Ruby-on-rails rails 中缺少生产 secret_key_base
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/23726110/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Missing production secret_key_base in rails
提问by user3631047
I have recently deployed an app and got internal server error because of missing production secret_key_base. After hours of testing, I managed to solve this problem with two methods:
我最近部署了一个应用程序,但由于缺少生产 secret_key_base 出现内部服务器错误。经过数小时的测试,我设法通过两种方法解决了这个问题:
Method 1:
方法一:
I generated a new secret_key with rake secretand replaced it with <%= ENV["SECRET_KEY_BASE"] %>in secrets.yml. Deployed the app again and this time it worked. But I think that this method is wrong.
我生成了一个新的 secret_keyrake secret并用<%= ENV["SECRET_KEY_BASE"] %>in替换了它secrets.yml。再次部署该应用程序,这次它起作用了。但我认为这种方法是错误的。
Method 2:
方法二:
I generated a new secret_key with rake secretand added it to environments/production.rblike config.secret_key_base = 'd1f4810e662acf46a33960e3aa5bd0************************, without changing secrets.yml(default is production: <%= ENV["SECRET_KEY_BASE"] %>). Deployed the app again and it works fine.
我生成了一个新的 secret_keyrake secret并将其添加到environments/production.rblike 中config.secret_key_base = 'd1f4810e662acf46a33960e3aa5bd0************************,没有更改secrets.yml(默认为production: <%= ENV["SECRET_KEY_BASE"] %>)。再次部署该应用程序,它工作正常。
My questions:
我的问题:
- Which method is the best?
- If the 2nd method is correct, why rails does not generate a secret_key_base in production.rb by default?
- Is there any other method to do that?
- 哪种方法最好?
- 如果第二种方法是正确的,为什么rails默认不在production.rb中生成secret_key_base?
- 有没有其他方法可以做到这一点?
采纳答案by user3631047
I have finally found the corrent method. None of the methods mentioned in question are the correct one.
我终于找到了正确的方法。所提到的方法都不是正确的方法。
Correct method:
正确方法:
We ourselves should generate a secret key (by rake secret) then create an environment variables for SECRET_KEY_BASE by running following command from command prompt:
我们自己应该生成一个密钥(by rake secret),然后通过从命令提示符运行以下命令为 SECRET_KEY_BASE 创建一个环境变量:
rhc set-env SECRET_KEY_BASE=3dc8b0885b3043c0e38aa2e1dc64******************** -a myapp
after running this command, connect to your server via SSH and run envso you should see your SECRET_KEY_BASE in the list.
运行此命令后,通过 SSH 连接到您的服务器并运行,env这样您应该会在列表中看到您的 SECRET_KEY_BASE。
Now restart you app rhc app-stop myappand rhc app-start myapp, then you are good to go.
现在重新启动您应用程式rhc app-stop myapp和rhc app-start myapp,那么你是好去。
回答by FaZe Unempl0yedd
If you're on a normal Ubuntu machine just put export SECRET_KEY_BASE=" <<< output from rake secret here >>> "in your ~/.bashrc.
如果你是一个普通的Ubuntu机器上只是把export SECRET_KEY_BASE=" <<< output from rake secret here >>> "你的~/.bashrc。
Run source ~/.bashrcand restart the app.
运行source ~/.bashrc并重新启动应用程序。
回答by Nick Weavers
There is another option that should be a little more secure and that is to add it to the Apache/Nginx configuration file. I'm using Apache and have just used:
还有一个更安全的选项,那就是将它添加到 Apache/Nginx 配置文件中。我正在使用 Apache 并且刚刚使用过:
SetEnv SECRET_KEY_BASE my_secret
Then just leave the secrets.yml file set to:
然后只需将 secrets.yml 文件设置为:
production: <%= ENV["SECRET_KEY_BASE"] %>
For a production web server I'm not sure it's valid to assume that a .bashrcfile is run and will get your ENV variable set, but I think this way is certain to set it. I'm not and expert so ready to have any risks or reasons why it's not a good idea pointed out to me.
对于生产网络服务器,我不确定假设.bashrc文件正在运行并会设置您的 ENV 变量是否有效,但我认为这种方式肯定会设置它。我不是专家,所以准备好承担任何风险或原因,为什么这不是一个好主意向我指出。
回答by B Seven
Method 1 is correct. You don't want to store your secrets in the code.
方法一是正确的。您不想在代码中存储您的秘密。
