I've been preparing for production with my rails application and I'm having a lot of trouble with nginx. Compared to development where the assets weren't precompiled, nothing works now. I use sprockets to handle the css, images and fonts and webpacker for the javascript. Problem is, whenever I try anything in the tutorials I see, it doesn't work. I always get erors such as "No route matches [GET] "/packs/js/" or "No route matches [GET] "/assets/...".
Here's what my default.conf looks like :
upstream railsapp {
server hubsite:3000;
}
server {
listen 80 default_server;
listen [::]:80 default_server;
root /app/public;
# Deny requests for files that should never be accessed
location ~ /\. {
deny all;
}
location ~* ^.+\.(rb|log|go|exe)$ {
deny all;
}
try_files $uri #rails;
# serve static (compiled) assets directly if they exist (for rails production)
location ~ ^/(assets|packs|images|javascripts|stylesheets|swfs|system)/ {
try_files $uri #rails;
access_log off;
gzip_static on;
# to serve pre-gzipped version
expires max;
add_header Cache-Control public;
add_header Last-Modified "";
add_header ETag "";
break;
}
location #rails {
proxy_pass http://railsapp;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_redirect off;
}
# 404 HANDLING
location = /404.html {
internal;
}
}
I also tried to modify the proxy_pass for my proper url, but it didn't work. Basically, there would always be a "/portal/" after the url, so like "mytestwebsite.com/portal/signin". All of this is running in a docker container and the root path does seem to be correct from what I checked.
If anyone has an idea as to why it doesn't work, feel free to point me in the good direction! Thanks!
Everything was fine with nginx, problem was that I wasn't properly linking my volumes with my docker-compose!
Related
I have a dockerized Rails app, and the nginx container with some custom config on runtime that I have setup. The setup works perfectly fine on my local machine.
I fire up docker-compose and the nginx container pointing to the app network, everything works like a charm. I'm able to access the app at localhost instead of localhost:8000.
However, I'm currently deploying this on AWS ECS and there's a loadbalancer with HTTPS involved here.
The app gets deployed and both containers are running fine, but urls that I hit are returning a 301 Moved Permanently.
Here's my default.conf
upstream PLACEHOLDER_BACKEND_NAME {
server PLACEHOLDER_BACKEND_NAME:PLACEHOLDER_BACKEND_PORT;
}
server {
listen 80;
server_name www.PLACEHOLDER_VHOST;
return 301 https://$host$request_uri;
}
server {
listen 80 default deferred;
server_name PLACEHOLDER_VHOST;
root /PLACEHOLDER_BACKEND_NAME/public;
# level due to Rail's asset pipeline.
location ~ ^/assets/ {
gzip_static on;
expires max;
add_header Cache-Control public;
add_header Last-Modified "";
add_header ETag "";
}
location ~ /\. {
return 404;
access_log off;
log_not_found off;
}
try_files $uri $uri/index.html $uri.html #PLACEHOLDER_BACKEND_NAME;
location = /favicon.ico {
try_files /favicon.ico = 204;
access_log off;
log_not_found off;
}
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains;";
location #PLACEHOLDER_BACKEND_NAME {
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect off;
if ($http_x_forwarded_proto = "http") {
return 301 https://$host$request_uri;
}
proxy_pass http://PLACEHOLDER_BACKEND_NAME;
}
}
and here's my script that I'm running when the container starts :
#!/usr/bin/env bash
set -e
PLACEHOLDER_BACKEND_NAME="my-api"
PLACEHOLDER_BACKEND_PORT="8000"
PLACEHOLDER_VHOST="$(curl http://169.254.169.254/latest/meta-data/public-hostname)"
DEFAULT_CONFIG_PATH="/etc/nginx/conf.d/default.conf"
sed -i "s/PLACEHOLDER_VHOST/${PLACEHOLDER_VHOST}/g" "${DEFAULT_CONFIG_PATH}"
sed -i "s/PLACEHOLDER_BACKEND_NAME/${PLACEHOLDER_BACKEND_NAME}/g" "${DEFAULT_CONFIG_PATH}"
sed -i "s/PLACEHOLDER_BACKEND_PORT/${PLACEHOLDER_BACKEND_PORT}/g" "${DEFAULT_CONFIG_PATH}"
# Execute the CMD from the Dockerfile and pass in all of its arguments.
exec "$#"
I even tried setting PLACEHOLDER_VHOST in the script to my ELB public DNS but to no avail. What could be the issue here?
I have a Rails 5 app. I'm using the Carrierwave gem to allow image uploads to public/system/....
