我正在使用Nginx,phusion_passenger在个人服务器上部署Rails应用程序。我的站点配置文件包含以下服务器块。使用此配置,http://192.168.1.121服务无效,而https://192.168.1.121因禁止(拒绝访问)错误而失败。
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
# Make site accessible from http://192.168.1.121/
server_name 192.168.1.121;
passenger_enabled on;
rails_env production;
root /home/deploy/www/myrailsapp/current/public;
index index.html index.htm;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
server {
listen 443;
server_name 192.168.1.121;
passenger_enabled on;
rails_env production;
root /home/deploy/www/myrailsapp/current/public;
index index.html index.htm;
ssl on;
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
ssl_prefer_server_ciphers on;
error_page 500 502 503 504 /50x.html;
location / {
try_files $uri $uri/ =404;
}
}
production.rb有force_ssl:true
此外,如果我删除带有https条目的服务器{}块,应用程序在http上运行就好了(当然我还要注释掉force_ssl:true,来自production.rb)。如果从https访问同一目录,我对访问被拒绝错误感到非常困惑
- nginx版本:nginx / 1.6.2
- Rails 4.0
- Ruby 2.1.3
任何帮助表示赞赏。
答案 0 :(得分:1)
尝试在与server配置相同的port 80块上配置SSL。
此外,port 443的{{3}}代替ssl on指令。
这样的事情:
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
# Use ssl parameter on the listening socket instead of the 'ssl on' directive
listen 443 ssl;
server_name 192.168.1.121;
# Rest of your ssl configuration here
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
ssl_prefer_server_ciphers on;
passenger_enabled on;
rails_env production;
root /home/deploy/www/myrailsapp/current/public;
index index.html index.htm;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
来源和推荐阅读: