我正在开发一个电子商务网站。开发Ruby on Rails。Nginx作为web服务器,unicorn作为应用服务器。在我的应用程序中,我想实现ssl仅为支付页面,意味着仅为特定的url。我试着调整我的路线。我使用gem 'rack-ssl-enforcer'。我在环境文件
中给出的gem配置如下所示config.middleware.use Rack::SslEnforcer,
:redirect_to => 'https://demo.domain.com', # For when behind a proxy, like nginx
:only => [/^/payment//], # Force SSL on everything behind /admin and /authors
:strict => true
我配置我的nginx如下所示。我提供了两个服务器块,一个用于普通的http://,一个用于ssl(https://).
)。upstream unicorn_domain {
# This is the socket we configured in unicorn.rb
server unix:/home/ubuntu/root_path/tmp/sockets/unicorn.sock fail_timeout=30;
}
server {
listen 80;
client_max_body_size 4G;
server_name demo.domain.com;
keepalive_timeout 5;
# Location of our static files
root /home/ubuntu/1DRecruit/root_path/public;
access_log /home/ubuntu/root_path/log/nginx/nginx.access.log;
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
# If you don't find the filename in the static files
# Then request it from the unicorn server
if (!-f $request_filename) {
proxy_pass http://unicorn_domain;
break;
}
if ($request_uri ~* ".(ico|css|js|gif|jpe?g|png)?[0-9]+$") {
expires max;
break;
}
}
}
server {
listen 443 ssl;
client_max_body_size 4G;
ssl on;
ssl_certificate /etc/nginx/ssl/example.com_chain.pem;
ssl_certificate_key /etc/nginx/ssl/example.com.key;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers ALL:-ADH:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP;
ssl_session_cache shared:SSL:10m;
keepalive_timeout 5;
# Location of our static files
root /home/ubuntu/root_path/public;
location / {
proxy_set_header X-Forwarded-Proto https;
}
}
这样配置后,nginx不显示任何错误,而重新启动,当我们采取的网站,它是正确加载。但是当我们去支付页面的url是改变为https://,但它显示和nginx错误404 Not found。当查看nginx错误日志时,错误显示为
[error] 2532#0: *1 open() "/home/ubuntu/root_path/public/payment/make_payment" failed (2: No such file or directory), client: 110.235.112.69, server: , request: "GET /payment/make_payment?id=9 HTTP/1.1", host: "demo.domain.com", referrer: "http://demo.domain.com/posters/home"
我使用startssl作为证书。我无法解决这个问题。解决这个问题非常重要。有谁能帮我解决这个问题吗?
谢谢你,关于
您可以尝试这样做:
/应用/中间件)/force_ssl.rb
class ForceSSL
def initialize(app)
@app = app
end
def call(env)
path = env["PATH_INFO"].to_s.squeeze("/")
# only force ssl on billing related requests
if path.match(/^/installations/d+/billing/) && env['HTTPS'] != 'on' && env['HTTP_X_FORWARDED_PROTO'] != 'https'
req = Rack::Request.new(env)
[301, { "Location" => req.url.gsub(/^http:/, "https:") }, []]
elsif !path.match(/^/installations/d+/billing/) && !path.match(/^/facebook//) && (env['HTTPS'] == 'on' || env['HTTP_X_FORWARDED_PROTO'] == 'https')
req = Rack::Request.new(env)
[301, { "Location" => req.url.gsub(/^https:/, "http:") }, []]
else
@app.call(env)
end
end
end
我希望它对你有用。让我知道