我的目的是为Rails6应用程序设置缓存静态内容的反向代理。我有一个表单标签,里面有一堆要由用户传递的数据(还有很多输入的敏感数据(。在应用Let's Encrypt SSL之前,提交表单可以正常工作。看看我的Nginx配置文件:
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name www.example.com example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
ssl on;
location / {
proxy_cache form_cache;
proxy_ignore_headers "Set-Cookie";
proxy_hide_header "Set-Cookie";
proxy_pass http://127.0.0.1:8080;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-Host $http_host;
}
}
server {
listen 8080;
listen [::]:8080;
server_name localhost;
root /var/www/form/public;
location ~ .(jpe?g|png|gif|ico|svg|css|js|eot|webp|ttf|woff|woff2)$ {
expires 1y;
add_header Cache-Control public;
add_header ETag "";
}
passenger_enabled on;
passenger_app_env workspace;
allow 127.0.0.1;
deny all;
}
提交尝试后,我的应用程序日志中的响应是:
Can't verify CSRF token authenticity.
ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken)
我很困惑,不知道在哪里搜索。是否需要为代理设置任何标头,或者是否需要在Rails应用程序端进行任何中间件配置?请帮帮我。
尝试将以下内容添加到配置
proxy_set_header origin 'http://www.example.com';