使用 Let's encrypt "Welcome to Nginx" 而不是 rails 应用程序的 Nginx

Question

我最近在 Rails 应用程序上部署了我的 Ruby 到一个普通的 Ubuntu 16.04 DigitalOcean droplet with Nginx, passenger & Let's encrypt.

rails 应用程序仅适用于 passenger 和 Nginx，但在我安装 Let's Encrypt 后，它指向 "Welcome to Nginx" 页面而不是我的 rails 应用程序。

我可以进行更改以查看 "Welcome to Nginx!" 页面并在浏览器中查看结果。

当我将启用站点的配置中的根位置更改为我的应用程序路径而不是 /html 时，我收到 403 禁止错误。

这是我的应用程序所在的位置：/var/www/myapp/code/

我不知道是什么原因...当我尝试将根更改为我的应用程序的 /public 目录时，我不断收到“403 Forbidden nginx/1.14.0”。我什至将 /html 文件夹移动到 myapp 目录，它也会在那里加载 "Welcome to Nginx!" 页面。我需要做些什么才能在我的应用程序视图中处理我的 index.html.erb 文件，或者我是否需要制作一个没有任何 ERB 的自定义 index.html？

I do not have an index file in my /public directory. What do I need to do for nginx to point to my root_path defined in my rails app's routes?

The permissions are set to root rails for both the (working) "Welcome to Nginx!" index path and myapp/code/public path.

我需要一些帮助，谢谢！

我的/etc/nginx/sites-enabled/default（无评论）：

server {
    root /var/www/myapp/code/public;

    index index.html.erb index.html index.htm index.nginx-debian.html;

    server_name _;

    location / {
            # First attempt to serve request as file, then
            # as directory, then fall back to displaying a 404.
            try_files $uri $uri/ =404;
    }

  listen [::]:443 ssl ipv6only=on; # managed by Certbot
  listen 443 ssl; # managed by Certbot
  ssl_certificate /etc/letsencrypt/live/transverseaudio.com/fullchain.pem; # managed by Certbot
  ssl_certificate_key /etc/letsencrypt/live/transverseaudio.com/privkey.pem; # managed by Certbot
  include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
  ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

server {
    if ($host = www.transverseaudio.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    if ($host = transverseaudio.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


        listen 80 default_server;
        listen [::]:80 default_server;

        server_name _;
    return 404; # managed by Certbot

}

我的/etc/nginx/sites-enabled/myapp.conf:

server {
  listen 80;
  server_name transverseaudio.com www.transverseaudio.com;

  # Tell Nginx and Passenger where your app's 'public' directory is
  root /var/www/myapp/code/public;

  # Turn on Passenger
  passenger_enabled on;
  passenger_ruby /usr/local/rvm/gems/ruby-2.5.1/wrappers/ruby;
}

我进一步查看了我的 Ruby + Rails 配置并验证了安装的正确版本：

Rails-v=Rails 5.2.0

Ruby-v=ruby 2.5.1p57 (2018-03-29 revision 63029) [x86_64-linux]

Answer 1

通常，在使用 Nginx 时，您不应该有多个具有相同 server_name 的服务器指令。只需删除 /etc/nginx/sites-enabled/default 文件。没用。

将您的 /etc/nginx/sites-enabled/myapp.conf 升级为这样的东西：

server {

  listen 80;
  listen 443 ssl;

  server_name transverseaudio.com www.transverseaudio.com;

  ssl_certificate /etc/letsencrypt/live/transverseaudio.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/transverseaudio.com/privkey.pem;
  ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

  # Tell Nginx and Passenger where your app's 'public' directory is
  root /var/www/myapp/code/public;

  # Turn on Passenger
  passenger_enabled on;
  passenger_ruby /usr/local/rvm/gems/ruby-2.3.0/wrappers/ruby;
}

另一种方法是将您的 myapp.conf 内容移动到 /etc/nginx/sites-enabled/default 的第一个服务器指令并删除 myapp.conf

Answer 2

您描述了旅途中的多个不同问题。让我们按照它们（应该）出现的顺序处理它们。

默认页面

您已正确识别出服务器在 /var/www/html 为您的根目录提供服务，这是默认主页。如果您不想授予 nginx 对该目录的读取权限，您可以尝试将 /var/www/html 符号链接到您应用程序的 public 目录。实际问题是，您正在进行基于名称的托管，并且您的域名是在默认站点上配置的，而不是您的 myapp.conf。如果将默认列出的 server_name 移动到 myapp.conf 中的 server_name 指令就足够了。

另外 Passanger 应该领取以下请求：

When Passenger handles a request, Nginx will first try and find a matching file in the public directory and if it finds one will serve it directly without passing the request to your app, since many web app frameworks use this directory for static files by default (e.g. Rails, Sinatra). From For a rack app, how do I make passenger-standalone serve the output of .erb files rather of sending the .erb file itself?

403禁止

成功更改虚拟主机的根目录后，nginx 可能无法读取那里的数据。这可能是由于错误的文件权限，即用户运行 nginx 无法读取 directory/file.

如果您没有索引文档并且目录索引被禁用，也会发生这种情况。您可以创建索引文档或添加一些重写规则。

500

如果您 tail nginx 的日志文件，它应该会为您提供更多错误消息的详细信息。 500 是服务器端错误，所以 nginx 至少应该给你一个提示。我认为这是因为您的服务器中缺少 section/file.

# Turn on Passenger
passenger_enabled on;
passenger_ruby /usr/local/rvm/gems/ruby-2.3.0/wrappers/ruby;

总结

还要确保您的 nginx.conf 中有 include /etc/nginx/passenger.conf;。

总而言之，我建议删除默认设置以解决问题。

# redirect non https traffic for the correct domains
server {
    if ($host = www.transverseaudio.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    if ($host = transverseaudio.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    listen 80 default_server;
    listen [::]:80 default_server;

    server_name _;
    return 404; # managed by Certbot

}

server {
  listen [::]:443 ssl ipv6only=on;
  listen 443 ssl;
  ssl_certificate /etc/letsencrypt/live/transverseaudio.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/transverseaudio.com/privkey.pem;
  include /etc/letsencrypt/options-ssl-nginx.conf;
  ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

  # server for these domains
  server_name transverseaudio.com www.transverseaudio.com;

  # first try to serve the erb version.
  index index.html;

  # Tell Nginx and Passenger where your app's 'public' directory is
  root /var/www/myapp/code/public;

  # Turn on Passenger
  passenger_enabled on;
  passenger_ruby /usr/local/rvm/gems/ruby-2.5.1/wrappers/ruby;
}

Answer 3

在我的例子中（使用 DigitalOcean，在安装 CertBot 之后）我只需要更改 nginx/sites-enabled/default :

root var/www/html 更正路径。

使用 Let's encrypt "Welcome to Nginx" 而不是 rails 应用程序的 Nginx

Nginx with Let's encrypt "Welcome to Nginx" instead of rails app

ubuntu

passenger

nginx

digital-ocean

lets-encrypt