Dragon Arrow written by Tatsuya Nakaji, all rights reserved 
updated on 2019-07-19
Amazon Linux 2
Rails 5.2.1
ruby 2.4.2
(アプリケーション、ウェブサーバー)
nginx version: nginx/1.12.2
unicorn 5.5.1
(ssl証明書)
python2-certbot-nginx 0.34.2-1.el7
certbot 0.34.2-3.el7
certbot-nginx 0.34.2-3.el7
chromeにて https://[domain] にアクセスすると、「リダイレクトが多すぎます。クッキーを削除してください」というエラーが画面に出てページにアクセスできない。
クッキーを削除しても効果がない。
(発行した証明書情報)
Certificate Name: [domain]
Domains: [domain]
Expiry Date: 2019-10-06 09:16:15+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/[domain]/fullchain.pem
Private Key Path: /etc/letsencrypt/live/[domain]/privkey.pem
certbot 0.34.2-3.el7certbot-nginx 0.34.2-3.el7(/etc/nginx/conf.d/myapp.conf)
# log directory
error_log /var/www/rails/myapp/log/nginx.error.log;
access_log /var/www/rails/myapp/log/nginx.access.log;
# max body size
client_max_body_size 2G;
upstream app_server {
# for UNIX domain socket setups
server unix:/var/www/rails/myapp/tmp/sockets/unicorn.sock fail_timeout=0;
}
server {
server_name [domain] [IP];
# nginx so increasing this is generally safe...
keepalive_timeout 5;
# path for static files
root /var/www/rails/myapp/public;
# page cache loading
try_files $uri/index.html $uri.html $uri @app;
location @app {
# HTTP headers
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://app_server;
}
# Rails error pages
error_page 500 502 503 504 /500.html;
location = /500.html {
root /var/www/rails/myapp/public;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/[domain]/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/[domain]/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = [domain]) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name [domain] [IP];
return 404; # managed by Certbot
}(environments/production.rb)
Railsのconfig/environments/production.rbにて以下を追記
Rails.application.configure do ... config.force_ssl=true if Rails.application.config.force_ssl Rails.application.routes.default_url_options[:protocol] = ‘https’ end end
に以下を書き込む
proxy_set_header X-Forwarded-Proto https;
(/etc/nginx/conf.d/myapp.conf) # log directory error_log /var/www/rails/myapp/log/nginx.error.log; access_log /var/www/rails/myapp/log/nginx.access.log; # max body size client_max_body_size 2G; upstream app_server { # for UNIX domain socket setups server unix:/var/www/rails/myapp/tmp/sockets/unicorn.sock fail_timeout=0; } server { server_name [domain] [IP]; # nginx so increasing this is generally safe... keepalive_timeout 5; # path for static files root /var/www/rails/myapp/public; # page cache loading try_files $uri/index.html $uri.html $uri @app; location @app { # HTTP headers proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;proxy_set_header X-Forwarded-Proto https;proxy_set_header Host $http_host; proxy_redirect off; proxy_pass http://app_server; } # Rails error pages error_page 500 502 503 504 /500.html; location = /500.html { root /var/www/rails/myapp/public; } listen 443 ssl; # managed by Certbot ssl_certificate /etc/letsencrypt/live/[domain]/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/[domain]/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot } server { if ($host = [domain]) { return 301 https://$host$request_uri; } # managed by Certbot listen 80; server_name [domain] [IP]; return 404; # managed by Certbot }
かなり時間使ったが、結果はたったの1行で、エラーの悪夢が過ぎ去りました。
参考資料有難や!!
参考資料
https://joe-noh.hatenablog.com/entry/2016/10/28/075322
https://qiita.com/chanken/items/b6dc4a896f8cc1615f34