In reviewing production app for performance tweaks, I realized that I misconfigured nginx, and that it's only serving static files from /assets instead of /assets and /system.
What I have:
location ~ ^/assets/ {
gzip_static on;
expires max;
add_header Cache-Control public;
}
What I (think I) should have:
location ~ ^/(assets|system)/ {
gzip_static on;
expires max;
add_header Cache-Control public;
}
However, config.public_file_server.enabled = false is set in production.rb.
So now i'm confused-- how is Rails serving these images? I'm assuming I have a (grossly) incomplete understanding of how the asset pipeline actually works?
Update: nginx config
upstream puma {
server unix:///home/deploy/apps/myapp/shared/sockets/mydomain.sock;
}
server {
listen 80 default;
server_name mydomain.com;
root /home/deploy/apps/myapp/current/public;
access_log /home/deploy/apps/myapp/shared/log/nginx.access.log;
error_log /home/deploy/apps/myapp/shared/log/nginx.error.log info;
location ~ ^/(assets|system)/ {
gzip_static on;
expires max;
add_header Cache-Control public;
}
location ~ ^/(robots.txt|sitemap.xml.gz)/ {
root /home/deploy/apps/myapp/current/public;
}
try_files $uri/index.html $uri #puma;
location #puma {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://puma;
}
location /cable {
proxy_pass http://puma;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
error_page 500 502 503 504 /500.html;
client_max_body_size 50M;
keepalive_timeout 10;
listen 443 ssl; # managed by Certbot
# ssl certificate info...
}
It would help posting the whole nginx configuration for this application. Rails will respect public_file_server when served by passenger, puma etc. However, it can be easily overriden with nginx.
The common nginx config line
root /home/rails/testapp/public;
basically tells nginx to serve /public "as it is" and makes public_file_server irrelevant.
(perhaps).
I am getting 403 Forbidden. I have checked my nginx/error.log and get directory index of /home/deploy/apps/myapp/current/public/ is forbidden
I have SSL and did a check on https://www.digicert.com/help/ and see my certificates are set up OK.
I am wondering if it could be be perhaps because I don't have any index.html file in my public folder. I am running on Rails 4.2. My public folder has assets, 404.html, 422.html, 500.html, favicon.ico and robots.txt.
My question is, should I be doing something to set up an index.html in my public folder that lets me use my /app/views/static_pages/home.html.erb (set up as root static_pages#home in my routes file)?
I would guess Nginx isn't liking that there is not an index.html to find.
I also went into my static pages controller and added:
def home
render :file => 'public/index.html'
end
This is my nginx config file without SSL
upstream puma {
server unix:///home/laurie/apps/creativehub/shared/tmp/sockets/creativehub-puma.sock;
}
server {
listen 80 default_server deferred;
server_name creativecalgary.ca www.creativecalgary.ca;
root /home/laurie/apps/creativehub/current/public;
access_log /home/laurie/apps/creativehub/current/log/nginx.access.log;
error_log /home/laurie/apps/creativehub/current/log/nginx.error.log info;
location ^~ /assets/ {
gzip_static on;
expires max;
add_header Cache-Control public;
}
try_files $uri/index.html $uri #puma;
location #puma {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://puma;
}
error_page 500 502 503 504 /500.html;
client_max_body_size 10M;
keepalive_timeout 10;
}
This is my first Rails deploy. I am deploying on a digital ocean droplet using SSH on Cloud9 (with capistrano, puma, and nginx).
To use Nginx's X-Accel-Redirect feature with passenger, apparently you use passenger_set_header and, if mapping to another location, passenger_set_cgi_param. For instance, here is a configuration which apparently used to work for someone else:
passenger_set_cgi_param HTTP_X_ACCEL_MAPPING "/home/user/rails_app/shared/files/=/documents/";
passenger_pass_header X-Accel-Redirect;
location ~ ^/documents/(\d\d\d)/(\d\d\d)/(\d\d\d)/(.*)$ {
alias /home/user/rails_app/shared/files/$1/$2/$3/$4;
internal;
}
But with passenger 5 they say in release notes:
[Nginx] The passenger_set_cgi_param option has been removed and
replaced by passenger_set_header and passenger_env_var.
