因此,我查看了能找到的所有示例配置,但每次尝试查看需要 SSL 的页面时,我都会陷入重定向循环。我正在运行 nginx/0.8.53 和 Passenger 3.0.2。
这是 SSL 配置
server {
listen 443 default ssl;
server_name <redacted>.com www.<redacted>.com;
root /home/app/<redacted>/public;
passenger_enabled on;
rails_env production;
ssl_certificate /home/app/ssl/<redacted>.com.pem;
ssl_certificate_key /home/app/ssl/<redacted>.key;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X_FORWARDED_PROTO https;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Url-Scheme $scheme;
proxy_redirect off;
proxy_max_temp_file_size 0;
location /blog {
rewrite ^/blog(/.*)?$ http://blog.<redacted>.com/$1 permanent;
}
location ~* \.(js|css|jpg|jpeg|gif|png)$ {
if (-f $request_filename) {
expires max;
break;
}
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
这是非 SSL 配置
server {
listen 80;
server_name <redacted>.com www.<redacted>.com;
root /home/app/<redacted>/public;
passenger_enabled on;
rails_env production;
location /blog {
rewrite ^/blog(/.*)?$ http://blog.<redacted>.com/$1 permanent;
}
location ~* \.(js|css|jpg|jpeg|gif|png)$ {
if (-f $request_filename) {
expires max;
break;
}
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
如果我可以提供任何其他信息来帮助诊断问题,请告诉我。
答案1
看起来您的应用无法检测到它是否在 https 上运行,并且一次又一次地重定向到 https URL。
通常根据HTTPS环境变量检测 https,nginx 的 Passenger 模块允许使用以下方式设置环境变量:乘客设置_cgi_参数指令。添加类似
passenger_set_cgi_param HTTPS on;
进入 https server{} 块应该有帮助。
答案2
我认为proxy_set_header指令应放入地点部分。
尝试使用:
...
location / {
# needed for SSL
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Url-Scheme $scheme;
proxy_max_temp_file_size 0;
# Each of those lines may cause an infinate redirect loop
#proxy_set_header X-FORWARDED_PROTO https;
#proxy_set_header X-Forwarded-Proto $scheme;
# This two may break the redirection when on ssl
#proxy_set_header Host $http_host;
#proxy_redirect off;
...
至少这对我来说是在 nginx 前面使用 haproxy 很难设置的环境中起作用。
希望这对你有帮助。