Question

我正在使用AWS部署我的Rails应用。请求流喜欢这个

request -> AWS ELB (80, 443 SSL) -> EC2 (80) force to use https -> Unicorn

我刚刚关注了devise文档并使用了回调链接/users/auth/facebook。

当使用http运行时，它运行正常，但当我强制在EC2上加载https时，回调将返回

http://domain.com:443/users/auth/facebook

而不是

https://domain.com/users/auth/facebook

然后它停留在这里。

我应该检查什么？由于我已经重新检查Nginx配置，在Facebook应用设置... 谢谢！

更新

我尝试使用此设置

80 ELB -> 80 EC2
443 ELB -> 443 EC2

在EC2上将http请求重定向到https但发生了同样的问题。

Answer 1

我在Elastic Load Balancer后面有两个AWS Opsworks实例。

OpsWorks实例堆栈是Ruby on Rails + Nginx + Unicorn。

我希望我的网站在http和https都可用，因此我配置了正确的nginx服务器并在我的Rails应用程序我留下了这一行评论：

<强>配置/环境/ production.rb

# config.force_ssl = true

但是我遇到了像你这样的问题！

<强>问题：

当用户从http登录时，一切都很好，但是对于从HTTPS登录的用户，来自facebook / twitter / instagram并设计omniauth，他们会重定向到一个错误的网址：的 http://www.examplesite.com:443 /users/auth/facebook/callback?code=xxx...xxx

我配置了ELB侦听器（在AWS控制台内部），就像您在下面的方式中所做的那样，为https部分提供了我的证书：

请注意，HTTPS ==＆gt;的 HTTP

**问题出在我的nginx配置**中我修复了它在80服务器部分内删除这一行：

proxy_set_header X-Forwarded-Proto http;

所以最后这是我的nginx文件（在服务器80中看起来独角兽）：

upstream unicorn_examplesite.com { server unix:/srv/www/examplesite_pics/shared/sockets/unicorn.sock fail_timeout=0; } server { listen 443 default deferred; server_name www.examplesite.com; access_log /var/log/nginx/examplesite.com.access.log; root /srv/www/examplesite_pics/current/public; location ~ ^/(system|assets|img|fonts|css|doc)/ { add_header "Access-Control-Allow-Origin" "*"; expires max; access_log off; allow all; add_header Cache-Control public; break; } try_files $uri/index.html $uri @unicorn; ssl on; ssl_certificate /etc/nginx/ssl/examplesite.com.crt; ssl_certificate_key /etc/nginx/ssl/examplesite.com.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; location @unicorn { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto https; proxy_set_header Host $http_host; proxy_redirect off; proxy_read_timeout 60; proxy_send_timeout 60; proxy_pass http://unicorn_examplesite.com; } error_page 500 502 503 504 /500.html; client_max_body_size 4G; keepalive_timeout 70; } server { listen 80 default deferred; server_name www.examplesite.com; access_log /var/log/nginx/examplesite.com.access.log; root /srv/www/examplesite_pics/current/public; location ~ ^/(system|assets|img|fonts|css|doc)/ { add_header "Access-Control-Allow-Origin" "*"; expires max; access_log off; allow all; add_header Cache-Control public; break; } try_files $uri/index.html $uri @unicorn; location @unicorn { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_redirect off; proxy_read_timeout 60; proxy_send_timeout 60; proxy_pass http://unicorn_examplesite.com; } error_page 500 502 503 504 /500.html; client_max_body_size 4G; keepalive_timeout 70; } server { listen 80; server_name *.examplesite.com; access_log /var/log/nginx/examplesite.com.access.log; root /srv/www/examplesite_pics/current/public; location ~ ^/(system|assets|img|fonts|css|doc)/ { add_header "Access-Control-Allow-Origin" "*"; expires max; access_log off; allow all; add_header Cache-Control public; break; } try_files $uri/index.html $uri @unicorn; location @unicorn { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_redirect off; proxy_read_timeout 60; proxy_send_timeout 60; proxy_pass http://unicorn_examplesite.com; } error_page 500 502 503 504 /500.html; client_max_body_size 4G; keepalive_timeout 70; } server { listen 443; server_name *.examplesite.com; access_log /var/log/nginx/examplesite.com.access.log; root /srv/www/examplesite_pics/current/public; location ~ ^/(system|assets|img|fonts|css|doc)/ { add_header "Access-Control-Allow-Origin" "*"; expires max; access_log off; allow all; add_header Cache-Control public; break; } try_files $uri/index.html $uri @unicorn; ssl on; ssl_certificate /etc/nginx/ssl/examplesite.com.crt; ssl_certificate_key /etc/nginx/ssl/examplesite.com.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; location @unicorn { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto https; proxy_set_header Host $http_host; proxy_redirect off; proxy_read_timeout 60; proxy_send_timeout 60; proxy_pass http://unicorn_examplesite.com; } error_page 500 502 503 504 /500.html; client_max_body_size 4G; keepalive_timeout 70; } server { listen 443; server_name examplesite.com www.examplesite.it examplesite.it; access_log /var/log/nginx/examplesite.com.access.log; return 301 $scheme://www.examplesite.com$request_uri; } server { listen 80; server_name examplesite.com www.examplesite.it examplesite.it; access_log /var/log/nginx/examplesite.com.access.log; return 301 https://www.examplesite.com$request_uri; }

希望它有所帮助！

Rails设计Omiauth回调返回domain.com:443而不是https://domain.com

更新

1 个答案: