ruby-on-rails - 排查 Rails nginx+passenger 500 错误
问题描述
我试图弄清楚为什么 nginx 返回 500 内部服务器错误。最初,我让这个应用程序与Passenger 以独立模式运行,但我现在打算托管其他一些应用程序,并且我无法使用nginx 来处理请求。我可以让应用程序与 WEBrick 一起运行,但这根本无法实现目前的目标。
我没有使用 capistrano 或任何类型的自动化构建器,它在 linode VPS 上运行。大约十个月前,在 linode 重新启动硬件之前它运行良好,并且在重新启动之后它就死了。那是大约 10 个月前,所以在开始这段旅程之前,我更新了系统上的所有软件包,以防对问题产生任何影响。
这是我尝试启动应用程序时得到的:
$ bundle exec passenger start
Unable to autodetect the currently active RVM gem set name. This could happen if you ran this program using 'sudo' instead of 'rvmsudo'. When using RVM, you're always supposed to use 'rvmsudo' instead of 'sudo!'.
Please try rerunning this program using 'rvmsudo'. If that doesn't help, please contact this program's author for support.
这是我的环境:
$ cat /proc/version
Linux version 4.18.8-x86_64-linode117 (maker@build.linode.com) (gcc version 4.9.2 (Debian 4.9.2-10+deb8u1)) #1 SMP PREEMPT Tue Sep 18 18:48:25 UTC 2018
$ rvm list
=* ruby-2.5.1 [ x86_64 ]
# => - current
# =* - current && default
# * - default
$ rails -v
Rails 5.0.1
$ ruby -v
ruby 2.5.1p57 (2018-03-29 revision 63029) [x86_64-linux]
$ bundle -v
Bundler version 1.16.2
$ gem -v
2.7.7
nginx.conf:
# cat /etc/nginx/nginx.conf
user www-data;
worker_processes auto;
pid /run/nginx.pid;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
gzip_disable "msie6";
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Phusion Passenger config
##
# Uncomment it if you installed passenger or passenger-enterprise
##
# include /etc/nginx/passenger.conf;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
# cat /etc/nginx/conf.d/mod-http-passenger.conf
passenger_root /usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini;
#passenger_ruby /usr/bin/passenger_free_ruby;
passenger_ruby /home/deploy/.rvm/rubies/ruby-2.5.1/bin/ruby;
# cat /etc/nginx/sites-available/site
server {
listen 80 default_server;
server_name site.com www.site.com;
passenger_ruby /home/deploy/.rvm/gems/ruby-2.5.1/wrappers/ruby;
passenger_enabled on;
root /var/www/site/code/public;
rails_env production;
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
add_header X-Frame-Options DENY; # prevents page from being embedded in other pages
add_header X-Content-Type-Options nosniff; # prevents MIME type sniffing
add_header X-XSS-Protection "1; mode=block"; # prevents XSS rendering
add_header X-Robots-Tag none; # prevents robots from crawling the requested page
add_header Pragma "no-cache"; # don't store a cached version of the site resources
add_header Cache-Control "no-cache"; # don't store a cached version of the site resources
add_header X-uri "$uri"; # requested URI
add_header Access-Control-Allow-Origin *; # required for Google fonts (CORS strikes again)