Not much information about how to use the two together though for X-Accel-Redirect. No up-to-date tutorials or blogs seem to show how to do it either. How is this done? I can get the following nginx.conf to work for the rails development server (non-passenger) but it does not work with passenger.
upstream api_server {
server localhost:5000;
# (starting passenger with ``` RAILS_ENV=development passenger start -a 127.0.0.1 -p 5000 -d ```) not using unix:socket for a good reason
}
server {
listen 9000;
server_name $host;
return 301 https://$host:9443$request_uri;
#error_page 497 https://$host:9443$request_uri;
}
server {
charset UTF-8;
server_name localhost 0.0.0.0;
root /var/www/html/app;
listen 9443 ssl;
ssl on;
ssl_certificate /opt/nginx/conf/ssl/app.chain.pem;
ssl_certificate_key /opt/nginx/conf/ssl/app.key.pem;
error_page 497 https://$host:9443$request_uri;
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Expose-Headers' 'Content-Length, Content-Type, Keep-Alive, Date, Server, Transfer-Encoding, Cache-Control';
add_header 'Access-Control-Allow-Headers' 'Content-Length, Content-Type, Keep-Alive, Date, Server, Transfer-Encoding, Cache-Control';
passenger_env_var X-Sendfile-Type "X-Accel-Redirect";
passenger_env_var X-Accel-Mapping "/special/place/on/filesystem/=/protected_files/";
passenger_pass_header X-Accel-Redirect;
passenger_pass_header X-Sendfile-Type;
# --------- Serve static applications --------
location / {
try_files $uri $uri/ /index.html;
}
# --------- API --------
location /protected_files/{
# Used for X-Accel-Redirect
internal;
add_header Pragma "no-cache";
alias /special/place/on/filesystem/;
}
location ~ /(api|auth|raw)/ {
# Host + forwarding headers
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
passenger_pass_header Host;
passenger_pass_header X-Real-IP;
passenger_pass_header X-Forwarded-For;
# Configuration for X-Sendfile style fast & authenticated static serving
proxy_set_header X-Sendfile-Type X-Accel-Redirect;
# proxy_set_header X-Accel-Mapping /mounts/test_data_filesystem/=/protected_files/;
proxy_set_header X-Accel-Mapping /special/place/on/filesystem/=/protected_files/;
passenger_env_var X-Sendfile-Type "X-Accel-Redirect";
passenger_env_var X-Accel-Mapping "/special/place/on/filesystem/=/protected_files/";
passenger_pass_header X-Accel-Redirect;
passenger_pass_header X-Sendfile-Type;
proxy_pass http://api_server;
}
Looks like you found an alternate solution, but posting this in case others run into the same issue and wish to upgrade from Passenger 4 syntax to Passenger 5 along with X-Accel-Redirect.
The following is the changes that worked for me:
Passenger 4 version:
passenger_set_cgi_param HTTP_X_ACCEL_MAPPING /path/to/railsapp/public/=/storage/;
passenger_pass_header X-Accel-Redirect;
location /storage {
root /var/www/shared;
internal;
}
Passenger 5 version:
passenger_set_header X-Sendfile-Type "X-Accel-Redirect";
passenger_env_var HTTP_X_ACCEL_MAPPING /path/to/railsapp/public/=/storage/;
passenger_pass_header X-Accel-Redirect;
location /storage {
root /var/www/shared;
internal;
}
Also, there's a symbolic link to the rails app in /var/www/shared, ln -s /path/to/railsapp/public /var/www/shared/storage, however this can be different based on your nginx configuration.
Hope this helps!
I deployed a Rails 3.2.8 application via Capistrano, with asset pipeline enabled, to my Linode server.
It is running nginx + unicorn.
When I visit my application, the minimised JS and CSS are not being served, although the assets are present in <RAILS_DIR>/public/assets.
$ tree assets
assets
|-- application-66e477d6fd8cf088e8be44affeead089.css
|-- application-66e477d6fd8cf088e8be44affeead089.css.gz
|-- application-7d3ead38a0b5e276a97d48e52044ac31.js
|-- application-7d3ead38a0b5e276a97d48e52044ac31.js.gz
In my application, I can see those exact files not being found:
This is my nginx configuration:
server {
listen 80 default deferred;
server_name me.example.com;
root /home/kennym/apps/app/current/public;
location ^~ /assets/ {
add_header Last-Modified "";
add_header ETag "";
gzip_static on;
expires max;
add_header Cache-Control public;
}
try_files $uri/index.html $uri #unicorn;
location #unicorn {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://unicorn;
}
error_page 500 502 503 504 /500.html;
client_max_body_size 4G;
keepalive_timeout 10;
}
Can you guess what is wrong?
location ^~ /assets/ should be location ~ ^/assets/.
The former is does not match /assets/, the latter is matches a pattern that starts with /assets/
Update your nginx config to get caching and pre-gzipped file serving working again.
I fixed this by commenting out the location ^~ /assets/ block in the nginx.conf.
For those having the same issue, for me the solution was to go into /etc/nginx/conf.d/default.conf and set the root field correctly.