，不代表本站立场。若无意侵犯到您的权利，请及时与联系站长删除相关内容!