0
私はSSLを使ってNginxサーバーの背後で設定できる開発モードでPumaアプリを実行していますが、プロダクションモードで実行しているPumaアプリと同じことをしようとすると問題が発生します。SSLはPuma開発アプリケーションで動作しますが、プロダクション環境では動作しないのはなぜですか?
関連するコード:
nginx.conf:
upstream puma_lbm_app {
server lbm:40000;
}
server {
listen 40000 ssl default_server;
server_name www.*.com;
ssl_certificate /etc/ssl/LBM/certs/server.crt;
ssl_certificate_key /etc/ssl/LBM/private/server.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
client_max_body_size 4G;
keepalive_timeout 10;
error_page 500 502 504 /500.html;
error_page 503 @503;
server_name localhost puma_lbm_app;
root /usr/src/app/public;
try_files $uri/index.html $uri @puma_lbm_app;
location @puma_lbm_app {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
fastcgi_param HTTPS on;
fastcgi_param HTTP_SCHEME https;
proxy_pass https://puma_lbm_app;
# limit_req zone=one;
access_log /usr/src/app/log/nginx.access.log;
error_log /usr/src/app/log/nginx.error.log;
}
}
puma.rb:開発のための
FROM ruby:2.3-alpine
RUN apk --update add --virtual build-dependencies build-base ruby-dev \
openssl-dev libxml2-dev libxslt-dev sqlite libc-dev linux-headers nodejs \
tzdata sqlite-dev bind-tools curl postgresql-client \
postgresql-dev
RUN gem install bundler
ENV RAILS_ENV production
RUN mkdir -p /usr/src/app
WORKDIR /usr/src/app
COPY . /usr/src/app
ADD http://browserconfig.*.com/*-certs/*-ca-bundle.crt /etc/ssl/certs/ca-bundle.crt
RUN bundle install
EXPOSE 40000
CMD bundle exec puma -C config/puma.rb
dockerfile:生産のための
# Puma can serve each request in a thread from an internal thread pool.
# The `threads` method setting takes two numbers a minimum and maximum.
# Any libraries that use thread pools should be configured to match
# the maximum value specified for Puma. Default is set to 5 threads for minimum
# and maximum, this matches the default thread size of Active Record.
#
threads_count = ENV.fetch("RAILS_MAX_THREADS") { 5 }.to_i
threads threads_count, threads_count
# Specifies the `port` that Puma will listen on to receive requests, default is 3000.
#
port ENV.fetch("PORT") { 40000 }
# Specifies the `environment` that Puma will run in.
#
environment ENV.fetch("RAILS_ENV") { "production" } # this is development when running our dev Puma app
bind 'tcp://0.0.0.0'
# Specifies the number of `workers` to boot in clustered mode.
# Workers are forked webserver processes. If using threads and workers together
# the concurrency of the application would be max `threads` * `workers`.
# Workers do not work on JRuby or Windows (both of which do not support
# processes).
#
# workers ENV.fetch("WEB_CONCURRENCY") { 2 }
# Use the `preload_app!` method when specifying a `workers` number.
# This directive tells Puma to first boot the application and load code
# before forking the application. This takes advantage of Copy On Write
# process behavior so workers use less memory. If you use this option
# you need to make sure to reconnect any threads in the `on_worker_boot`
# block.
#
# preload_app!
# The code in the `on_worker_boot` will be called if you are using
# clustered mode by specifying a number of `workers`. After each worker
# process is booted this block will be run, if you are using `preload_app!`
# option you will want to use this block to reconnect to any threads
# or connections that may have been created at application boot, Ruby
# cannot share connections between processes.
#
# on_worker_boot do
# ActiveRecord::Base.establish_connection if defined?(ActiveRecord)
# end
# Allow puma to be restarted by `rails restart` command.
plugin :tmp_restart
dockerfile
FROM ruby:2.3-alpine
RUN apk --update add --virtual build-dependencies build-base ruby-dev \
openssl-dev libxml2-dev libxslt-dev sqlite libc-dev linux-headers nodejs \
tzdata sqlite-dev bind-tools curl postgresql-client \
postgresql-dev
RUN gem install bundler
ENV RAILS_ENV development
RUN mkdir -p /usr/src/app
WORKDIR /usr/src/app
COPY . /usr/src/app
ADD http://browserconfig.*.com/*-certs/*-ca-bundle.crt /etc/ssl/certs/ca-bundle.crt
RUN bundle install
RUN rake db:migrate
EXPOSE 40000
CMD bundle exec puma -C config/puma.rb
...しかし、それはアプリのよう罰金を示したことがない開発での実行時に行います。
'production.rb'の' config.force_ssl = true'行のコメントを外しましたか? – SomeSchmo