Rails/Unicorn 错误：无法从“config/secrets.yml”中读取 secret_key_base 和 secret_token

Question

我使用以下版本 独角兽 4.9 导轨 4.2.1 红宝石 2.2.1 Nginx 1.4.6 Capistrano 3.4.0

当我将应用程序部署到生产服务器并尝试访问其中一个页面时，我在 unicorn.log 文件中看到一个错误：“应用程序错误：‘生产’环境缺少 secret_token 和 secret_key_base，请设置这些config/secrets.yml (RuntimeError) 中的值"

我已经阅读了大量关于独角兽问题和读取 ENV 变量的帖子，因此我将那些“缺失”的键作为常量值包含在 config/secrets.yml 中：

production:
  secret_key_base: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
  secret_token: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

但我仍然收到相同的错误消息，所以它可能不是 unicorn+ENV 变量问题。 你能猜到这里发生了什么吗？

编辑：此错误的回溯

E, [2015-05-11T16:06:55.297893 #26836] ERROR -- : app error: Missing `secret_token` and `secret_key_base` for 'production' environment, set these values in `config/secrets.yml` (RuntimeError)
E, [2015-05-11T16:06:55.298352 #26836] ERROR -- : /home/deploy/apps/MYAPP/shared/bundle/ruby/2.2.0/gems/railties-4.2.1/lib/rails/application.rb:534:in `validate_secret_key_config!'
E, [2015-05-11T16:06:55.298592 #26836] ERROR -- : /home/deploy/apps/MYAPP/shared/bundle/ruby/2.2.0/gems/railties-4.2.1/lib/rails/application.rb:246:in `env_config'
E, [2015-05-11T16:06:55.298839 #26836] ERROR -- : /home/deploy/apps/MYAPP/shared/bundle/ruby/2.2.0/gems/railties-4.2.1/lib/rails/engine.rb:514:in `call'
E, [2015-05-11T16:06:55.299089 #26836] ERROR -- : /home/deploy/apps/MYAPP/shared/bundle/ruby/2.2.0/gems/railties-4.2.1/lib/rails/application.rb:164:in `call'
E, [2015-05-11T16:06:55.299313 #26836] ERROR -- : /home/deploy/apps/MYAPP/shared/bundle/ruby/2.2.0/gems/rack-1.6.0/lib/rack/tempfile_reaper.rb:15:in `call'
E, [2015-05-11T16:06:55.299550 #26836] ERROR -- : /home/deploy/apps/MYAPP/shared/bundle/ruby/2.2.0/gems/rack-1.6.0/lib/rack/commonlogger.rb:33:in `call'
E, [2015-05-11T16:06:55.299778 #26836] ERROR -- : /home/deploy/apps/MYAPP/shared/bundle/ruby/2.2.0/gems/rack-1.6.0/lib/rack/chunked.rb:54:in `call'
E, [2015-05-11T16:06:55.300011 #26836] ERROR -- : /home/deploy/apps/MYAPP/shared/bundle/ruby/2.2.0/gems/rack-1.6.0/lib/rack/content_length.rb:15:in `call'
E, [2015-05-11T16:06:55.300255 #26836] ERROR -- : /home/deploy/apps/MYAPP/shared/bundle/ruby/2.2.0/gems/unicorn-4.9.0/lib/unicorn/http_server.rb:580:in `process_client'
E, [2015-05-11T16:06:55.300490 #26836] ERROR -- : /home/deploy/apps/MYAPP/shared/bundle/ruby/2.2.0/gems/unicorn-4.9.0/lib/unicorn/http_server.rb:674:in `worker_loop'
E, [2015-05-11T16:06:55.300722 #26836] ERROR -- : /home/deploy/apps/MYAPP/shared/bundle/ruby/2.2.0/gems/unicorn-4.9.0/lib/unicorn/http_server.rb:529:in `spawn_missing_workers'
E, [2015-05-11T16:06:55.300955 #26836] ERROR -- : /home/deploy/apps/MYAPP/shared/bundle/ruby/2.2.0/gems/unicorn-4.9.0/lib/unicorn/http_server.rb:540:in `maintain_worker_count'
E, [2015-05-11T16:06:55.301197 #26836] ERROR -- : /home/deploy/apps/MYAPP/shared/bundle/ruby/2.2.0/gems/unicorn-4.9.0/lib/unicorn/http_server.rb:294:in `join'
E, [2015-05-11T16:06:55.301506 #26836] ERROR -- : /home/deploy/apps/MYAPP/shared/bundle/ruby/2.2.0/gems/unicorn-4.9.0/bin/unicorn:126:in `<top (required)>'
E, [2015-05-11T16:06:55.301746 #26836] ERROR -- : /home/deploy/apps/MYAPP/shared/bundle/ruby/2.2.0/bin/unicorn:23:in `load'
E, [2015-05-11T16:06:55.301962 #26836] ERROR -- : /home/deploy/apps/MYAPP/shared/bundle/ruby/2.2.0/bin/unicorn:23:in `<main>'

我注意到它转到了一个名为 ruby/2.2.0 的目录，尽管 ruby -v 显示 ruby​​ 2.2.1p85。有道理吗？

Answer 1

不建议在您的 secrets.yml 文件中包含您的实际密钥。

因此，使用环境变量将其回滚到更安全的版本。

secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>
etc.

然后将这两行添加到Unicorn环境配置文件$/etc/default/unicorn

# Application specific settings
export SECRET_KEY=XXXXXXXXXXXXXXXXXXXXXXXXX
export SECRET_KEY_BASE=XXXXXXXXXXXXXXXXXXXXXXXXXX

杀死并重新启动您的 Unicorn 进程以加载这些环境变量。

Answer 2

在部署应用程序时，安全性应该是第一要务。我知道这很难，但安全性不应该是您事后实施的事情。

我写了一个指南来帮助人们使用 capistrano 安全地部署 Rails 应用程序。

设置为：Nginx + unicorn + 零停机时间

步骤：

1. https://github.com/JensDebergh/guides/blob/master/operations/server/1-setup.md
2. https://github.com/JensDebergh/guides/blob/master/operations/server/2-deploy-setup.md
3. https://github.com/JensDebergh/guides/blob/master/operations/server/3-app-deploy.md

它使用dotenv-rails 来导出环境变量，通过上面的注释，您可以在需要的地方安全地在应用程序中使用环境变量。

希望对你有帮助。