Puma无法打开Let的加密证书

时间:2018-03-02 15:06:53

标签: ruby-on-rails ssl puma lets-encrypt

我正在尝试使用Nginx,Puma和Let's Encrypt在Digital Ocean上托管一个Ruby on Rails应用程序以获得SSL证书。 问题是Puma找不到证书。我想这是因为我需要成为root用户,而不是简单的用户才能打开证书所在的文件夹。

但是,如果证书没有足够的权利可以打开它,我该如何告诉Puma?我试图改变那个做chmod 755 path/to/certificate并重新加载Puma但它什么也没做。

我在服务器上运行puma -C config/puma.rb,这是答案:

[8018] Puma starting in cluster mode...
[8018] * Version 2.16.0 (ruby 2.2.3-p173), codename: Midwinter Nights Trance
[8018] * Min threads: 1, max threads: 6
[8018] * Environment: production
[8018] * Process workers: 1
[8018] * Phased restart available
[8018] * Listening on unix:///home/path/to/app/shared/sockets/puma.sock
/home/userlambda/.rbenv/versions/2.2.3/lib/ruby/gems/2.2.0/gems/puma-2.16.0/lib/puma/minissl.rb:128:in `key=': No such key file '/etc/letsencrypt/live/path/to/cert/privkey.pem' (ArgumentError)
    from /home/userlambda/.rbenv/versions/2.2.3/lib/ruby/gems/2.2.0/gems/puma-2.16.0/lib/puma/binder.rb:155:in `block in parse'
    from /home/userlambda/.rbenv/versions/2.2.3/lib/ruby/gems/2.2.0/gems/puma-2.16.0/lib/puma/binder.rb:84:in `each'
    from /home/userlambda/.rbenv/versions/2.2.3/lib/ruby/gems/2.2.0/gems/puma-2.16.0/lib/puma/binder.rb:84:in `parse'
    from /home/userlambda/.rbenv/versions/2.2.3/lib/ruby/gems/2.2.0/gems/puma-2.16.0/lib/puma/cluster.rb:341:in `run'
    from /home/userlambda/.rbenv/versions/2.2.3/lib/ruby/gems/2.2.0/gems/puma-2.16.0/lib/puma/cli.rb:214:in `run'
    from /home/userlambda/.rbenv/versions/2.2.3/lib/ruby/gems/2.2.0/gems/puma-2.16.0/bin/puma:10:in `<top (required)>'
    from /home/userlambda/.rbenv/versions/2.2.3/bin/puma:23:in `load'
    from /home/userlambda/.rbenv/versions/2.2.3/bin/puma:23:in `<main>'

如果我尝试sudo puma -C config/puma.rb,答案是sudo: puma: command not found

我能够看到证书正在执行sudo vi path/to/certificate但不能只执行vi/path/to/certificate

我完全陷入困境,因为我尽我所能。任何人都有线索?

谢谢!

nginx文件 

upstream app {
    # Path to Puma SOCK file, as defined previously
    server unix:/home/path/to/app/shared/sockets/puma.sock fail_timeout=0;
}

server {
    server_name www.example.com;

    root /home/path/to/app/public;

    location /images {
        alias /home/path/to/app/public/images/;
    }

    location /system {
        alias /home/path/to/app/public/system/;
    }

    try_files $uri/index.html $uri @app;

    location @app {
        proxy_pass https://app;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_redirect off;
    }

    error_page 500 502 503 504 /500.html;
    client_max_body_size 4G;
    keepalive_timeout 10;

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/path/to/cert/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/path/to/cert/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}


server {
    if ($host = www.example.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    listen 80;
    server_name www.example.com;
    return 404; # managed by Certbot


}

puma.rb 

workers 1
threads 1, 6
app_dir = File.expand_path("../..", __FILE__)
shared_dir = "#{app_dir}/shared"
rails_env = ENV['RAILS_ENV'] || "production"
environment rails_env
bind "unix://#{shared_dir}/sockets/puma.sock"
stdout_redirect "#{shared_dir}/log/puma.stdout.log", "#{shared_dir}/log/puma.stderr.log", true
pidfile "#{shared_dir}/pids/puma.pid"
state_path "#{shared_dir}/pids/puma.state"
activate_control_app

bind 'ssl://127.0.0.1:3000?key=/etc/letsencrypt/live/path/to/cert/privkey.pem&cert=/etc/letsencrypt/live/path/to/cert/fullchain.pem'

on_worker_boot do
  require "active_record"
  ActiveRecord::Base.connection.disconnect! rescue ActiveRecord::ConnectionNotEstablished
  ActiveRecord::Base.establish_connection(YAML.load_file("#{app_dir}/config/database.yml")[rails_env])
end

RoR版本:4.2.1

Ruby版本:2.2.3

Puma版本:2.16.0

0 个答案:

没有答案
相关问题
最新问题