我试图让我的Rails网站同时使用http或https服务所有网页和资源,但是当我进入https模式时,它被重定向到http并且资产永远不会被提供作为https协议。
我的nginx配置如下:
server {
listen <%= rubber_env.unicorn_listen_port %>;
listen 443 ssl;
ssl_certificate /etc/ssl/certs/server.crt;
ssl_certificate_key /etc/ssl/private/server.key;
ssl_session_cache shared:SSL:10m;
client_max_body_size 4G;
server_name <%= [ rubber_env.domain, rubber_env.web_aliases ].flatten.compact.join(" ") %>;
keepalive_timeout 5;
# Location of our static files
root <%= Rubber.root + "/public" %>;
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
# If you don't find the filename in the static files
# Then request it from the unicorn server
if (!-f $request_filename) {
proxy_pass http://unicorn_server;
break;
}
}
location ~ ^/(assets)/ {
expires 1y;
add_header Cache-Control public;
add_header ETag "";
break;
gzip_static on; # to serve pre-gzipped version
}
# this rewrites all the requests to the maintenance.html
# page if it exists in the doc root. This is for capistrano's
# disable web task
if (-f $document_root/system/maintenance.html)
{
rewrite ^(.*)$ /system/maintenance.html last;
break;
}
error_page 500 502 503 504 /500.html;
location = /500.html
{
root <%= Rubber.root + "/public" %>;
}
error_page 404 /404.html;
location = /404.html
{
root <%= Rubber.root + "/public" %>;
}
}
如果我可以使用https或http中的nginx来提供静态资产会更好,但如果不可能,我可以使用Rails服务它们并支付性能损失,因为这只会用在小书签中我们正在创造。
你知道如何使这个nginx配置与服务资产的ssl一起使用吗?
如果您需要,我也可以添加独角兽和 haproxy 配置。
谢谢!
答案 0 :(得分:0)
我的解决方案是接受所有内容中的ssl,并将资产作为ssl资产提供服务。
<%
@path = "/etc/nginx/rubber/unicorn_nginx.conf"
%>
upstream unicorn_server {
# This is the socket we configured in unicorn.rb
server unix:/var/run/unicorn.sock
fail_timeout=0;
}
server {
listen <%= rubber_env.unicorn_listen_port %>;
client_max_body_size 4G;
server_name <%= [ rubber_env.domain, rubber_env.web_aliases ].flatten.compact.join(" ") %>;
keepalive_timeout 5;
# Location of our static files
root <%= Rubber.root + "/public" %>;
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
# If you don't find the filename in the static files
# Then request it from the unicorn server
if (!-f $request_filename) {
proxy_pass http://unicorn_server;
break;
}
}
location ~ ^/(assets)/ {
expires 1y;
add_header Cache-Control public;
add_header ETag "";
break;
gzip_static on; # to serve pre-gzipped version
}
# this rewrites all the requests to the maintenance.html
# page if it exists in the doc root. This is for capistrano's
# disable web task
if (-f $document_root/system/maintenance.html)
{
rewrite ^(.*)$ /system/maintenance.html last;
break;
}
error_page 500 502 503 504 /500.html;
location = /500.html
{
root <%= Rubber.root + "/public" %>;
}
error_page 404 /404.html;
location = /404.html
{
root <%= Rubber.root + "/public" %>;
}
}
server {
listen 443 ssl;
ssl_certificate /etc/ssl/certs/server.crt;
ssl_certificate_key /etc/ssl/private/server.pem;
ssl_session_cache shared:SSL:10m;
client_max_body_size 4G;
server_name <%= [ rubber_env.domain, rubber_env.web_aliases ].flatten.compact.join(" ") %>;
keepalive_timeout 5;
# Location of our static files
root <%= Rubber.root + "/public" %>;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://unicorn_server;
}
location ^~ /assets/ {
gzip_static on;
expires max;
add_header Cache-Control public;
}
# this rewrites all the requests to the maintenance.html
# page if it exists in the doc root. This is for capistrano's
# disable web task
if (-f $document_root/system/maintenance.html)
{
rewrite ^(.*)$ /system/maintenance.html last;
break;
}
error_page 500 502 503 504 /500.html;
location = /500.html
{
root <%= Rubber.root + "/public" %>;
}
error_page 404 /404.html;
location = /404.html
{
root <%= Rubber.root + "/public" %>;
}
}