“X-Accel-Mapping header missing” in Nginx error log - ruby-on-rails-3

In Rails in my controller I set response header explicitly :
response.headers['X-Accel-Redirect'] = "some_url"
Nginx Config
location ~* ^/some_url/(.*){
set $s3_bucket '$arg_bucket_name';
set $aws_access_key 'AWSAccessKeyId=$arg_AWSAccessKeyId';
set $url_expires 'Expires=$arg_Expires';
set $url_signature 'Signature=$arg_Signature';
set $url_full '$1?$aws_access_key&$url_expires&$url_signature';
proxy_hide_header Content-Disposition;
add_header Content-Disposition 'attachment; filename=$arg_filename';
proxy_hide_header x-amz-id-2;
proxy_hide_header x-amz-request-id;
proxy_buffering off;
proxy_intercept_errors on;
resolver 4.2.2.2 8.8.8.8 valid=300s;
proxy_pass https://$s3_bucket/$url_full;
}
What is the reason for this and how I can get rid of this?

Related

Succesfully ran Certbot. Site still not secure. What did I do wrong?

I have a Digital Ocean VM running an Express backend server listening to port 5000.
I have all these records setup to point my VM ip to the domain I registered.
https://i.imgur.com/dfdBgKb.jpg
I have Nginx installed and a sites-available/sites-enabled config file like this:
https://i.imgur.com/TxMtfSM.png
/etc/nginx/sites-available/reeeeee.tk.conf
server
{
# listen 443 ssl http2;
# listen [::]:443 ssl http2;
listen 80;
server_name api.reeeeee.tk;
# SSL
# ssl_certificate /etc/letsencrypt/live/api.reeeeee.tk/fullchain.pem;
# ssl_certificate_key /etc/letsencrypt/live/api.reeeeee.tk/privkey.pem;
# ssl_trusted_certificate /etc/letsencrypt/live/api.reeeeee.tk/fullchain.pem;
# HSTS
# add_header X-Frame-Options "SAMEORIGIN" always;
# add_header X-XSS-Protection "1; mode=block" always;
# add_header X-Content-Type-Options "nosniff" always;
# add_header Referrer-Policy "no-referrer-when-downgrade" always;
# add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
# add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log /var/log/nginx/api.reeeeee.tk-access.log;
error_log /var/log/nginx/api.reeeeee.tk-error.log;
server_tokens off;
location /
{
proxy_pass http://localhost:5000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
# ACME-challenge
location ^~ /.well-known/acme-challenge/
{
root /var/www/_letsencrypt;
}
}
I created a /var/www/_letsencrypt directory and chowned it with the user: "www-data"
https://imgur.com/KBKTapE
I then succesfully ran Certbot:
https://i.imgur.com/2glcHVn.jpg
After succesfully running Certbot, I got rid of all the "#"'s so the ".conf" file now looks like:
/sites-enabled/reeeeee.tk.conf
server
{
listen 443 ssl http2;
listen [::]:443 ssl http2;
listen 80;
server_name api.reeeeee.tk;
# SSL
ssl_certificate /etc/letsencrypt/live/api.reeeeee.tk/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/api.reeeeee.tk/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/api.reeeeee.tk/fullchain.pem;
# HSTS
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log /var/log/nginx/api.reeeeee.tk-access.log;
error_log /var/log/nginx/api.reeeeee.tk-error.log;
server_tokens off;
location /
{
proxy_pass http://localhost:5000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
# ACME-challenge
location ^~ /.well-known/acme-challenge/
{
root /var/www/_letsencrypt;
}
}
I restarted Nginx
https://i.imgur.com/oUXWHAM.png
BUT the site is still not HTTPS secured.
http://www.reeeeee.tk/api/movies
Did I get an SSL certificate? What did I do wrong? Do you see anything in the screenshots or code that I did wrong?
Where do I go from here? How do I get a working SSL cert and an HTTPS secured site?
I was following advice I got from this Reddit thread. ALL further context is in here if I didn't post enough info:
https://www.reddit.com/r/nginx/comments/z88yra/trying_to_get_ssl_certificate_for_backend_where/
Was this person just wrong? Did I do it wrong from the beginning? Do I have to start over?

