SSL与Rails 3.1:config.force_ssl = true无法在开发模式下工作

时间:2011-12-30 14:53:24

标签: ssl ruby-on-rails-3.1 nginx

我正在使用sqlite在Ubuntu上以开发模式运行rails 3.1。 rails服务器在端口3000上运行,我将nginx设置为proxy_pass端口80和443到端口3000.当我将config.force_ssl = true放入我的Application.rb并重新启动rails服务器时,我收到一个错误,看起来喜欢:

    Secure Connection Failed
    An error occurred during a connection to localhost:3000.

    SSL received a record that exceeded the maximum permissible length.

    (Error code: ssl_error_rx_record_too_long)

    The page you are trying to view can not be shown because the authenticity of the received data could not be verified.
    Please contact the web site owners to inform them of this problem. Alternatively, use the command found in the help menu to report this broken site.

当我将其更改回config.force_ssl = false并重新启动rails服务器时,我仍然收到错误[2011-12-30 09:48:02] ERROR bad URI 9W\x0Fe���h=9��ݔ|�#��)�/6\x00\x00H\x00��'。在rails控制台中。如果我也清除浏览器缓存,这一切都会消失,一切都恢复正常。但是如何让force_ssl = true工作?

以下是我的Application.rb的一部分:

    module Regi
      class Application < Rails::Application
        # Settings in config/environments/* take precedence over those specified here.
        # Application configuration should go into files in config/initializers
        # -- all .rb files in that directory are automatically loaded.
        config.generators do |g|
          g.template_engine :haml
        end
        config.force_ssl = true
      end
    end         

这是我的/ etc / nginx / sites-enabled / default:

server {
    #listen   80; ## listen for ipv4; this line is default and implied
    #listen   [::]:80 default ipv6only=on; ## listen for ipv6

    root /usr/share/nginx/www;
    index index.html index.htm;

    # Make site accessible from http://localhost/
    server_name localhost;

    location / {
            # First attempt to serve request as file, then
            # as directory, then fall back to index.html
            proxy_pass      http://localhost:3000;  
            try_files $uri $uri/ /index.html;
    }


    #error_page 404 /404.html;

    # redirect server error pages to the static page /50x.html
    #
    #error_page 500 502 503 504 /50x.html;
    #location = /50x.html {
    #       root /usr/share/nginx/www;
    #}

    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
    #location ~ \.php$ {
    #       fastcgi_split_path_info ^(.+\.php)(/.+)$;
    #       # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
    #
    #       fastcgi_pass 127.0.0.1:9000;
    #       fastcgi_index index.php;
    #       include fastcgi_params;
    #}

    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    #location ~ /\.ht {
    #       deny all;
    #}
}

# HTTPS server
server {
    listen       443;
    server_name  localhost;

    #charset koi8-r;

    #access_log  logs/host.access.log  main;
    ssl    on;
    ssl_certificate    /usr/local/conf/ssl_keys/server.crt;
    ssl_certificate_key    /usr/local/conf/ssl_keys/server.key;

    location / {
        proxy_pass        http://localhost:3000;
        proxy_set_header  X-Real-IP  $remote_addr;
        # root   html;
        # index  index.html index.htm;
    }

    #error_page  404              /404.html;

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   html;
    }
}

2 个答案:

答案 0 :(得分:2)

当我配置nginx ssl服务器时,我遇到了完全相同的错误消息。那是因为我没有ssl crt和key.And在你的nginx配置文件中,我注意到有crt和key。所以你确定crt和key都可以吗? 如果您不确定,可以尝试以下链接来创建self_assigned crt。 http://devcenter.heroku.com/articles/ssl-certificate-self

P.S。我想把这个答案附加为一个小评论,但似乎我没有这个权限

答案 1 :(得分:0)