nginx - 配置问题 - 生产模式 - 代码403

时间:2014-08-11 08:33:27

标签: ruby-on-rails ruby-on-rails-4 nginx http-status-code-403 thin

我想用Rails 4配置NGINX并在生产模式下运行我的应用程序。问题是我得到403代码 - 命令:rails s -e production并在浏览器中输入localhost。当然,我为应用程序文件夹中的整个文件建立了755权限。下面有我的nginx.conf:

worker_processes  1;

events {
    worker_connections  1024;
}

http {
    include               mime.types;
    # include /etc/nginx/conf.d/*.conf;
    # include /etc/nginx/sites-enabled/*;
    default_type          application/octet-stream;

    sendfile              on;

    keepalive_timeout     65;
    client_max_body_size  50M;

    # fastcgi_buffers 8 16k;
    # fastcgi_buffer_size 32k;
    # fastcgi_connect_timeout 300;
    # fastcgi_send_timeout 300;
    # fastcgi_read_timeout 300;

    upstream proxy-user {
        server 127.0.0.1:2000;
    }

    upstream thin_cluster {
        server unix:/tmp/thin.0.sock;
       # server unix:/tmp/thin.1.sock;
       # server unix:/tmp/thin.2.sock;
    }

    server {
        listen 80;
        server_name localhost;
        # access_log  /var/log/nginx-access.log;
        root        /home/user/Apps/myapp/public;

        location ~* ^.+\.(jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|js|mp3|flv|mpeg|avi)$ {
        try_files $uri @app;
        }

        location /home/user/Apps/myapp/ {
            proxy_set_header  X-Real-IP        $remote_addr;
            proxy_set_header  X-Forwarded-For  $proxy_add_x_forwarded_for;
            proxy_set_header  Host             $http_host;
            proxy_redirect    off;
            proxy_pass        http://proxy-user;

            if (!-f $request_filename) {
              proxy_pass http://proxy-user;
              break;
            }
        }
    }

    server {
        listen                443;
        server_name           _;
        ssl                   on;
        ssl_certificate       /etc/nginx/ssl/server.crt;
        ssl_certificate_key   /etc/nginx/ssl/server.key;
        ssl_protocols         SSLv3 TLSv1;
        ssl_ciphers           HIGH:!ADH:!MD5;
        access_log            /var/log/nginx-access-ssl.log;
        root                  /home/user/Apps/myapp/public;

        location ~* ^.+\.(jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|js|mp3|flv|mpeg|avi)$ {
        try_files $uri @app;
        }

        location /home/user/Apps/myapp/ {
            proxy_set_header  X-Real-IP             $remote_addr;
            proxy_set_header  X-Forwarded-For       $proxy_add_x_forwarded_for;
            proxy_set_header  X-FORWARDED_PROTO     https;
            proxy_set_header  SSL_CLIENT_S_DN       $ssl_client_s_dn;
            proxy_set_header  Host                  $http_host;
            proxy_redirect    off;
            proxy_pass        http://proxy-user;
        }

        error_page   500 502 503 504  /50x.html;

        location = /50x.html {
        }
    }
}

1 个答案:

答案 0 :(得分:0)

你的配置中有一些问题,我会写下我会做的事情,你告诉我你有什么问题,我假设服务器在端口2000因为那个&#39 ; s你使用的上游。

我也会忽略http块,只使用服务器和上游块。

upstream rails {
    server 127.0.0.1:2000;
}
server {
  server_name domain.com; # or whichever
  listen 80;

  # ssl settings start
  listen 443 ssl;
  ssl_certificate /etc/nginx/ssl/server.crt;
  ssl_certificate_key /etc/nginx/ssl/server.key;
  # ssl settings end

  root /home/user/Apps/myapp/public;
  error_page 500 502 503 504  /50x.html;
  access_log /var/log/nginx/domain-access.log;
  error_log /var/log/nginx/domain-error.log;

  location @pass_to_rails {
    proxy_set_header  X-Real-IP             $remote_addr;
    proxy_set_header  X-Forwarded-For       $proxy_add_x_forwarded_for;
    proxy_set_header  X-FORWARDED_PROTO     $scheme;
    proxy_set_header  Host                  $http_host;
    proxy_redirect    off;
    proxy_pass        http://rails;
  }

  location / {
    try_files $uri $uri/ @pass_to_rails;
  }
}

如果您使用的是debian / ubuntu发行版,则应将此sites-available和符号链接放在sites-enabled内;如果您使用的是另一个发行版,则应使用/etc/nginx/conf.d,以保持整洁可维护性。

还要确保根据您要使用的内容取消注释其中一行

# include /etc/nginx/conf.d/*.conf;
# include /etc/nginx/sites-enabled/*;