How to force the browser not to store the Vue cache?

Browser not updating Vue.js site cache.
Several major updates have been downloaded to the site, but the browser still displays the old version of the site.
The application is deployed on the Nginx server. I have already tried to disable the cache in the conf file by passing headers but without success.
Here are the headers on a normal reboot
Here are the headers when reloading without cache "Ctrl + F5" .
Here is my site configuration in Nginx. `
server {
server_name mysitedomain.online;
location = /favicon.ico { access_log off; log_not_found off; }
root /var/www/mysitedomain/frontend/dist;
index index.html index.htm index.nginx-debian.html;
location ~(index.html|service-worker.js)$ {
add_header Last-Modified $date_gmt;
add_header Cache-Control 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
}
location = /{
try_files $uri $uri/ /index.html;
add_header Last_Modified $date_gmt;
add_header Cache-Control 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
if_modified_since off;
expires off;
etag off;
}
location = /ru/ {
try_files $uri $uri/ /index.html;
add_header Last_Modified $date_gmt;
add_header Cache-Control 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
if_modified_since off;
expires off;
etag off;
}
location = /en/ {
try_files $uri $uri/ /index.html;
add_header Last-Modified $date_gmt;
add_header Cache-Control 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
if_modified_since off;
expires off;
etag off;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/mysitedomain.online/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/mysitedomain.online/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
`I would be glad for any answers, since I have been doing this for quite some time and I cannot get the site updated for all users.
I have already tried to disable the cache in the conf file by passing headers but without
add_header Last-Modified $date_gmt;
add_header Cache-Control 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
if_modified_since off;
expires off;
etag off;
`

Nginx cors configuration for 2 sub-domains with separate ssl

I have two apps running on my server.
A react app on port 4512 (locally on HTTP) and 5512 (on https). Can be accessed on https://merchant.abc.com:5512
A node js (express) API on port 4511 (locally on http) and 5511 (on https) served on https://ce.abc.com:5511
Initially, I was using a wildcard SSL certificate for both sub-domains, and nodejs was taking care of CORS. But we were then required to use separate SSL certificates for both domains. When I used separate SSL certificates, Nginx started to deny cors requests (I was able to use API using postman).
I then read about Nginx cors options on some posts here and came up with the following Nginx settings
/etc/nginx/sites-available/default
# Vendor API
server {
listen 5511 ssl;
ssl_certificate /ssl/ssl-bundle-api.crt;
ssl_certificate_key /ssl/ssl-api.key;
location /{
include /etc/nginx/shared/allow-cors;
proxy_pass http://localhost:4511;
proxy_redirect off;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Ssl on;
}
}
# Retailer app
server {
listen 5512 ssl;
ssl_certificate /ssl/ssl-bundle-react.crt;
ssl_certificate_key /ssl/ssl-react.key;
location /{
proxy_pass http://localhost:4512;
proxy_redirect off;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Ssl on;
}
}
/etc/nginx/shared/allow-cors
if ($request_method = "OPTIONS") {
add_header Access-Control-Allow-Origin $http_origin always;
add_header Access-Control-Allow-Credentials true always;
add_header Access-Control-Allow-Methods 'DELETE,GET,OPTIONS,POST,PUT' always;
add_header Access-Control-Allow-Headers 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With,X-Token-Auth,X-Mx-ReqToken,X-Requested-With' always;
add_header 'Access-Control-Max-Age' 1728000 always;
add_header 'Content-Type' 'text/plain charset=UTF-8' always;
add_header 'Content-Length' 0 always;
return 204;
}
add_header Access-Control-Allow-Origin $http_origin always;
add_header Access-Control-Allow-Credentials true always;
add_header Access-Control-Allow-Methods 'DELETE,GET,OPTIONS,POST,PUT' always;
add_header Access-Control-Allow-Headers 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With,X-Token-Auth,X-Mx-ReqToken,X-Requested-With' always;
I then removed the cors settings from the nodejs API. This seemed to fix the issue on my aws ec2 ubuntu 18.04 instance completely. But when I deploy this code on the client's on-premise server (created using image of my ec2 instance) it again has issues. On Firefox it seems like the pre-flight check gets the expected 204, but then I don't see any POST request being sent.
On Chrome I see a successful pre-flight check with 204. I also see the actual POST request in chrome, but with a (failed) net::ERR_FAILED status.
Can somebody please help be resolving this.

