Доброго времени суток.
Стоит задача прикрыть API сервиса SSL-сертификатом ( self-signed ) при это всё остальное должно быть обычным http.
Сервис rails 5.1 + puma + nginx.
Пробую так:
scope module: 'api' do
namespace :v1, constraints: { protocol: 'https' } do
resources :books
end
end
В конфиге nginx:
server {
listen 80;
listen 443 ssl;
server_name mybooks.ru;
root /var/www/books/current/public;
try_files $uri/index.html $uri @puma_books_production;
client_max_body_size 4G;
keepalive_timeout 600;
error_page 500 502 504 /500.html;
error_page 503 @503;
ssl_certificate /etc/nginx/ssl/books.crt;
ssl_certificate_key /etc/nginx/ssl/books.key;
location @puma_books_production {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Host $host;
proxy_redirect off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header X-Forwarded-Proto http;
proxy_headers_hash_max_size 512;
proxy_pass http://puma_books_production;
}
location ^~ /assets/ {
gzip_static on;
expires max;
add_header Cache-Control public;
}
location = /50x.html {
root html;
}
location = /404.html {
root html;
}
location @503 {
error_page 405 = /system/maintenance.html;
if (-f $document_root/system/maintenance.html) {
rewrite ^(.*)$ /system/maintenance.html break;
}
rewrite ^(.*)$ /503.html break;
}
if ($request_method !~ ^(GET|HEAD|PUT|PATCH|POST|DELETE|OPTIONS)$ ){
return 405;
}
if (-f $document_root/system/maintenance.html) {
return 503;
}
}
В результате в логе рельс при обращении на
https://mybooks.ru/v1/books имеем:
I, [2017-09-19T05:39:10.791751 #24500] INFO -- : [de22f879-8065-4149-b4b0-8bac25d4cfc9] Started GET "/v1/books" for 109.252.52.231 at 2017-09-19 05:39:10 +0200
F, [2017-09-19T05:39:10.792756 #24500] FATAL -- : [de22f879-8065-4149-b4b0-8bac25d4cfc9]
F, [2017-09-19T05:39:10.792831 #24500] FATAL -- : [de22f879-8065-4149-b4b0-8bac25d4cfc9] ActionController::RoutingError (No route matches [GET] "/v1/books"):
F, [2017-09-19T05:39:10.792892 #24500] FATAL -- : [de22f879-8065-4149-b4b0-8bac25d4cfc9]
F, [2017-09-19T05:39:10.792955 #24500] FATAL -- : [de22f879-8065-4149-b4b0-8bac25d4cfc9] actionpack (5.1.2) lib/action_dispatch/middleware/debug_exceptions.rb:63:in `call'
Однако роуты есть:
v1_books GET /v1/books(.:format) api/v1/books#index {:protocol=>"https"}
POST /v1/books(.:format) api/v1/books#create {:protocol=>"https"}
new_v1_book GET /v1/books/new(.:format) api/v1/books#new {:protocol=>"https"}
edit_v1_book GET /v1/books/:id/edit(.:format) api/v1/books#edit {:protocol=>"https"}
v1_book GET /v1/books/:id(.:format) api/v1/books#show {:protocol=>"https"}
PATCH /v1/books/:id(.:format) api/v1/books#update {:protocol=>"https"}
PUT /v1/books/:id(.:format) api/v1/books#update {:protocol=>"https"}
DELETE /v1/books/:id(.:format) api/v1/books#destroy {:protocol=>"https"}
Подскажите пожалуйста, куда копать?