}
}
pg_hba.conf
# cat /etc/postgresql/9.4/main/pg_hba.conf
# PostgreSQL Client Authentication Configuration File
# ===================================================
#
# Refer to the "Client Authentication" section in the PostgreSQL
# documentation for a complete description of this file. A short
# synopsis follows.
#
# This file controls: which hosts are allowed to connect, how clients
# are authenticated, which PostgreSQL user names they can use, which
# databases they can access. Records take one of these forms:
#
# local DATABASE USER METHOD [OPTIONS]
# host DATABASE USER ADDRESS METHOD [OPTIONS]
# hostssl DATABASE USER ADDRESS METHOD [OPTIONS]
# hostnossl DATABASE USER ADDRESS METHOD [OPTIONS]
#
# (The uppercase items must be replaced by actual values.)
#
# The first field is the connection type: "local" is a Unix-domain
# socket, "host" is either a plain or SSL-encrypted TCP/IP socket,
# "hostssl" is an SSL-encrypted TCP/IP socket, and "hostnossl" is a
# plain TCP/IP socket.
#
# DATABASE can be "all", "sameuser", "samerole", "replication", a
# database name, or a comma-separated list thereof. The "all"
# keyword does not match "replication". Access to replication
# must be enabled in a separate record (see example below).
#
# USER can be "all", a user name, a group name prefixed with "+", or a
# comma-separated list thereof. In both the DATABASE and USER fields
# you can also write a file name prefixed with "@" to include names
# from a separate file.
#
# ADDRESS specifies the set of hosts the record matches. It can be a
# host name, or it is made up of an IP address and a CIDR mask that is
# an integer (between 0 and 32 (IPv4) or 128 (IPv6) inclusive) that
# specifies the number of significant bits in the mask. A host name
# that starts with a dot (.) matches a suffix of the actual host name.
# Alternatively, you can write an IP address and netmask in separate
# columns to specify the set of hosts. Instead of a CIDR-address, you
# can write "samehost" to match any of the server's own IP addresses,
# or "samenet" to match any address in any subnet that the server is
# directly connected to.
#
# METHOD can be "trust", "reject", "md5", "password", "gss", "sspi",
# "ident", "peer", "pam", "ldap", "radius" or "cert". Note that
# "password" sends passwords in clear text; "md5" is preferred since
# it sends encrypted passwords.
#
# OPTIONS are a set of options for the authentication in the format
# NAME=VALUE. The available options depend on the different
# authentication methods -- refer to the "Client Authentication"
# section in the documentation for a list of which options are
# available for which authentication methods.
#
# Database and user names containing spaces, commas, quotes and other
# special characters must be quoted. Quoting one of the keywords
# "all", "sameuser", "samerole" or "replication" makes the name lose
# its special character, and just match a database or username with
# that name.
#
# This file is read on server startup and when the postmaster receives
# a SIGHUP signal. If you edit the file on a running system, you have
# to SIGHUP the postmaster for the changes to take effect. You can
# use "pg_ctl reload" to do that.
# Put your actual configuration here
# ----------------------------------
#
# If you want to allow non-local connections, you need to add more
# "host" records. In that case you will also need to make PostgreSQL
# listen on a non-local interface via the listen_addresses
# configuration parameter, or via the -i or -h command line switches.
# DO NOT DISABLE!
# If you change this first entry you will need to make sure that the
# database superuser can access the database using some other method.
# Noninteractive access to all databases is required during automatic
# maintenance (custom daily cronjobs, replication, and similar tasks).
#
# Database administrative login by Unix domain socket
local all postgres peer
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all peer
# IPv4 local connections:
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 md5
# Allow replication connections from localhost, by a user with the
# replication privilege.
#local replication postgres peer
#host replication postgres 127.0.0.1/32 md5
#host replication postgres ::1/128 md5
site-enabled/具有指向配置文件的符号链接sites-available/。
我收到以下信息,但我尝试运行此命令的全部原因是为了解决它抱怨的错误。
$ passenger-config compile-agent --force
Checking for required software...
* Checking for C compiler...
Found: yes
Location: /usr/bin/cc
* Checking for C++ compiler...
Found: yes
Location: /usr/bin/c++
Unable to autodetect the currently active RVM gem set name. This could happen if you ran this program using 'sudo' instead of 'rvmsudo'. When using RVM, you're always supposed to use 'rvmsudo' instead of 'sudo!'.
Please try rerunning this program using 'rvmsudo'. If that doesn't help, please contact this program's author for support.
