nginx https fastcgi

upstream unicorn-ends{

server unix:/xxxxxx/unicorn.sock;

}

map $scheme $fastcgi_https {

default on;

https on;

}

server {

#listen 80;

listen 443 default ssl;

server_name www.example.com;

client_max_body_size 50m;

fastcgi_param HTTPS $fastcgi_https;

fastcgi_param HTTPS on;

#include /etc/nginx/fastcgi_params;

#log_format main ‘$remote_addr – $remote_user [$time_local] “$request” ‘

access_log /var/log/nginx/user.log;

root /path/public;

ssl on;

ssl_certificate /etc/nginx/keys/server.crt;

ssl_certificate_key /etc/nginx/keys/server.key;

ssl_protocols SSLv3 SSLv2 TLSv1;

ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;

ssl_prefer_server_ciphers on;

# serve static files

# Main location

location / {

index index.html index.htm;

autoindex on;

location ~ ^/(images|javascripts|stylesheets|attachments)/ {

expires 10d;

autoindex on;

if ($query_string) {

expires max;

}

}

proxy_pass_header Server;

proxy_set_header Host $http_host;

proxy_redirect off;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Scheme $scheme;

proxy_set_header X_FORWARDED_PROTO $scheme;

if (!-f $request_filename) {

proxy_pass http://unicorn-ends;

break;

}

}

}

刚配置完https都能正常访问，但是登录和登出之后的转向，以及所有更新之后的redirect_to方法都会跳转回http协议之下。

搜了n多hack的方法，还有ssl_requirement这个gem

一include 就报错。

后来发现request.ssl?总是false

原来rails就没认出正确协议。只要协议对了我相信所有的redirect_to方法就能直接指向正确的https而不用做多余的hack method。

根据这个提示

http://www.ruby-forum.com/topic/123410

问题出在nginx的配置上，在server里加上

proxy_set_header X_FORWARDED_PROTO $scheme;

这个，把正确的参数传给fastcgi，rails的request.env里就传入了正确的参数。redirect_to也正常工作了。

项目之后基于restful的api也就同理进行之。