如何在登台服务器上使用带有SSL的Devise时修复重定向循环?

时间:2012-02-29 21:44:18

标签: ssl ruby-on-rails-3.1 devise nginx passenger

我已在我的登台服务器上安装了自签名证书。我用它来测试我的ssl设置。我使用Devise 1.5进行登录并跟随this article on the devise wiki for ssl / http config

文档说:

  

确保在服务器上启用SSL(Nginx,Apache等)。如果   如果服务器配置不正确,Rails将无法识别   请求为SSL(即使它是),并导致无限重定向循环。

好吧,确定看起来像是发生了什么,但我强烈怀疑我不需要翻转开关#39;在SSL上(这是一个EngineYard实例)。我在服务器上安装了SSL证书。

我已经检查了文件/etc/nginx/servers/MyAppName.ssl.conf,它有以下几行:

  ssl on;
  ssl_certificate /etc/nginx/ssl/MyAppName.crt;
  ssl_certificate_key /etc/nginx/ssl/MyAppName.key;
  ssl_prefer_server_ciphers on;
  ssl_protocols  SSLv3 TLSv1;

所以看起来......对吗?我不想把它搞得一团糟。

我的RegistrationsController有force_ssl :only => [:new, :create, :edit, :update],因此所有身份验证操作都应该强制ssl,据我所知。 SessionsController有force_ssl :only => [:new, :create]

我意识到这里有许多活动部件,但我接下来应该注意什么?

这里是铁轨日志:

Started GET "/users/sign_in" for 98.246.164.160 at 2012-02-29 20:47:39 +0000
[29 Feb 20:47 23166   INFO]   Processing by Devise::SessionsController#new as HTML
[29 Feb 20:47 23166  DEBUG] Parameters: {"action"=>"new", "controller"=>"devise/sessions"}
[29 Feb 20:47 23166   INFO] Redirected to https://ec2-xxx-xxx-106-255.us-west-2.compute.amazonaws.com/users/sign_in
[29 Feb 20:47 23166   INFO] Completed 301 Moved Permanently in 1ms
[29 Feb 20:47 23166   INFO] 

Started GET "/users/sign_in" for 98.246.164.160 at 2012-02-29 20:47:39 +0000
[29 Feb 20:47 23166   INFO]   Processing by Devise::SessionsController#new as HTML
[29 Feb 20:47 23166  DEBUG] Parameters: {"action"=>"new", "controller"=>"devise/sessions"}
[29 Feb 20:47 23166   INFO] Redirected to http://ec2-xxx-xxx-106-255.us-west-2.compute.amazonaws.com/users/sign_in
[29 Feb 20:47 23166   INFO] Completed 302 Found in 1ms
[29 Feb 20:47 23166   INFO] 

Started GET "/users/sign_in" for 98.246.164.160 at 2012-02-29 20:47:39 +0000
[29 Feb 20:47 23166   INFO]   Processing by Devise::SessionsController#new as HTML
[29 Feb 20:47 23166  DEBUG] Parameters: {"action"=>"new", "controller"=>"devise/sessions"}
[29 Feb 20:47 23166   INFO] Redirected to https://ec2-xxx-xxx-106-255.us-west-2.compute.amazonaws.com/users/sign_in
[29 Feb 20:47 23166   INFO] Completed 301 Moved Permanently in 1ms

2 个答案:

答案 0 :(得分:1)

对于那些通过谷歌来到这里的人,让我发布一个可能导致这个问题的原因,这个问题只是浪费了我的一天,希望它不会浪费你的。

如果您在生产中使用Passenger,并且在Apache中使用VirtualHost配置它(例如在conf / httpd.conf中),但是您没有在conf.d / ssl.conf中配置它,那么您可以获得循环问题。即使您在请求中明确输入https,如果此错误配置导致您的问题,您将遇到的症状是request.ssl?始终为false。要检查症状,可以在application_controller.rb中放置一个before_filter调试挂钩,其中包含:

class ApplicationController < ActionController::Base
before_filter :check_ssl

  def check_ssl
    logger.info("==== ssl: #{request.ssl? }")
  end

end

如果它始终记录==== ssl: false即使您发送https://whatever请求,那么VirtualHost配置可能是您的问题。如果您将rails应用程序的DocumentRoot和Directory指令放在conf.d / ssl.conf中的VirtualHost中,它将解决问题。至少它对我有用。

答案 1 :(得分:0)

这个解决方案在gist的'ensure_proper_protocol'方法中撒谎。我重命名它以使其更具可读性,它看起来像这样:

def ssl_forced_action?
    (params[:controller] == 'devise/sessions' && ['new', 'create'].include?(params[:action])) ||
        (params[:controller] == 'devise/registrations' && ['new', 'create', 'edit', 'update'].include?(params[:action])) ||
        (params[:controller] == 'users/omniauth_callbacks')
  end

请注意原始使用的users/sessions

相关问题
最新问题