I'm using Nginx with Phusion Passenger to run a Rails app on an EC2 CentOS machine.
I have a pretty standard set up with Nginx, Rails, Phusion Passenger and SSL (I think). My nginx.conf is below. So far it has worked out fine except that every time two requests hit the server at the same time, a new Rails instance is created to serve the second request.
The problem is that once the second request is directed to the newly created Rails instance, it loses the authenticated session from the original Rails instance, resulting in errors. My sessions are stored in memory.
As a workaround, I've set passenger_max_instances_per_app
to 1 so on new Rails instances are created, but this is only a temporary fix.
Does anyone know how to make Nginx maintain the same session for requests from the same source? I might be missing something obvious here.
Thanks!
worker_processes 1;
events {
worker_connections 1024;
}
http {
...
passenger_pool_idle_time 0;
passenger_max_instances_per_app 1;
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
# this server isn't rails enabled.
# will redirect all traffic to https
server {
listen 80;
server_name example.com;
rewrite ^ https://www.example.com$request_uri permanent;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
# HTTPS server
# - by default everything is served by https
server {
listen 443;
server_name www.example.com;
root /rails/root/public;
passenger_enabled on;
rails_env production;
ssl on;
ssl_certificate /path/to/cert/www.example.com.crt;
ssl_certificate_key /path/to/cert/www.example.com.key;
ssl_session_timeout 5m;
}
}
We generally have passenger_max_pool_size 2;
unless we leave it out entirely (taking the default setting) and the two settings you're specifying, passenger_pool_idle_time
and passenger_max_instances_per_app
we also leave to the default.
The session key should be kept in a cookie so Rails can look it up between requests. Assuming that's working properly, the problem is that multiple Rails instances aren't sharing memory (feature, not a bug - they're processes, not threads) and therefore don't share session data. Try moving your session information into ActiveRecord:
# Use the database for sessions instead of the cookie-based default,
# which shouldn't be used to store highly confidential information
# (create the session table with "rake db:sessions:create")
ActionController::Base.session_store = :active_record_store
(the above code is in config/initializers/session_store.rb
)
That way, because the data store is accessibly to multiple Rails processes, they should all have access to the same pool of active sessions.