Let's Encrypt certificate for site alongside Jitsi Meet

I've a server running Ubuntu 18.04 and Nginx and have a fully functioning instance of Jitsi Meet hosted on it.
On the other hand I have 2 other sites (one a react front end and the other a backend) and i need them to have ssl certificates since we are using Jitsi Meet api from the front end and chrome is not letting us give permissions on the mic and camera because the front end is not secure.
So I tried installing certbot and getting a Let's Encrypt certificate but when i get it and try to restart nginx, it fails.
I think it has something to do with Jitsi using the port 443 or something but I really can't tell...
This is the nginx conf for jitsi domain:
server_names_hash_bucket_size 64;
server {
listen 80;
listen [::]:80;
server_name video.<base-domain>;
location ^~ /.well-known/acme-challenge/ {
default_type "text/plain";
root <path-to-jitsi>;
}
location = /.well-known/acme-challenge/ {
return 404;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 4444 ssl http2;
listen [::]:4444 ssl http2;
server_name video.<base-domain>;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA256:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EDH+aRSA+AESGCM:EDH+aRSA+SHA256:EDH+aRSA:E$
add_header Strict-Transport-Security "max-age=31536000";
ssl_certificate /etc/letsencrypt/live/video.<base-domain>/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/video.<base-domain>/privkey.pem;
root <path-to-jitsi>;
# ssi on with javascript for multidomain variables in config.js
ssi on;
ssi_types application/x-javascript application/javascript;
index index.html index.htm;
error_page 404 /static/404.html;
gzip on;
gzip_types text/plain text/css application/javascript application/json;
gzip_vary on;
location = /config.js {
alias /etc/jitsi/meet/video.<base-domain>-config.js;
}
#ensure all static content can always be found first
location ~ ^/(libs|css|static|images|fonts|lang|sounds|connection_optimization|.well-known)/(.*)$
{
add_header 'Access-Control-Allow-Origin' '*';
alias <path-to-jitsi>/$1/$2;
}
# BOSH
location = /http-bind {
proxy_pass http://localhost:5280/http-bind;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
}
# xmpp websockets
location = /xmpp-websocket {
proxy_pass http://127.0.0.1:5280/xmpp-websocket?prefix=$prefix&$args;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
tcp_nodelay on;
}
location ~ ^/([^/?&:'"]+)$ {
try_files $uri #root_path;
}
location #root_path {
rewrite ^/(.*)$ / break;
}
location ~ ^/([^/?&:'"]+)/config.js$
{
set $subdomain "$1.";
set $subdir "$1/";
alias /etc/jitsi/meet/video.<base-domain>-config.js;
}
#Anything that didn't match above, and isn't a real file, assume it's a room name and redirect to /
location ~ ^/([^/?&:'"]+)/(.*)$ {
set $subdomain "$1.";
set $subdir "$1/";
rewrite ^/([^/?&:'"]+)/(.*)$ /$2;
}
# BOSH for subdomains
location ~ ^/([^/?&:'"]+)/http-bind {
set $subdomain "$1.";
set $subdir "$1/";
set $prefix "$1";
rewrite ^/(.*)$ /http-bind;
}
# websockets for subdomains
location ~ ^/([^/?&:'"]+)/xmpp-websocket {
set $subdomain "$1.";
set $subdir "$1/";
set $prefix "$1";
rewrite ^/(.*)$ /xmpp-websocket;
}
}
this is the nginx conf for the front end domain:
server{
server_name app.<base-domain> www.app.<base-domain>;
root <path-to-front>;
index index.html index.htm;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
charset utf-8;
location / {
try_files $uri /index.html;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/default-error.log error;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.(?!well-known).* {
deny all;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/app.<base-domain>/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/app.<base-domain>/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = app.<base-domain>) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name app.<base-domain> www.app.<base-domain>;
listen 80;
return 404; # managed by Certbot
}
this is the nginx error.log:
2020/05/15 12:21:58 [emerg] 20330#20330: bind() to 0.0.0.0:443 failed (98: Address already in use)
2020/05/15 12:21:58 [emerg] 20330#20330: bind() to 0.0.0.0:443 failed (98: Address already in use)
2020/05/15 12:21:58 [emerg] 20330#20330: bind() to 0.0.0.0:443 failed (98: Address already in use)
2020/05/15 12:21:58 [emerg] 20330#20330: bind() to 0.0.0.0:443 failed (98: Address already in use)
