I followed Deploying a Rails App on Ubuntu 14.04 with Capistrano, Nginx, and Puma to deploy a Rails app to Digital Ocean.
It suggested to keep nginx.conf (/etc/nginx/sites-enabled/medical-app) as
upstream puma {
server unix:///home/myappuser/apps/medical-app/shared/tmp/sockets/medical-app-puma.sock;
}
server {
listen 80 default_server deferred;
# server_name example.com;
root /home/myappuser/apps/medical-app/current/public;
access_log /home/myappuser/apps/medical-app/current/log/nginx.access.log;
error_log /home/myappuser/apps/medical-app/current/log/nginx.error.log info;
location ^~ /assets/ {
gzip_static on;
expires max;
add_header Cache-Control public;
}
try_files $uri/index.html $uri #puma;
location #puma {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://puma;
}
error_page 500 502 503 504 /500.html;
client_max_body_size 10M;
keepalive_timeout 10;
}
and than I added domain and than installed SSL using let's encrypt
which changed the nginx.conf (/etc/nginx/sites-enabled/medical-app) as following
upstream puma {
server unix:///home/myappuser/apps/medical-app/shared/tmp/sockets/medical-app-puma.sock;
}
server {
listen 80 default_server deferred;
# server_name example.com;
root /home/myappuser/apps/medical-app/current/public;
access_log /home/myappuser/apps/medical-app/current/log/nginx.access.log;
error_log /home/myappuser/apps/medical-app/current/log/nginx.error.log info;
location ^~ /assets/ {
gzip_static on;
expires max;
add_header Cache-Control public;
}
try_files $uri/index.html $uri #puma;
location #puma {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://puma;
}
error_page 500 502 503 504 /500.html;
client_max_body_size 10M;
keepalive_timeout 10;
}
server {
# server_name example.com;
root /home/myappuser/apps/medical-app/current/public;
access_log /home/myappuser/apps/medical-app/current/log/nginx.access.log;
error_log /home/myappuser/apps/medical-app/current/log/nginx.error.log info;
location ^~ /assets/ {
gzip_static on;
expires max;
add_header Cache-Control public;
}
try_files $uri/index.html $uri #puma;
location #puma {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://puma;
}
error_page 500 502 503 504 /500.html;
client_max_body_size 10M;
keepalive_timeout 10;
server_name www.medtib.com medtib.com; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/www.medtib.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/www.medtib.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = medtib.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = www.medtib.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 ;
server_name www.medtib.com medtib.com;
return 404; # managed by Certbot
}
Now https is working fine but if I enable force SSL through Rails config
config.force_ssl = true
Than it gives error page not working with message redirected too many times
and if I try to login with Facebook which requires https than it gives following error
I don't have idea about nginx etc.
You should forward X-Forwarded-Proto header to your application to inform your application which protocol used. (https, http)
Put the following:
proxy_set_header X-Forwarded-Proto $scheme;
Before:
proxy_pass http://puma;
It should do the trick.
Related
I have a rails project that I just deployed to my AWS server. But when I access the IP address of the instance it returns:
The webpage has a redirect loop
This is my nginx conf file
/etc/nginx/conf.d/myapp.conf
upstream unicorn {
server unix:/tmp/sockets/unicorn.sock
fail_timeout=0;
}
server {
listen 80;
server_name 12.34.56.78;
root /home/ubuntu/var/www/myapp/current/public;
return 301 http://12.34.56.78$request_uri;
access_log on;
}
server {
listen 443 default;
server_name 12.34.56.78;
root /home/ubuntu/var/www/myapp/current/public;
location ^~ /assets/ {
gzip_static on;
expires max;
add_header Cache-Control public;
}
try_files $uri/index.html $uri #unicorn;
location #unicorn {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off; proxy_pass http://unicorn;
}
error_page 500 502 503 504 /500.html;
client_max_body_size 20M;
keepalive_timeout 10;
}
I am using nginx + unicorn.
Can anybody shed some light into what I might be doing wrong here. Any help will be greatly appreciated.
Thank you.
Hi I am deploying rails application to digital ocean VPS, I have followed https://coderwall.com/p/yz8cha this blog , all things done well, but now the browser shows only
a blank white page
In nginx log file it shows
invalid host in upstream "/tmp/unicorn.testvpsdo.sock" in /etc/nginx/sites-enabled/testvpsdo:2
What causes the error?,
this is my nginx.conf file
upstream unicorn {
server unix:/tmp/unicorn.testvpsdo.sock fail_timeout=0;
}
server {
listen 80 default_server deferred;
# server_name example.com;
root /home/navin/apps/testvpsdo/current/public;
location ^~ /assets/ {
gzip_static on;
expires max;
add_header Cache-Control public;
}
try_files $uri/index.html $uri #unicorn;
location #unicorn {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://unicorn;
}
error_page 500 502 503 504 /500.html;
client_max_body_size 20M;
keepalive_timeout 10;
}
I know there is a lot of question on a similar problem but I can find the solution for my case. I have this nginx configuration :
upstream unicorn {
server unix:/tmp/unicorn.lescollectionneurs.sock fail_timeout=0;
}
server {
listen 80 default deferred;
# server_name example.com;
root /home/deployer/apps/lescollectionneurs/current/public;
location ^~ /assets/ {
gzip_static on;
expires max;
add_header Cache-Control public;
}
try_files $uri/index.html $uri #unicorn;
location #unicorn {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://unicorn;
}
error_page 500 502 503 504 /500.html;
client_max_body_size 4G;
keepalive_timeout 10;
}
server {
listen 443 default ssl;
# server_name example.com;
root /home/deployer/apps/lescollectionneurs/current/public;
ssl on;
ssl_certificate /etc/ssl/certs/myssl.crt;
ssl_certificate_key /etc/ssl/private/myssl.key;
ssl_session_timeout 5m;
ssl_protocols sslv3 tlsv1 tlsv1.1 tlsv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location ^~ /assets/ {
gzip_static on;
expires max;
add_header Cache-Control public;
}
try_files $uri/index.html $uri #unicorn;
location #unicorn {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://unicorn;
}
error_page 500 502 503 504 /500.html;
client_max_body_size 4G;
keepalive_timeout 10;
}
In my rails application, I have config.force_ssl = true. When I log at the nginx's logs, I have a redirection loop and it fail in the browser. There is nothing in my production logs.
