I have a Nginx setup for my Thin server running a Ruby on Rails project. Nginx is currently the endpoint for my SSL.
I recently had some issues with attacks on my webserver, so I decided to add CloudFlare. It currently uses "Strict SSL" from cloudflare (ssl in client-CF link and CF-webserver link). This works now when browsing my website, but when I am using Oauth to facebook, G+ etc. The redirect link shows up as: https://example.com:80/destination/url
(note the :80). This does not happen when I do not use CloudFlare.
What can I do to fix this? Is it an issue in CloudFlare, or Nginx? I found this post, but I was not able to reverse engineer it to nginx.
My current nginx-setup:
server {
listen 80 default;
server_name .example.com;
## redirect http to https ##
return 301 https://example.com$request_uri;
}
server {
listen 443 ssl;
server_name .example.com;
client_max_body_size 20M;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS;
ssl_certificate /home/my_user/.ssl/example.crt;
ssl_certificate_key /home/my_user/.ssl/example.key;
access_log /var/www/example_server/log/access.log;
error_log /var/www/example_server/log/error.log;
root /var/www/example_server;
index index.html;
if ($host != 'example.com' ) {
return 301 https://example.com$request_uri;
}
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X_FORWARDED_PROTO $scheme;
proxy_redirect off;
try_files /system/maintenance.html $uri $uri/index.html $uri.html @ruby;
}
location @ruby {
proxy_pass http://example.com;
}
}
In my nginx.conf:
#default stuff
http{
set_real_ip_from *IP address for cloudflare*;
#....
port_in_redirect off;
#more default stuff
For reference, the current request path: Client Request -SSL-> CloudFlare -SSL-> Nginx -non-SSL-> Thin -non-ssl-> Nginx -SSL-> CloudFlare -SSL-> Client Response
Best Answer
It appears that there is an issue in the Omniauth gem which is causing this issue. Why it is only an issue when I use CloudFlare, and not an issue when it is turned off, beats me.
Anyway, here is the issue on github:
https://github.com/intridea/omniauth/issues/101
My solution:
In the rails app, create a new initializer (
config/initializers/omniauth_fix.rb
) with this content:It is essentially a monkeypatch over the issue. Hopefully it will be fixed in future releases of omniauth.