2020/05/15 12:21:58 [emerg] 20330#20330: bind() to 0.0.0.0:443 failed (98: Address already in use)
2020/05/15 12:21:58 [emerg] 20330#20330: still could not bind()
I was hoping someone can tell how I should configure this in order to have both jitsi and the front end secure.
I also will add that both domains are actually subdomains... meaning jitsi domain is video..com
and front is app..com
the real config has base-domain and paths correctly specified... If I remove all ssl config from the front end nginx configuration, everything work again.
You should use devops-guide-quickstart . There is Generate a Let's Encrypt certificate section. If you have nginx on your system before installing jitsi, jitsi will run with its nginx configuration.
if you need customized nginx file, here it is. But you should work on for security concerns.
** For standalone(without Docker) remove
"resolver 127.0.0.1 valid=5s ipv6=off;"
then change rest of 127.0.0.1 to localhost
Docker-jitsi-meet Custom Nginx Configuration
server {
resolver 127.0.0.1 valid=5s ipv6=off;
listen 80;
listen [::]:80;
server_name jitsiConf.domain.com; # managed by Certbot
location /.well-known/acme-challenge {
root /var/www/letsencrypt;
default_type "text/plain";
try_files $uri =404;
}
location / {
return 301 https://$host$request_uri;
}
#rewrite ^ https://$http_host$request_uri? permanent; # force redirect http to https
}
server {
resolver 127.0.0.1 valid=5s ipv6=off;
listen 443 ssl;
listen [::]:443 ssl;
server_name jitsiConf.domain.com; # managed by Certbot
ssl on;
ssl_certificate /etc/letsencrypt/live/jitsiConf.domain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/jitsiConf.domain.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
ssl_protocols TLSv1.2 TLSv1.3;
ssl_session_cache shared:SSL:50m;
proxy_cookie_path / "/; HTTPOnly; Secure";
add_header Expect-CT "enforce, max-age=21600";
add_header Feature-Policy "payment none";
keepalive_timeout 70;
sendfile on;
client_max_body_size 0;
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
# this tells the browser that jitsi can't be embedded in a Frame
add_header X-Frame-Options "DENY";
# List of Browser-Features which are allowed / denied for this Site
add_header Feature-Policy "geolocation 'none'; camera 'self'; microphone 'self'; speaker 'self'; autoplay 'none'; battery 'none'; accelerometer 'none'; autoplay 'none'; payment 'none';";
ssi on;
ssi_types application/x-javascript application/javascript;
# ensure all static content can always be found first
#location ~ ^/(libs|css|static|images|fonts|lang|sounds|connection_optimization|.well-known)/(.*)$
#{
# add_header 'Access-Control-Allow-Origin' '*';
#}
#location ~ ^/(?!(http-bind|external_api\.|xmpp-websocket))([a-zA-Z0-9=_äÄöÖüÜß\?\-]+)$ {
# rewrite ^/(.*)$ / break;
#}
location / {
expires max;
log_not_found off;
proxy_cache_valid 200 120m;
ssi on;
set $upstream_endpoint http://127.0.0.1:8100;
proxy_pass $upstream_endpoint;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
}
# BOSH
location /http-bind {
set $upstream_endpoint http://127.0.0.1:5280;
proxy_pass $upstream_endpoint/http-bind;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
}
# xmpp websockets
location /xmpp-websocket {
set $upstream_endpoint http://127.0.0.1:5280;
proxy_pass $upstream_endpoint;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
tcp_nodelay on;
}
}
Also this configuration will be stuck on CSP error. Just for test developments this code will allow all CSP risks. you can add under the
ssl_session_cache shared:SSL:50m;
set $CSP_image "img-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.printfriendly.com *.w.org *.gravatar.com *.vimeocdn.com; ";
set $CSP_script "script-src 'self' 'unsafe-inline' 'unsafe-eval' *.w.org *.gravatar.com *.googleapis.com *.jsdelivr.net *.printfriendly.com *.kxcdn.com *.vimeocdn.com *.hs-analytics.net *.securitymetrics.com *.google-analytics.com; ";
set $CSP_style "style-src 'self' 'unsafe-inline' *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.vimeocdn.com; ";
set $CSP_font "font-src 'self' data: *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com; ";
set $CSP_frame "frame-src 'self' *.vimeocdn.com *.vimeo.com; ";
set $CSP_object "object-src 'self' ; ";
set $CSP "default-src 'self' ; ${CSP_image} ${CSP_script} ${CSP_style} ${CSP_font} ${CSP_frame} ${CSP_object}";
add_header Content-Security-Policy $CSP;
CSPallow **sorry i couldn't find original post*

