Django + uwsgi + nginx +让加密无法访问https

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Django + uwsgi + nginx +让加密无法访问https相关的知识,希望对你有一定的参考价值。

[解决了]

它是由/ etc / nginx / sites-enabled / default引起的

默认文件已经为绑定流量定义,所以当我删除它时,它工作正常。


我正在使用Django / uwsgi / nginx。

并且要访问ssl,安装了Lets加密。

下面的源代码是nginx和uwsgi确认文件。

[project_rest.conf]

upstream django {t
    server 127.0.0.1:8001;
}

server {
    listen      8000;
    server_name .mysitedomain.com;
    charset     utf-8;

    client_max_body_size 75M;   # adjust to taste

    # Django media
    location /media  {
        alias /home/app/project_rest/media;  # your Django project's media files - amend as required
    }

    location /static {
        alias /home/app/project_rest/static; # your Django project's static files - amend as required
    }

    # Finally, send all non-media requests to the Django server.
    location / {
       uwsgi_pass  django;
        include     /home/app/project_rest/uwsgi_params; # the uwsgi_params file you installed
    }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/mysitedomain.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/mysitedomain.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

(我创建了project_rest.conf并链接到/ etc / nginx / sites-enabled /)

[在/ etc / nginx的/网站可用/默认]

server {
        # SSL configuration
        #
        # listen 443 ssl default_server;
        # listen [::]:443 ssl default_server;
        #
        # Note: You should disable gzip for SSL traffic.
        # See: https://bugs.debian.org/773332
        #
        # Read up on ssl_ciphers to ensure a secure configuration.
        # See: https://bugs.debian.org/765782
        #
        # Self signed certs generated by the ssl-cert package
        # Don't use them in a production server!
        #
        # include snippets/snakeoil.conf;

        root /var/www/html;

        # Add index.php to the list if you are using PHP
        index index.html index.htm index.nginx-debian.html;

        server_name mysitedomain.com www.mysitedomain.com;

        location / {
            # First attempt to serve request as file, then
            # as directory, then fall back to displaying a 404.
            try_files $uri $uri/ =404;
        }

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        #location ~ .php$ {
        #   include snippets/fastcgi-php.conf;
        #
        #   # With php7.0-cgi alone:
        #   fastcgi_pass 127.0.0.1:9000;
        #   # With php7.0-fpm:
        #   fastcgi_pass unix:/run/php/php7.0-fpm.sock;
        #}

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /.ht {
        #   deny all;
        #}

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/mysitedomain.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/mysitedomain.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

server {
    if ($host = www.mysitedomain.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    if ($host = mysitedomain.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    listen 80 default_server;
    listen [::]:80 default_server;

    server_name mysitedomain.com www.mysitedomain.com;
    return 404; # managed by Certbot
}

[Uwsgi.ini]

[uwsgi]
# the base directory (full path)
chdir=/home/app/project_rest
# Django's wsgi file
module=project_rest.wsgi:application
master=true
# maximum number of worker processes
processes=10
# the socket (use the full path to be safe
socket=127.0.0.1:8001
chmod-socket=664
chown-socket=app:app
pidfile=/tmp/project_rest.pid
# clear environment on exit
vacuum=true
max-requests=5000
daemonize=project_rest.uwsgi.log

(我使用vitualenv)输入“uwsgi --ini uwsgi.ini”后,我可以访问mysitedomain.com:8000到我的django的网站。但我无法访问https://mysitedomain.com:8000虽然可以访问https://mysitedomain.com我想访问https://mysitedomain.com:8000,它如何实现?谢谢。

答案
server {
    listen          80;
    server_name     example.com;
    rewrite ^/(.*)  https://example.com/$1 permanent;
}

server {
    listen          443 ssl;
    server_name     example.com;
    access_log      /var/log/nginx/example.com_access.log combined;
    error_log       /var/log/nginx/example.com_error.log error;

        ssl_certificate /etc/letsencrypt/live/mysitedomain.com/fullchain.pem; # managed by Certbot
        ssl_certificate_key /etc/letsencrypt/live/mysitedomain.com/privkey.pem; # managed by Certbot
        include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
        ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    location /static/ {
        alias /webapps/example/static/;
    }

    location /media/ {
        alias /webapps/example/media/;
    }

    location / {
        proxy_pass         http://localhost:8000/;
        proxy_redirect     off;

        proxy_set_header   Host              $http_host;
        proxy_set_header   X-Real-IP         $remote_addr;
        proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
    }

}

请更改您的域名值并报告反馈

另一答案

[解决了]

它是由/ etc / nginx / sites-enabled / default引起的

默认文件已经为绑定流量定义,所以当我删除它时,

它工作正常。

以上是关于Django + uwsgi + nginx +让加密无法访问https的主要内容,如果未能解决你的问题,请参考以下文章

将 http abort/close 从 nginx 传播到 uwsgi / Django

Django / nginx / uwsgi出现502错误

结合Nginx+Uwsgi部署Django项目

Debian+Django+uWsgi+nginx+mysql+celery

详细拆分如何在ubuntu 上使用 nginx + uwsgi socket方式部署 Django 项目

线上项目部署