When Phusion Passenger fails, it displays environment variables to the user. This ticket is based on this thread: http://stackoverflow.com/questions/27379199/openshift-passenger-shows-env-variables-on-fail Anything you can do to get passenger to fail will reproduce the issue. These are the steps that I did. Steps to Reproduce: 1. Migrate a rails app on a Ruby1.9 cartridge to a Ruby 2.0 cartridge where rack version is 1.4.5. Actual results: Phusion Passenger fails and shows the user the environment variables & values. Expected results: Display a "Something Went Wrong" message to the user and write the error to the log. Additional info: This is a scary bug as people can store very sensitive info in environment variables such as secret api keys.
It appears to be a bug in Phussion Passenger we're using, since docs [1] specifically say that PassengerAppEnv set to production, which we do by default, should lead to showing just simple 'Something Went Wrong' error page. To make it working again I've added conditional turning those pages on/off with this PR [2]. This is done for all our ruby carts. [1] https://www.phusionpassenger.com/documentation/Users%20guide%20Apache.html#PassengerFriendlyErrorPages [2] https://github.com/openshift/origin-server/pull/6072
Commits pushed to master at https://github.com/openshift/origin-server https://github.com/openshift/origin-server/commit/f8704605fba212b3951e9322fb4599d1c57bf321 Bug 1191517 - Passenger is not hiding ErrorPages even when production is specified. Added additional logic to force hiding ErrorPages when not in development. https://github.com/openshift/origin-server/commit/21780f8f48567aa432ab76cee78005af0cf1ff1a Merge pull request #6072 from soltysh/bug1191517 Merged by openshift-bot
@Steve, could you please provide information on how you made passenger fail in your case? Thank you.
I usually added something along this in config.ru: map '/error' do raise Error.new end That usually was enough to get Phussion error.
Verified on devenv_5433 1. Create a rails app with the rails-example quickstart rhc create-app rails mysql-5.1 --from-code https://github.com/openshift/rails-example.git 2. Set RAILS_ENV=development rhc env set RAILS_ENV=development -a rails 3. Add something to the app to get Phussion error according to comment 4 Add following to config.ru, then commit and push updates. ``` map '/error' do raise Error.new end ``` 4. Access $app_url/error, in the page Phusion Passenger listed all the errors 5. Set RAILS_ENV=production, then restart the app rhc env set RAILS_ENV=production -a rails rhc app-restart -a rails 6. Access $app_url/error, the page shows 'Internal Server Error, the Phusion Passenger is not displayed.
(In reply to Hou Jianwei from comment #3) > @Steve, could you please provide information on how you made passenger fail > in your case? Thank you. I had a rails 3 app on ruby 1.9 with rack version 1.4.5. I took a snapshot and then tried to restore it to a ruby 2.0 cartridge. It failed with some type of rack version error. I don't recall the exact text. Please let me know if you have further questions.