My setup:
AWS上的
-
Rails 4应用程序 .
-
运行nginx独角兽
我想通过https访问控制器中的所有操作 . 所以我做了以下事情:
-
将force_ssl添加到该控制器 .
-
scp 'ed the key and cert to /etc/ssl/ on the AWS host. This key/cert was generated by AWS. Changed the owner of both those files to ' deployer'(我认为这是运行nginx / unicorn的用户) .
-
在我的nginx.conf中添加了以下内容:
server {
listen 443;
ssl on;
ssl_certificate /etc/ssl/cert.cer;
ssl_certificate_key /etc/ssl/key.cer;
root /path/to/public;
location ^~ /assets/ {
gzip_static on;
expires max;
add_header Cache-Control public;
}
try_files $uri/index.html $uri @unicorn;
location @unicorn {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://unicorn;
}
error_page 500 502 503 504 /500.html;
client_max_body_size 4G;
keepalive_timeout 10;
}
大部分说明来自:http://seaneshbaugh.com/posts/configuring-nginx-and-unicorn-for-force_ssl
现在,当我转到http://example.com/my_ssl_controller/action时,它将我重定向到https://example.com/my_ssl_controller/action,然后呈现503 "Service Temporarily Unavailable"错误 .
-
我是否需要从AWS仪表板对框进行一些更改? (例如,打开端口443) .
-
在rails应用程序之外的主机上是否还有其他配置要更改?
感谢您的帮助!