参见配置SSL
Nginx + https + 免费SSL证书配置指南
但是配置完后,rails中的request.ssl? 永远返回false
Passenger 3 implements this feature with a new directive passenger_set_cgi_param
which behaves like proxy_set_header
.
For example, to pass SSL variables to Rack, you could do this:
server {
listen 443 default ssl;
# other SSL stuff goes here
# other passenger stuff here
passenger_set_cgi_param X_FORWARDED_PROTO https;
passenger_set_cgi_param X-SSL-Raw-Cert $ssl_client_raw_cert;
passenger_set_cgi_param X-SSL-Cert $ssl_client_cert;
passenger_set_cgi_param X-SSL-Client-S-DN $ssl_client_s_dn;
passenger_set_cgi_param X-SSL-Client-I-DN $ssl_client_i_dn;
passenger_set_cgi_param X-SSL-Client-Verify $ssl_client_verify;
}
然后重写Rack::Request.scheme方法:
module Rack
class Request
def scheme
if self.headers['X_FORWARDED_PROTO'].eql?("https")
'https'
elsif @env['HTTPS'] == 'on'
'https'
elsif @env['HTTP_X_FORWARDED_SSL'] == 'on'
'https'
elsif @env['HTTP_X_FORWARDED_PROTO']
@env['HTTP_X_FORWARDED_PROTO'].split(',')[0]
else
@env["rack.url_scheme"]
end
end
end
end
在ApplicationController中添加代码
class ApplicationController < ActionController::Base
before_filter :redirect_to_https
def redirect_to_https
unless(request.ssl?)
redirect_to :protocol=>"https://"
return
end
end
end
此时的request.ssl?就生效了