检查/var/log/ngingx/error.log显示我:
App 26325 output: [d3f637be-1308-4fdc-ad97-d0476633b158] Started GET "/" for [REDACTED] at 2018-10-18 19:18:43 -0700
App 26325 output: [d3f637be-1308-4fdc-ad97-d0476633b158] Processing by PagesController#home as HTML
App 26325 output: [d3f637be-1308-4fdc-ad97-d0476633b158] Rendering pages/home.html.erb within layouts/application
App 26325 output: [d3f637be-1308-4fdc-ad97-d0476633b158] Rendered shared/_tweets.html.erb (1.2ms)
App 26325 output: [d3f637be-1308-4fdc-ad97-d0476633b158] Rendered pages/home.html.erb within layouts/application (10.9ms)
App 26325 output: [d3f637be-1308-4fdc-ad97-d0476633b158] Rendered shared/_application_nav.html.erb (20.4ms)
App 26325 output: [d3f637be-1308-4fdc-ad97-d0476633b158] Completed 500 Internal Server Error in 541ms
App 26325 output: [d3f637be-1308-4fdc-ad97-d0476633b158]
App 26325 output: [d3f637be-1308-4fdc-ad97-d0476633b158] ActionView::Template::Error (FATAL: Peer authentication failed for user "[REDACTED]"
App 26325 output: ):
App 26325 output: [d3f637be-1308-4fdc-ad97-d0476633b158] 3: <h3 class="masthead-brand">Site Name</h3>
App 26325 output: [d3f637be-1308-4fdc-ad97-d0476633b158] 4: <nav class="nav nav-masthead">
App 26325 output: [d3f637be-1308-4fdc-ad97-d0476633b158] 5: <%= nav_generator 'nav-link', 'span' %>
App 26325 output: [d3f637be-1308-4fdc-ad97-d0476633b158] 6: <%= login_helper 'nav-link' %>
App 26325 output: [d3f637be-1308-4fdc-ad97-d0476633b158] 7: </nav>
App 26325 output: [d3f637be-1308-4fdc-ad97-d0476633b158] 8: </div>
App 26325 output: [d3f637be-1308-4fdc-ad97-d0476633b158] 9: </div>
App 26325 output: [d3f637be-1308-4fdc-ad97-d0476633b158]
App 26325 output: [d3f637be-1308-4fdc-ad97-d0476633b158] app/models/concerns/current_user_concern.rb:9:in `guest_user'
App 26325 output: [d3f637be-1308-4fdc-ad97-d0476633b158] app/models/concerns/current_user_concern.rb:5:in `current_user'
App 26325 output: [d3f637be-1308-4fdc-ad97-d0476633b158] app/helpers/application_helper.rb:3:in `login_helper'
App 26325 output: [d3f637be-1308-4fdc-ad97-d0476633b158] app/views/shared/_application_nav.html.erb:6:in `_app_views_shared__application_nav_html_erb___1001043723099543592_69980262645600'
App 26325 output: [d3f637be-1308-4fdc-ad97-d0476633b158] app/views/layouts/application.html.erb:48:in `_app_views_layouts_application_html_erb__4053957196745232794_40927140'
已经参考的文档:
https://www.phusionpassenger.com/library/walkthroughs/start/ruby.html#bundle-exec-rails-server
https://www.phusionpassenger.com/library/admin/nginx/troubleshooting/ruby/#first-things-to-try
https://www.reddit.com/r/rails/comments/4i0m8j/migrate_from_webrick_to_phusion_passenger/
https://serverfault.com/questions/362697/nginx-passenger-returning-500s-for-every-request
https://medium.com/@maciejmensfeld/ruby-2-5-0-upgrade-remarks-100d7c0dd73d
https://www.linode.com/docs/development/ror/ruby-on-rails-nginx-debian/
我知道我忘记了一些可能有帮助的其他信息,所以如果您有想法并需要更多详细信息,请让我确切知道您需要什么,我会更新帖子。感谢您的任何帮助!
解决方案
Peer authentication failed for user "[REDACTED]"
这看起来像一个数据库身份验证问题。您是否有正确的环境变量设置以允许您从 rails 连接到您的数据库和 pg_hba.conf 设置以允许正确的身份验证?
旁注:如果是这种情况,您可以考虑将其收紧到不是基于对等的身份验证并使用强大的东西。 https://www.postgresql.org/docs/9.3/static/auth-methods.html
推荐阅读
- web-scraping - 使用 javascript 分页抓取
- sql - GBQ SQL:对于A列中的每个唯一值,如果值'X'出现在B列中......然后创建新的列C,值为'Y',否则为'N'
- java - 获取两个字符之间的字符串(两个引号)
- unity3d - 我现在在 Unity 2017 LTS 上。要升级,我应该直接升级到 2019 LTS 还是应该先升级到 2018 LTS?
- javascript - Discord 机器人类型错误。无法连接到我的服务器
- sql - 是否可以生成 2 个 SQL 快照之间更改的脚本?
- powerbi - 从 MS 团队中提取活动报告以显示用户何时登录和注销
- reactjs - 向组件发送数据
- autofac - DryIoc 中的 autofac .OnActivated 等价物是什么?
- java - Java - Log4j2 以编程方式添加 ErrorHandler