ini 使用puma [ssl和non-ssl版本]为rails 4应用程序配置Nginx

Posted 2021-05-24

tags:

篇首语：本文由小常识网(cha138.com)小编为大家整理，主要介绍了ini 使用puma [ssl和non-ssl版本]为rails 4应用程序配置Nginx相关的知识，希望对你有一定的参考价值。

upstream myapp_puma {
  server unix:/tmp/myapp_puma.sock fail_timeout=0;
}
 
# for redirecting to non-www version of the site
server {
    listen  80;
    server_name  www.example.com;
    rewrite ^(.*) http://example.com$1 permanent;
}

server {
  listen  80 default;
  server_name example.com;
  root /home/username/example.com/current/public;

  location ^~ /assets/ {
    gzip_static on;
    expires max;
    add_header Cache-Control public;
  }

  try_files $uri/index.html $uri @myapp_puma;
  location @myapp_puma {
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-Proto http;
    proxy_redirect off;
    proxy_pass http://myapp_puma;
  }

  error_page 500 502 503 504 /500.html;
  client_max_body_size 4G;
  keepalive_timeout 10;
}

## Running puma
# bundle exec puma -e production -d -b unix:///tmp/myapp_puma.sock

upstream myapp_puma {
  server unix:/tmp/myapp_puma.sock fail_timeout=0;
}

# for redirecting to https version of the site
server {
       listen 80;
       rewrite ^(.*) https://$host$1 permanent;
 }
 
# for redirecting to non-www version of the site
server {
    listen  80;
    server_name  www.example.com;
    rewrite ^(.*) http://example.com$1 permanent;
}


server {
  listen  443 default ssl;
  server_name example.com;
  root /home/username/example.com/current/public;

  ssl on;
  ssl_certificate /home/username/.comodo_certs/example.com.crt;
  ssl_certificate_key /home/username/.comodo_certs/example.com.key;

  ssl_session_timeout  5m;

  ssl_protocols  SSLv2 SSLv3 TLSv1;
  ssl_ciphers  HIGH:!aNULL:!MD5;
  ssl_prefer_server_ciphers   on;

  location ^~ /assets/ {
    gzip_static on;
    expires max;
    add_header Cache-Control public;
  }

  try_files $uri/index.html $uri @myapp_puma;
  location @myapp_puma {
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-Proto https;
    proxy_redirect off;
    proxy_pass http://myapp_puma;
  }

  error_page 500 502 503 504 /500.html;
  client_max_body_size 4G;
  keepalive_timeout 10;
}

ini 使用强制SSL和www到非www重定向的ProcessWire的Nginx站点配置

# nginx site config for processwire with forced SSL and www to non-redirect

# redirect from www to non-www forced SSL
# uncomment, save file and restart Nginx to enable
# if unsure use return 302 before using return 301
 server {
  server_name domain.com www.domain.com;
  return 301 https://$server_name$request_uri;
 }

server {
	listen 443 ssl;

	root /home/nginx/domains/domain.com/public;
	server_name domain.com www.domain.com;
	ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem;
	
  ##  redirect https www to https non-www
	if ($host = 'www.domain.com' ) {
		return 301 https://domain.com$request_uri;
	}

	client_max_body_size 50m;
	access_log /home/nginx/domains/domain.com/log/access.log;
	error_log /home/nginx/domains/domain.com/log/error.log;

	# -----------------------------------------------------------------------------------------------
	# Set default directory index files
	# -----------------------------------------------------------------------------------------------

	index index.php index.html index.htm;

	# -----------------------------------------------------------------------------------------------
	# Access Restrictions: Protect ProcessWire system files
	# -----------------------------------------------------------------------------------------------

	# Block access to ProcessWire system files
	location ~ \.(inc|info|module|sh|sql)$ {
		deny all;
	}

	# Block access to any file or directory that begins with a period
	location ~ /\. {
		deny all;
	}

	# Block access to protected assets directories
	location ~ ^/(site|site-[^/]+)/assets/(cache|logs|backups|sessions|config|install|tmp)($|/.*$) {
		deny all;
	}

