ruby-on-rails-为什么SSL重定向不能与force_ssl和Nginx一起使用?

我有一个Rails 3.2.13应用程序,我正在尝试使用Nginx和Unicorn配置SSL.我希望能够告诉某些控制器和某些控制器操作“ force_ssl”并正确重定向.我已经能够使它正常工作,这样我就可以用’https://foo.com‘手动点击该应用程序,并且一切正常.当我将“ force_ssl”放入控制器操作中时,假设users#index:

class UsersController < ApplicationController
  force_ssl

  def index
    # do some stuff
  end

end

我希望如果导航到“ http://foo.com/users”,它将重定向到“ https://foo.com/users”.
它不是.

而是,它重定向到:’https:// unicorn_foo / users’.我想念什么?

nginx.conf:

upstream unicorn_foo {
  server unix:/tmp/unicorn.foo.sock fail_timeout=0;
}

server {
    listen 80 default;
    server_name foo.com;
    root /home/webuser/apps/foo/current/public;

    location ^~ /assets/ {
        gzip_static on;
        expires max;
        add_header Cache-Control public;
    }

    try_files $uri/index.html $uri @unicorn_foo;

    location @unicorn_foo {
        proxy_set_header X-Forwarded-Proto http;
        proxy_pass http://unicorn_foo;
    }
    error_page 500 502 503 504 /500.html;
    client_max_body_size 5G;
    keepalive_timeout 10;
    send_timeout 240;
    sendfile_max_chunk 5m;
}

server {
    listen 443;
    server_name foo.com;
    root /home/webuser/apps/foo/current/public;

    location ^~ /assets/ {
        gzip_static on;
        expires max;
        add_header Cache-Control public;
    }

    try_files $uri/index.html $uri @unicorn_foo;

    location @unicorn_foo {
        proxy_set_header  X-Real-IP       $remote_addr;
        proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header  X-Forwarded-Proto https;
        proxy_set_header  Host $http_host;
        proxy_redirect    off;
        proxy_pass http://unicorn_foo;
    }
    error_page 500 502 503 504 /500.html;
    client_max_body_size 5G;
    keepalive_timeout 10;

    ssl on;
    ssl_certificate         /etc/nginx/ssl/server.crt;
    ssl_certificate_key     /etc/nginx/ssl/server.key;
    ssl_protocols           SSLv3 TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers             ALL:-ADH:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP;
    ssl_session_cache       shared:SSL:10m;

    send_timeout 240;
    sendfile_max_chunk 5m;
}

解决方法:

首先猜测…端口80服务器块无法通过主机,也许就是这样吗?

proxy_set_header  Host $http_host;

SSL块可以,但是如果您从非SSL端开始并且Rails接了它,它可能没有完整的标头?

上一篇:Ruby on Rails-独角兽,Capistrano安装


下一篇:ruby-on-rails-捆绑安装-Ubuntu上的Rails