主页 / user-509792

Ilya Cherevkov's questions

Martin Hope
Ilya Cherevkov
Asked: 2020-04-08 06:36:23 +0800 CST
  • 2

我已经为我的域生成了 Lets Encrypt通配符证书*.domain.com

我认为这个证书对任何嵌套的子域都有效*.*.domain.com,比如it.*.domain.comor fr.*.domain.com。但是浏览器给了我错误,通配符证书是为 颁发的domain.com,而不是为*.domain.com. 我尝试*.*.domain.com使用 CertBot 颁发新证书,但它给了我错误(不允许使用多个通配符)。

是否有可能实现这一点,还是我必须为每个第一级子域手动颁发通配符证书?

subdomain wildcard lets-encrypt
Martin Hope
Ilya Cherevkov
Asked: 2020-03-29 13:23:32 +0800 CST
  • 0

访问在 Nginx 代理后面使用 systemd 服务运行的 Puma 应用程序会导致 nginx error.log 中出现以下错误:

 *6 upstream timed out (110: Connection timed out) while reading response header from upstream, client: 1.2.3.4, server: mydomain.com, request: "GET / HTTP/1.1", upstream: "http://unix:/home/deploy/opt/app/shared/sockets/puma.app.sock/", host: "mydomain.com"

Puma 服务日志没有错误。

不过,在本地(在 nginx 之前)手动运行 Puma 应用程序不会产生任何错误。同样,在 http 代理而不是 puma unix 套接字上运行相同的应用程序也可以正常工作,允许 Nginx 正确地服务器请求。所以看起来问题不在于我的后端红宝石。

  • 彪马 4.3.3
  • 罗达 3.30.0
  • RBenv Ruby 2.7.0
  • Nginx 1.14.0

/etc/nginx/sites_available/mydomain.com

upstream app {
  server unix:/home/deploy/opt/app/shared/sockets/puma.app.sock;
}

server {
  listen 80;
  server_name mydomain.com;
  root /home/deploy/opt/app/public;

  location / {
    try_files $uri @puma;
  }

  location @puma {
    include proxy_params;

    proxy_pass http://app;
  }
}

/etc/systemd/system/puma-app.service

[Unit]
Description=Puma HTTP Server
After=network.target

[Service]
# Foreground process (do not use --daemon in ExecStart or config.rb)
Type=simple

# Preferably configure a non-privileged user
User=deploy
Group=sudo

# Specify the path to your puma application root
WorkingDirectory=/home/deploy/opt/app

# Helpful for debugging socket activation, etc.
Environment=DEBUG=1
EnvironmentFile=/home/deploy/opt/app/.env

# The command to start Puma
ExecStart=/home/deploy/.rbenv/shims/bundle exec puma -C /home/deploy/opt/app/config/puma.rb

TimeoutSec = 15
Restart=always

[Install]
WantedBy=multi-user.target

/home/deploy/opt/app/config/puma.rb

# Change to match your CPU core count
workers ENV.fetch("PUMA_WORKERS") { 1 }

# Min and Max threads per worker
threads ENV.fetch("PUMA_MIN_THREADS") { 1 }, ENV.fetch("PUMA_MAX_THREADS") { 10 }

app_dir = File.expand_path("../..", __FILE__)
shared_dir = "#{app_dir}/shared"

# Set up socket location
bind "unix://#{shared_dir}/sockets/puma.app.sock"

# Redirect STDOUT to log files
stdout_redirect "#{app_dir}/log/puma.stdout.log", "#{app_dir}/log/puma.stderr.log", true

# Set master PID and state locations
pidfile "#{shared_dir}/pids/puma.app.pid"
state_path "#{shared_dir}/pids/puma.app.state"
rackup app_dir

activate_control_app
ruby timeout nginx