重定向到 HTTPS 时,rails 中的多个重定向
情况如下(我使用的是Rails 3.1)。
我有以下路线:
match 'login', :to => 'sessions#new'
非常标准。我的 Apache 虚拟主机文件中也有此重定向规则:
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule (/login$) https://%{HTTP_HOST}%{REQUEST_URI}
当我导航到 https://hostname.dom/login 我从浏览器收到 301 状态代码(重定向过多)。有人能指出这里的幕后发生了什么吗?谢谢。
The situation is as follows (I am using Rails 3.1).
I have the following route:
match 'login', :to => 'sessions#new'
Pretty standard. I also have this redirect rule in my Apache virtual hosts file:
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule (/login$) https://%{HTTP_HOST}%{REQUEST_URI}
When I navigate to https://hostname.dom/login I get a 301 status code from my browser (too many redirects). Can someone point out what's going on behind the hood here? Thanks.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
我会通过 Rails 而不是 apache 来处理这个重定向。出错的可能性较小,并且消除了 Rails 应用程序与某个 Web 服务器(本例中为 apache)的耦合。
对于 Rails 3.0.X 和以前的使用
SSL_Requirement 对于 3.1.X 及更高版本,它是在 'force_ssl' 方法。
ssl_requirement 示例:
force_ssl 示例:
I would handle this redirect through rails instead of apache. Less chance of errors and Removes coupling of your rails app to a certain web server(apache in this case).
For Rails 3.0.X and previous use
SSL_Requirement and for 3.1.X and later use it's baked in 'force_ssl' method.
ssl_requirement example:
force_ssl example:
如果您有权访问网络服务器配置并且每个页面都应该位于 HTTPS 连接后面,我建议不要在应用程序层上使用 SSL 处理。这是为什么?
当您正在开发一个简单的应用程序时,没有理由在应用程序和外部之间使用负载平衡器。但是,当您需要管理负载平衡并拥有备份环境时,负载平衡器是一个解决方案。
由于 SSL 握手和签名请求需要 CPU 周期,因此负载均衡器可以在没有 SSL 的情况下与每个内部 Web 服务器通信,但可以与外部通信。
如果您的应用程序正在增长,请将环境的各个部分视为层。每一层都有责任。只有当你愿意的时候,混合责任才能发生。
I'd suggest do not use SSL hanldling on Application layer if you have an access to webserver configuration and every page should be behind the HTTPS connections. Why is that?
While you are working on a simple application, no reasons to have load balancer between the application and outside. But when you should manage load balancining and have backup environment, the Load balancer is a solutuon.
Since SSL handshake and sign request takes CPU cycles, the Load Balancer can talk to each internal webserver without SSL, but the outside.
In case of your application is growing, think about parts of environment as layers. Each of layers has responsibility. Mix of responsibility can take a place only if you want you do.
好吧,答案或多或少是虚拟主机的配置错误。 NameVirtualHost 指令分布在各个单独的文件中,每个文件都配置了自己的虚拟主机。此后,我将所有 NameVirtualHost 指令合并到一个文件中,该文件在加载任何单个虚拟主机之前加载。
其中一台虚拟主机实际上使用了错误的命名主机。具体来说,登台环境和开发/测试环境都安装在本地,但显然是在不同的 URL 下访问的。一个是在 /etc/hosts 中配置的 http://data.localhost/ ,另一个是 http://data.domain.name/。因此,前者解析为 127.0.0.1,另一个解析为 192.168.xx 但是,两个虚拟主机都试图解析为 127.0.0.1,所以显然这会破坏事情。我只是为每个主机配置指定了正确的命名主机,并重新启用了重写规则,并且在访问登录页面时从 HTTP 重定向到 HTTPS 一切顺利,反之亦然,访问每个其他页面时也是如此。
TL;DR 您可能应该始终拥有一个包含所有 NameVirtualHost 指令的文件,并确保在所有虚拟主机之前加载该文件。它会为你省去很多很多的麻烦。还要积极考虑让您陷入困境的虚拟主机是否实际上使用了正确的主机。然后,确保 ServerName 指令不会与其他虚拟主机发生冲突,您将拥有一个幸福的虚拟 Apache 系列!
Well, the answer was more or less a miss-configuration of the virtual hosts. There were NameVirtualHost directives spread out literally everywhere in separated files that each configured their own virtual hosts. I have since consolidated all of the NameVirtualHost directives into a single file that loads before any single virtual host is loaded.
One of the virtual hosts was actually using the wrong named host. Specifically, both the staging environment and development/testing environment are installed locally, but are accessed under differnet URLs obviously. One was http://data.localhost/ configured in /etc/hosts and the other was http://data.domain.name/. So the former resolves to 127.0.0.1 and the other resolves to 192.168.x.x. However, both the virtual hosts were trying to resolve to 127.0.0.1, so obviously that was breaking things. I just specified the correct named hosts for each host configuration and re-enabled the rewrite rules and all was well with redirection from HTTP to HTTPS when accessing the login page, and vice versa for accessing every other page.
TL;DR you should probably always have a single file that has all of your NameVirtualHost directives, and ensure this is loaded before all of your virtual hosts. It will save you many, many a headache. Also actively think about if your virtual host that is screwing you up is actually using the correct host. Then, ensure that the ServerName directive is not causing conflict with other virtual hosts, and you will have a happy virtual Apache family!