1. 技术文章
  2. Nginx with Let's encrypt “Welcome to Nginx” instead of rails app

Nginx with Let's encrypt “Welcome to Nginx” instead of rails app

时间秒杀一切 提交于 2019-12-22 04:39:11

问题


I have recently deployed my Ruby on Rails application to a plain Ubuntu 16.04 DigitalOcean droplet with Nginx, passenger & Let's encrypt.

The rails app worked fine with just passenger and Nginx but after I installed Let's Encrypt, it points to the "Welcome to Nginx" page instead of my rails app.

I am able to make changes to see the "Welcome to Nginx!" page and see the results in the browser.

When I change the root location in my sites-enabled configs to my application path instead of /html I get a 403 Forbidden error.

This is where my application is: /var/www/myapp/code/

I don't know what gives... I keep getting "403 Forbidden nginx/1.14.0" when I try to change the root to my app's /public directory. I've even moved the /html folder into myapp directory and it loads the "Welcome to Nginx!" page there too. Is there something I need to do for it to process my index.html.erb files in my app's views, or, do I need to make a custom index.html without any ERB?

I do not have an index file in my /public directory. What do I need to do for nginx to point to my root_path defined in my rails app's routes?

The permissions are set to root rails for both the (working) "Welcome to Nginx!" index path and myapp/code/public path.

I would love some help, thank you!

My /etc/nginx/sites-enabled/default (without comments):

server {
    root /var/www/myapp/code/public;

    index index.html.erb index.html index.htm index.nginx-debian.html;

    server_name _;

    location / {
            # First attempt to serve request as file, then
            # as directory, then fall back to displaying a 404.
            try_files $uri $uri/ =404;
    }

  listen [::]:443 ssl ipv6only=on; # managed by Certbot
  listen 443 ssl; # managed by Certbot
  ssl_certificate /etc/letsencrypt/live/transverseaudio.com/fullchain.pem; # managed by Certbot
  ssl_certificate_key /etc/letsencrypt/live/transverseaudio.com/privkey.pem; # managed by Certbot
  include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
  ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

server {
    if ($host = www.transverseaudio.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    if ($host = transverseaudio.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


        listen 80 default_server;
        listen [::]:80 default_server;

        server_name _;
    return 404; # managed by Certbot

}

My /etc/nginx/sites-enabled/myapp.conf:

server {
  listen 80;
  server_name transverseaudio.com www.transverseaudio.com;

  # Tell Nginx and Passenger where your app's 'public' directory is
  root /var/www/myapp/code/public;

  # Turn on Passenger
  passenger_enabled on;
  passenger_ruby /usr/local/rvm/gems/ruby-2.5.1/wrappers/ruby;
}

I looked further into my Ruby + Rails config and verified the right versions where installed:

Rails -v = Rails 5.2.0

Ruby -v = ruby 2.5.1p57 (2018-03-29 revision 63029) [x86_64-linux]


回答1:


you describe multiple different problems in your journey. let's tackle them in order they (should) have appeared.

default page

You have correctly identified that the server is serving your root at /var/www/html which is the default homepage. You could try symlinking /var/www/html to you app's public dir, if you don't want to give nginx read access to that directory. The actual issue is, that you are doing a name based hosting and your domain name is configured on the default site and not your myapp.conf. If you move the server_name listed in default to the server_name directive in myapp.conf it would be enough.

Also Passanger is should pick up the requests:

When Passenger handles a request, Nginx will first try and find a matching file in the public directory and if it finds one will serve it directly without passing the request to your app, since many web app frameworks use this directory for static files by default (e.g. Rails, Sinatra). From For a rack app, how do I make passenger-standalone serve the output of .erb files rather of sending the .erb file itself?

403 forbidden

After successfully changing the root of the virtual host, nginx might not be able to read the data there. This could be due to bad file permissions, i.e. the user running nginx cannot read the directory/file.

Also this happens if you don't have an index document and directory indexing is disabled. You can either create a index document or add some rewrite rule.

500

if you tail the logfiles of nginx, it should give you more details for the error message. 500 is a server side error, so nginx should at least give you a hint. I assume it's because of missing in your server section/file.

# Turn on Passenger
passenger_enabled on;
passenger_ruby /usr/local/rvm/gems/ruby-2.3.0/wrappers/ruby;

wrapping it up

ensure also that you have include /etc/nginx/passenger.conf; in your nginx.conf.

so wrapping it all up, I recommend removing the default to get it out of the way.

# redirect non https traffic for the correct domains
server {
    if ($host = www.transverseaudio.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    if ($host = transverseaudio.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    listen 80 default_server;
    listen [::]:80 default_server;

    server_name _;
    return 404; # managed by Certbot

}

server {
  listen [::]:443 ssl ipv6only=on;
  listen 443 ssl;
  ssl_certificate /etc/letsencrypt/live/transverseaudio.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/transverseaudio.com/privkey.pem;
  include /etc/letsencrypt/options-ssl-nginx.conf;
  ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

  # server for these domains
  server_name transverseaudio.com www.transverseaudio.com;

  # first try to serve the erb version.
  index index.html;

  # Tell Nginx and Passenger where your app's 'public' directory is
  root /var/www/myapp/code/public;

  # Turn on Passenger
  passenger_enabled on;
  passenger_ruby /usr/local/rvm/gems/ruby-2.5.1/wrappers/ruby;
}



回答2:


Usually, you shouldn't have multiple server directives with same server_name when using Nginx. Just remove /etc/nginx/sites-enabled/default file. It's useless.

Upgrade your /etc/nginx/sites-enabled/myapp.conf to something like this:

server {

  listen 80;
  listen 443 ssl;

  server_name transverseaudio.com www.transverseaudio.com;

  ssl_certificate /etc/letsencrypt/live/transverseaudio.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/transverseaudio.com/privkey.pem;
  ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

  # Tell Nginx and Passenger where your app's 'public' directory is
  root /var/www/myapp/code/public;

  # Turn on Passenger
  passenger_enabled on;
  passenger_ruby /usr/local/rvm/gems/ruby-2.3.0/wrappers/ruby;
}

Alternative is to move your myapp.conf content to the first server directive of /etc/nginx/sites-enabled/default and remove myapp.conf




回答3:


In my case (with DigitalOcean, after installing CertBot) I just had to change in nginx/sites-enabled/default :

root var/www/html to correct path.



来源:https://stackoverflow.com/questions/51343190/nginx-with-lets-encrypt-welcome-to-nginx-instead-of-rails-app

标签
Ubuntu
nginx
passenger
digital-ocean
lets-encrypt
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!