502 bad gateway error (nginx + unicorn + digital ocean)

I struggled for few hours to fix this issue but still it doesn't work. The error I see in my browser is:
POST /users 502 (Bad Gateway)
I know that it's the problem of setting nginx and unicorn, but I can't solve it. By the way, I deployed my code using digital ocean. Here is my config file
Unicorn config (nginx.conf):
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
server_names_hash_bucket_size 64;
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
# Load config files from the /etc/nginx/conf.d directory
# The default server is in conf.d/default.conf
include /etc/nginx/conf.d/*.conf;
fastcgi_buffers 8 16k;
fastcgi_buffer_size 32k;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
}
Unicorn config file (/var/nginx/unicorn.conf):
upstream unicorn {
server unix:/tmp/unicorn.sock fail_timeout=0;
}
server {
listen 80;
listen 443 ssl;
ssl_certificate /root/certs/server.crt;
ssl_certificate_key /root/certs/server.key;
client_max_body_size 4G;
keepalive_timeout 15;
root /var/www/quoine/current/public;
try_files $uri #unicorn;
location ~ ^/assets|app/ {
gzip_static on;
expires max;
add_header Cache-Control public;
}
location = /app/ {
rewrite $uri $uri/index.html;
}
location = /app/index.html {
add_header Pragma "no-cache";
add_header Cache-Control "no-cache, no-store, max-age=0, must-revalidate";
add_header Expires "Fri, 01 Jan 1990 00:00:00 GMT";
}
location #unicorn {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect off;
proxy_pass http://unicorn;
}
if (-f $document_root/system/maintenance.html) {
return 503;
}
error_page 500 502 504 /500.html;
location = /500.html {
root /var/www/quoine/current/public;
}
error_page 503 #maintenance;
location #maintenance {
rewrite ^(.*)$ /system/maintenance.html break;
}
}
I'm using Rails 3. If any one got any idea about this problem, please tell me. It takes me 3 hours without any progress. Thanks
Can you provide the config you've got for unicorn too (the files you've provided are both for nginx). An example of what it should look like is in the first part of the "Configuring Servers" entry here: https://www.digitalocean.com/community/tutorials/how-to-deploy-rails-apps-using-unicorn-and-nginx-on-centos-6-5
I ran across this trying to figure out why I was getting 502 errors after using the 1-click install for Digital Ocean - and using a different version of Ruby.
I found my answer by looking at this guide: https://www.digitalocean.com/community/tutorials/how-to-use-the-1-click-ruby-on-rails-on-ubuntu-14-04-image
My issue was the following from the guide:
Once you have the location of Ruby that you are using by default,
change /etc/default/unicorn pathnames to include /usr/local/rvm/rubies
subfolder and /usr/local/rvm/gems subfolders for the newly installed
version as well as location of unicorn
Hope this helps helps someone