	# Block acceess to the /site/install/ directory
	location ~ ^/(site|site-[^/]+)/install($|/.*$) {
		deny all;
	}

	# Block dirs in /site/assets/ dirs that start with a hyphen
	location ~ ^/(site|site-[^/]+)/assets.*/-.+/.* {
		deny all;
	}

	# Block access to /wire/config.php, /site/config.php, /site/config-dev.php, and /wire/index.config.php
	location ~ ^/(wire|site|site-[^/]+)/(config|index\.config|config-dev)\.php$ {
		deny all;
	}

	# Block access to any PHP-based files in /templates-admin/
	location ~ ^/(wire|site|site-[^/]+)/templates-admin($|/|/.*\.(php|html?|tpl|inc))$ {
		deny all;
	}

	# Block access to any PHP or markup files in /site/templates/
	location ~ ^/(site|site-[^/]+)/templates($|/|/.*\.(php|html?|tpl|inc))$ {
		deny all;
	}

	# Block access to any PHP files in /site/assets/
	location ~ ^/(site|site-[^/]+)/assets($|/|/.*\.php)$ {
		deny all;
	}

	# Block access to any PHP files in core or core module directories
	location ~ ^/wire/(core|modules)/.*\.(php|inc|tpl|module)$ {
		deny all;
	}

	# Block access to any PHP files in /site/modules/
	location ~ ^/(site|site-[^/]+)/modules/.*\.(php|inc|tpl|module)$ {
		deny all;
	}

	# Block access to any software identifying txt files
	location ~ ^/(COPYRIGHT|INSTALL|README|htaccess)\.(txt|md)$ {
		deny all;
	}

	# Block all http access to the default/uninstalled site-default directory
	location ~ ^/site-default/ {
		deny all;
	}

	# -----------------------------------------------------------------------------------------------
	# If the request is for a static file, then set expires header and disable logging.
	# Give control to ProcessWire if the requested file or directory is non-existing.
	# -----------------------------------------------------------------------------------------------

	location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|eot|woff|ttf)$ {
		expires 24h;
		log_not_found off;
		access_log off;
		try_files $uri $uri/ /index.php?it=$uri&$args;
	}

	# -----------------------------------------------------------------------------------------------
	# This location processes all other requests. If the request is for a file or directory that
	# physically exists on the server, then load the file. Else give control to ProcessWire.
	# -----------------------------------------------------------------------------------------------

	location / {
		try_files $uri $uri/ /index.php?it=$uri&$args;
	}

	# -----------------------------------------------------------------------------------------------
	# Pass .php requests to fastcgi socket
	# -----------------------------------------------------------------------------------------------

	location ~ \.php$ {

		# Check if the requested PHP file actually exists for security
		try_files $uri =404;

		# Fix for server variables that behave differently under nginx/php-fpm than typically expected
		fastcgi_split_path_info ^(.+\.php)(/.+)$;

		# Set environment variables
		include fastcgi_params;
		fastcgi_param PATH_INFO $fastcgi_path_info;
		fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

		# Pass request to php-fpm fastcgi socket
		#fastcgi_pass unix:/var/run/domain.com_fpm.sock;
		fastcgi_pass   127.0.0.1:9000;
	}
}

以上是关于ini 使用puma [ssl和non-ssl版本]为rails 4应用程序配置Nginx的主要内容，如果未能解决你的问题，请参考以下文章

使用 SSL 和 Nginx 运行 Puma

Capistrano在升级ruby版本和puma时重启错误版本的puma

Puma::MiniSSL::SSLError: OpenSSL error: error:1417A0C1:SSL routines:tls_post_process_client_hello:no

如何将 WCF 配置为接受 SSL 和非 SSL

SSL 证书在 WordPress 更新中通过纯 HTTP（非 SSL）验证失败

macos 10.11安装mysql并提示“dyld: Symbol not found: _SSL_library_ini”