What can I do?
The solution was only to add proxy_set_header X-Forwarded-Proto $scheme; in the location block in the ssl part.
I am using the page caching gem on Rails 4. I have a web server running nginx, app server running unicorn and rails, and db server running postgre.
When page cache is generated on the app server, nginx will not serve the static files. Only after I set
config.serve_static_assets = true
where the page cache will work in production. I don't think this is ideal though given that now rails is serving the static file.
How do I get nginx to serve my page caches located on the app server?
Here is my nginx config:
upstream unicorn {
server <%= app_private_ip %>:8080 fail_timeout=0;
}
server {
# listen [::]:80 ipv6only=on default_server;
listen 80 default deferred;
server_name <%= domain %>;
# rewrite ^(.*) https://<%= domain %>$1 permanent;
root <%= current_path %>/public;
sendfile on;
if (-f $document_root/system/maintenance.html) {
return 503;
}
error_page 503 #maintenance;
location #maintenance {
rewrite ^(.*)$ /system/maintenance.html last;
break;
}
location ^~ /assets/ {
gzip_static on;
expires max;
add_header Cache-Control public;
}
try_files $uri/index.html $uri #unicorn;
location #unicorn {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://unicorn;
}
error_page 500 502 503 504 /500.html;
client_max_body_size 4G;
keepalive_timeout 10;
server_tokens off;
}
server {
listen 443;
server_name <%= domain %>;
ssl on;
ssl_certificate /home/<%= user %>/ssl/<%= domain %>.pem;
ssl_certificate_key /home/<%= user %>/ssl/<%= domain %>.key;
root <%= current_path %>/public;
sendfile on;
if (-f $document_root/system/maintenance.html) {
return 503;
}
error_page 503 #maintenance;
location #maintenance {
rewrite ^(.*)$ /system/maintenance.html last;
break;
}
location ^~ /assets/ {
gzip_static on;
expires max;
add_header Cache-Control public;
}
try_files $uri/index.html $uri #unicorn;
location #unicorn {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://unicorn;
}
error_page 500 502 503 504 /500.html;
client_max_body_size 4G;
keepalive_timeout 10;
server_tokens off;
}
The nginx try_files directive lets you set cascading ways to resolve the static file for a URI in different locations/backends.
It looks like you need to move your try_files directive into a location block for it to work properly:
location / {
try_files $uri #unicorn;
}
This should tell nginx to try resolve paths locally by URI before passing the request to your unicorn backend.
The page caching gem asks you to set the cache directory to 'public/cache' in
application.rb;
config.action_controller.page_cache_directory = "#{Rails.root.to_s}/public/cache"
so your try_files line should be;
try_files /cache/$uri/index.html /cache/$uri #unicorn;
otherwise you can just set the page_cache_directory to;
"#{Rails.root.to_s}/public" and not change your current nginx config.
I have a Rails 3.2.13 app that I am trying to configure SSL for with Nginx and Unicorn. I want to be able to tell some controllers and some controller actions to 'force_ssl' and to properly redirect. I have been able to get this working so that I can manually hit the app with 'https://foo.com' and things work. When I put 'force_ssl' into a controller action, let's say users#index:
class UsersController < ApplicationController
force_ssl
def index
# do some stuff
end
end
I would expect that if I navigate to 'http://foo.com/users' that it would redirect to 'https://foo.com/users'.
It does not.
Instead, it redirects to: 'https://unicorn_foo/users'. What am I missing?
nginx.conf:
upstream unicorn_foo {
server unix:/tmp/unicorn.foo.sock fail_timeout=0;
}
server {
listen 80 default;
server_name foo.com;
root /home/webuser/apps/foo/current/public;
location ^~ /assets/ {
gzip_static on;
expires max;
add_header Cache-Control public;
}
try_files $uri/index.html $uri #unicorn_foo;
location #unicorn_foo {
proxy_set_header X-Forwarded-Proto http;
proxy_pass http://unicorn_foo;
}
error_page 500 502 503 504 /500.html;
client_max_body_size 5G;
keepalive_timeout 10;
send_timeout 240;
sendfile_max_chunk 5m;
}
server {
listen 443;
server_name foo.com;
root /home/webuser/apps/foo/current/public;
location ^~ /assets/ {
gzip_static on;
expires max;
add_header Cache-Control public;
}
try_files $uri/index.html $uri #unicorn_foo;
location #unicorn_foo {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://unicorn_foo;
}
error_page 500 502 503 504 /500.html;
client_max_body_size 5G;
keepalive_timeout 10;
ssl on;
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ALL:-ADH:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP;
ssl_session_cache shared:SSL:10m;
send_timeout 240;
sendfile_max_chunk 5m;
}
First guess... the port 80 server block does not pass the host through, maybe that's it?
proxy_set_header Host $http_host;
The SSL block does, but if you start at the non-SSL side and Rails picks it up, it might not have the full header there?