質問
I'm using unicorn behind nginx and Rails 4.1
The issue is that when running in either mode (development/production), if I request:
https://stackoverflow.com/questions/23323595
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russianhttp://my.example.com//config/database.yml
I just download the file. No problem! The same happens for every other file in the folder or subfolders.
This should not be allowed. I've been trying to find a way to block this.
So far, I've managed it via nginx with this line:
rewrite ^/+config/.* / permanent;
But I guess... no... I'm certain that there must be a Rails way to do this. Can you show me?
Thanks.
解決
FYI a true rails app will only load from the public directory. All the other dirs should not exist to the outside world, as it will all render through public. If you see this example:
server {
listen 80;
server_name example.com;
root /var/www/apps/example/current/public;
index index.html index.htm;
It loads from the public dir. Perhaps you could post your nginx configuration to see what the issue is?
