Devise throws 401 unauthorized and redirects only in Production/Staging

Question

I have an authentication system set up with Devise.

I can successfully login in development mode, but I cannot login a user with valid credentials in staging/production environment.

Can session storage be the cause of this?

This is what I have inside config/initializers/session_store.rb:

# Be sure to restart your server when you modify this file.

Rails.application.config.session_store :cookie_store, key: '_pigo_session'

I also added config.http_authenticatable = false in config/intitializers/devise.rb

My staging.log file looks like this:

  I, [2015-06-10T16:57:20.325304 #3577]  INFO -- : Started GET "/" for 69.59.28.19 at 2015-06-10 16:57:20 +0400
  I, [2015-06-10T16:57:20.327106 #3577]  INFO -- : Processing by OffersController#index as HTML
  I, [2015-06-10T16:57:20.328034 #3577]  INFO -- : Filter chain halted as #<Proc:0x007fad7d18c5b8@/home/deploy/apps/pigo/shared/bundle/ruby/2.1.0/gems/actionpack-4.1.4/lib/action_controller/metal/http_authentication.rb:71> rendered or redirected
  I, [2015-06-10T16:57:20.328232 #3577]  INFO -- : Completed 401 Unauthorized in 1ms (ActiveRecord: 0.0ms)

Answer 1

If this can help anyone, I faced a similar problem recently. The issue was with the nginx configuration (used as a reverse proxy in my production environment).

Here's what I changed to fix the issue:

upstream puma {
  server localhost:3000;
}

server {
  # ...
  location @puma {
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme; # <== added this line
    proxy_set_header Host $http_host;
    proxy_redirect off;
    proxy_pass http://puma;
  }
}