我试图让我的Rails 4在使用Ubuntu和NginX的VPS上使用SSL。我从StartSSL.com检索了SSL证书,服务器上的安装似乎已经成功。
但是,我无法让我的应用与https一起使用。它目前仅适用于http。
当我尝试通过https在浏览器中访问它时,我收到此错误:
2014/06/04 18:05:56 [error] 23306#0: *3 "/home/rails/public/index.html" is forbidden (13: Permission denied), client: 23.251.149.69, server: myapp.com, request: "GET / HTTP/1.0", host: "myapp.com"
这将是我/etc/nginx/nginx.conf中的NGINX配置文件:
user www-data;
worker_processes 4;
pid /var/run/nginx.pid;
events { worker_connections 1024; }
http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
server_tokens off;
server_names_hash_bucket_size 64;
include /etc/nginx/mime.types;
default_type application/octet-stream;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
gzip on;
gzip_disable "msie6";
gzip_types text/plain text/xml text/css text/comma-separated-values;
upstream app_server { server 127.0.0.1:8080 fail_timeout=0; }
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
server {
listen 80;
server_name myapp.com;
rewrite ^ https://$server_name$request_uri? permanent;
}
server {
listen 443;
server_name myapp.com;
root /home/rails/public;
ssl on;
ssl_certificate /etc/ssl/myapp.com.crt;
ssl_certificate_key /etc/ssl/myapp.com.key;
}
}
我在这里错过了什么以及如何解决这个问题?
答案 0 :(得分:2)
我回答了这个over on DigitalOcean,但我也注意到了这一点。
您有upstream套,但没有proxy_pass。我假设你使用像Unicorn这样的东西来为应用程序提供服务?您可能需要调整在443上侦听的服务器块,以充当用作上游服务器的反向代理。类似的东西:
server {
listen 443;
server_name myapp.com;
root /home/rails/public;
index index.htm index.html;
ssl on;
ssl_certificate /etc/ssl/myapp.com.crt;
ssl_certificate_key /etc/ssl/myapp.com.key;
location / {
try_files $uri/index.html $uri.html $uri @app;
}
location @app {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://app_server;
}
}