Stripe Webhook 错误无法连接

Question

我的网站在 Rails 4 中构建时遇到了一个奇怪的问题。在开发它时，我正在使用 Ngrok 测试 Stripe webhook，它运行良好，所以代码应该没问题，但现在在我从 Stripe 收到错误消息，说它无法连接到 webhook。

此外，我想使用Loader.io 进行一些压力测试，在添加主机后，当被要求验证他们要求上传到根目录的文件时，它也失败并出现There was an error loading the URL 错误。

这不知何故让我相信我的 Nginx 配置可能有问题，即使该网站在浏览器上运行良好，我的用户来自北美和欧洲，到目前为止还没有任何关于超时或速度慢的投诉即使它在小型 VPS 上运行。

这是 Nginx 主机文件：

server {
  listen   80;
  listen 443 ssl http2;

  ssl on;
  ssl_certificate /var/lib/acme/live/example.com/fullchain;
  ssl_certificate_key /var/lib/acme/live/example.com/privkey;

  # Set up preferred secure protocols and ciphers. TLS1.2 is required for HTTP/2
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_prefer_server_ciphers on;
  ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA;

  root /var/www/example/public;
  server_name example.com;
  if ($ssl_protocol = "") {
    rewrite     ^   https://$server_name$request_uri? permanent;
  }
  client_max_body_size 20M;
  passenger_enabled on;
  rails_env production;

  # For issuing https certificates
  location ^~ /.well-known/acme-challenge/ {
    alias /var/www/acme-challenge/.well-known/acme-challenge/;
  }

  location ~* ^/assets/ {
    # Per RFC2616 - 1 year maximum expiry
    # http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html
    expires 1y;
    add_header Cache-Control public;

    # Some browsers still send conditional-GET requests if there's a
    # Last-Modified header or an ETag header even if they haven't
    # reached the expiry date sent in the Expires header.
    add_header Last-Modified "";
    add_header ETag "";
    break;
  }
}

这是 Rails 部分

路线

match 'stripe/webhook' => 'stripe#webhook', via: [:post, :get], as: :stripe_webhook

控制器

class StripeController < ApplicationController

  protect_from_forgery :except => [:subscription, :webhook] #Otherwise the request from Stripe wouldn't make it to the controller
  skip_before_action :require_login, only: [:webhook]

  def webhook
    Stripe.api_key = 'SECRET'

    begin
      event_json = JSON.parse(request.body.read)

      #make sure this is the real deal by verifying the event by fetching it from Stripe
      if event.has_key?("id")
        event = Stripe::Event.retrieve(event_json["id"])

        txt = 'OK'
        handle_transaction(event)
      else
        txt = 'ERROR'
      end
      render plain: txt, layout: false, status: 200
    rescue => e
      Rails.logger.info "===================== ERROR ==================="
      Rails.logger.info e.inspect
      render plain: 'ERROR', layout: false, status: 500
    end
  end

  #rest of the actions and private methods
  #(...)

end

知道为什么会这样吗？

Answer 1

因此问题出在托管服务提供商级别，他们必须将来自条带的 IP 列入白名单。

如果有人需要，可以在https://stripe.com/files/ips/ips_webhooks.txt 找到 IP。