在部署应用程序弹性魔豆,是否有可能禁用显示用的Phusion客运(独立)的错误页面?特别是在生产。此页面包含一个堆栈跟踪,以及暴露的环境变量...这是很危险的,我认为。
When deploying application to Elastic Beanstalk, is it possible to disable the error page that is shown by Phusion Passenger (Standalone)? Especially in production. This page includes a stack trace as well as exposed environment variables ... which is dangerous in my opinion.
要重现这将是引入一个语法错误(这不是唯一的方法)。
Quick way to reproduce this would be introduce a syntax error (it's not the only way).
我可以看这里(链接),它可能......只是不知道你怎么会做同样的EB。为了避免断开的链接,在未来,我就在这里引用的对话......一个人问:
I can see here (link) that it's possible ... just not sure how you'd do the same on EB. To avoid broken links in the future, I'll just quote the conversation here ... one guy asks:
我似乎记得读书的地方,它可以禁用 乘客开机报错页面,该页面显示,如果你缺少宝石等,如果我 记错,我想的Phusion家伙说, 在生产环境中默认行为将是晚饭preSS 这个错误页面,显示堆栈跟踪,等有没有一种办法 与乘客的当前版本禁用此错误页面?
I seem to recall reading somewhere that it's possible to disable the passenger boot error page that shows if you're missing gems, etc. If I recall correctly, I think the Phusion guys were saying that the default behavior in the production environment would be to suppress this error page that shows the stack trace, etc. Is there a way to disable this error page with the current version of Passenger?
要其中的Phusion球员之一回复...
To which one of the Phusion guys reply ...
现在,您只需编辑模板 LIB / phusion_passenger /模板。所有的错误也记录到网络 服务器的日志文件。
Right now you can just edit the templates in lib/phusion_passenger/templates. All errors are also logged to the web server log file.
而响应是一个积极的迹象,但并没有真正解决我的问题......这是如何做到这一点的EB,我们都(几乎)知道,EB是有点紧,盒装您典型的自管理的服务器。
While the response is a positive sign, it doesn't really solve my problem ... which is how to do it on EB and we all (almost) know that EB is a bit more tight-boxed that your typical self administered server.
推荐答案
您需要从暴露你的Web服务器潜在的可利用的信息添加一个乘客指令prevent乘客。做到这一点的方法是从显示回溯上的Web服务器配置中添加了一项指令以prevent乘客和您的用户转储的环境变量。举例来说,如果你的Rails应用程序使用Apache的部署,那么你只需要添加以下指令您的虚拟主机配置块
You need to add a Passenger directive to prevent Passenger from exposing potentially exploitable details about your web server. The way to do this is to add a directive on your web server configuration to prevent Passenger from showing a backtrace and dump environment variables on your users. For instance if your Rails app is deployed using Apache then you just need to add the following directive on your Virtualhost configuration block
<VirtualHost *:80>
...
PassengerFriendlyErrorPages off
对于AWS EBS,我不是特别熟悉,但一个快速谷歌搜索显示,你必须把这个配置在Apache虚拟主机的配置是在 .ebextensions 目录。你可能已经这样做了,因为你已经成功地部署了您的应用程序。我会告诉反正别人的利益。例如,如果你使用的是Apache,你可能有以下 .ebextensions / vhosts.config
As for AWS EBS, I'm not particularly familiar with it but a quick Google search revealed that you have to put this config in your Apache Vhosts config which is in the .ebextensions directory. You've probably done this already since you've already deployed your app successfully. I'll show it anyway for the benefit of others. For instance if you're using Apache you might have something like this under .ebextensions/vhosts.config
files:
"/etc/httpd/conf.d/vhosts.conf":
mode: "000644"
owner: root
group: root
encoding: plain
content: |
NameVirtualHost *:80
<VirtualHost *:80>
ServerName www.example.com
ServerAlias example.com
DocumentRoot /var/www/ruby/example/
</VirtualHost>
PassengerFriendlyErrorPages off
更新::您可以找到关闭友好的错误页面的文档的这里
Update: You can find the documentation to turn off 'friendly error pages' here
相关推荐
最新文章