AWS EC2,Nginx SSL 问题

tag-icon tag-icon nginx amazon-ec2 ssl
AWS EC2,Nginx SSL 问题

我在 AWS EC2 实例上运行 rails 应用程序,其中 Nginx 1.4.6 充当反向代理并提供 SSL 证书。

我很确定我的问题出在我的 Nginx 配置上。配置如下:

upstream puma {
  server unix:///home/deploy/apps/appname/shared/tmp/sockets/appname-puma.sock;
}

server {
  listen 443;

  ssl on;
  ssl_certificate /etc/nginx/ssl/appname.chained.crt;
  ssl_certificate_key /etc/nginx/ssl/appname.key;

  root /home/deploy/apps/appname/current/public;
  access_log /home/deploy/apps/appname/current/log/nginx.access.log;
  error_log /home/deploy/apps/appname/current/log/nginx.error.log info;

  try_files $uri/index.html $uri @puma;
  location @puma {
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_redirect off;

    proxy_pass http://puma;
  }

  error_page 500 502 503 504 /500.html;
  client_max_body_size 10M;
  keepalive_timeout 10;
}

server {
  listen 80;
  return 301 https://$host$request_uri;
}

当我尝试运行时curl -v https://appname.co.uk,curl 返回:

* Rebuilt URL to: https://appname.co.uk/
*   Trying 52.27.236.227...
* found 187 certificates in /etc/ssl/certs/ca-certificates.crt
* found 758 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_256_GCM_SHA384
*    server certificate verification OK
*    server certificate status verification SKIPPED
*    server certificate expiration date OK
*    server certificate activation date OK
*    certificate public key: RSA
*    certificate version: #3
*    subject: OU=Domain Control Validated,
*    start date: Mon, 21 Dec 2015 16:31:38 GMT
*    expire date: Wed, 21 Dec 2016 16:31:38 GMT
*    issuer: C=US,ST=Arizona,L=Scottsdale,O=GoDaddy.com\, Inc.,OU=http://certs.godaddy.com/repository/,CN=Go Daddy Secure     Certificate Authority - G2
*    compression: NULL
* ALPN, server did not agree to a protocol
> GET / HTTP/1.1
> User-Agent: curl/7.43.0
> Accept: */*
> 
< HTTP/1.1 301 Moved Permanently
< Server: nginx/1.4.6 (Ubuntu)
< Date: Sat, 26 Dec 2015 15:51:14 GMT
< Content-Type: text/html
< Transfer-Encoding: chunked
< Connection: keep-alive
<

这应该会显示我的 Rails 应用程序的主页。这* ALPN, server did not agree to a protocol行有意义吗?为什么 Nginx 返回 301 Moved Permanently?

非常感谢,如果有任何有用的信息请告诉我。

答案1

您的 nginx 配置未显示端口 443 上的任何重定向,并且您声称在 nginx 前面没有负载均衡器,因此重定向可能来自的唯一其他地方是...您的应用程序。

我看到您正在 https 上运行应用程序,但您没有告知 Rails。特别是,您的 nginx 配置缺失:

        proxy_set_header X-Forwarded-Proto $scheme;

我怀疑您的应用程序知道它自己的预期 URL 并试图重定向到它,因为它认为进入的 URL 不是规范的。

添加此项并查看重定向是否停止。

相关内容