How to get SSL working with Rails, AWS Elastic Beanstalk and Cloudflare
I have a site hosted on Elastic Beanstalk built with Ruby on Rails. I set up Cloudflare to configure the DNS and provide a CDN. Cloudflare also provides an SSL.
I can't get the SSL working with my app.
With Cloudflare's SSL set at "Flexible" I can load my main page but when I try to log in, I get these errors (edited for brevity):
INFO -- : Started POST "/users/sign_in" for xxx.xxx.146.132 at 2018-03-19 16:45:24 +0000
INFO -- : Processing by Users::SessionsController#create as HTML
INFO -- : Parameters: {"utf8"=>"✓", "authenticity_token"=>"f92CTIe5qlp7C624DZzZM2oWdFMcq6PhyfOJI16saV32yugMmJlenL/F3gTeBBsAjaAw92P1vncWBzI+JnK8wA==", "user"=>{"email"=>"test@test.com", "password"=>"[FILTERED]"}, "commit"=>"Log in"}
WARN -- : HTTP Origin header (https://[MY_URL].com) didn't match request.base_url (http://[MY_URL].com)
INFO -- : Completed 401 Unauthorized in 1ms (ActiveRecord: 0.0ms)
FATAL -- : ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken):
If I set Cloudflare's SSL to "Full" I get a 502 error with a Cloudflare-generated page (see image).
I came across this site (http://til.obiefernandez.com/posts/875a2a69af-cloudflare-flexible-ssl-mode-breaks-rails-5-csrf) which seems to have the exact same issue but setting to "full" didn't help me.
I've tried setting config.force_ssl = true
in /config/environments/production.rb. That setting would not allow any access to the site. Just shows the same 502 error page from Cloudflare and nothing in my production or nginx logs.
I've tried messing around with custom nginx config's but haven't gotten anywhere. Here is my latest nginx confix attempt:
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
include /etc/nginx/conf.d/*.conf;
index index.html index.htm;
server {
listen 80 ;
listen [::]:80 ;
server_name localhost;
root /usr/share/nginx/html;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
proxy_pass http://localhost;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Ssl on; # Optional
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Host $host;
}
error_page 404 /404.html;
location = /40x.html {
}
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
}
Can anyone help? I'm sure I'm missing something obvious here.
502 Error : This error says that the Cloudfare server is unable to read the response your rails server sends, basically when you select the Full SSL
the Cloudflare expects the response to be in SSL but here the rails app send a NON-SSL (HTTP) response which Cloudflare is unable to read.
I read the article you shared, looks like rails do not allow flexible SSL for security reasons.
Flexible SSL In flexible SSL
you don't need to secure your rails app with SSL Certificate(HTTPS) but your visitors still see the site as being HTTPS enabled.
Flexible SSL: secure connection between your visitor and Cloudflare, but no secure connection between Cloudflare and your web server. You don't need to have an SSL certificate on your web server, but your visitors still see the site as being HTTPS enabled.
Full SSL
As mentioned in the article if you enable Full SSL
, then you need to configure rails config.force_ssl = true
to use a Self-signed SSL certificate or you can get a certificate from letsencrypt for free, once you did that you need change your Nginx to run on HTTPS port 443. This should fix the 502 error.
Here is a tutorial on Using HTTPs with Ruby on Rails
Full SSL: secure connection between your visitor and Cloudflare, and secure connection (but not authenticated) between Cloudflare and your web server. You will need to have your server configured to answer HTTPS connections, with a self-signed certificate at least.
Image Source
链接地址: http://www.djcxy.com/p/5568.html上一篇: 在JavaScript中按值复制数组