gpt4 book ai didi

django - 将 SSL 与 Gunicorn/Django/Nginx 应用程序一起使用时出现混合内容错误

转载 作者:太空宇宙 更新时间:2023-11-03 14:28:18 24 4
gpt4 key购买 nike

我正在尝试为 Superdesk 的实例配置 HTTPS ,它使用 Gunicorn 和 Nginx 进行路由。我安装了证书并且(我认为)在服务器上工作。然而,将浏览器指向该应用程序会在 Firefox 上显示“阻止加载混合事件内容“http://localhost/api”,在 Chrome 上显示“与'ws://localhost/ws'的 WebSocket 连接失败:连接建立时出错:net::ERR_CONNECTION_REFUSED”。这个应用程序的文档几乎不存在,我现在已经花费了无数个小时来尝试让它工作。我提交了 issue与 GitHub 上的开发人员一起,但我并没有得到答案。这是我的 Nginx 配置:

server {
listen 80;
listen 443 ssl;

server_name my_server_name;
ssl on;
ssl_certificate /path/to/my/cert.pem;
ssl_certificate_key /path/to/my/key/key.pem;

location /ws {
proxy_pass http://localhost:5100;
proxy_http_version 1.1;
proxy_buffering off;
proxy_read_timeout 3600;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
location /api {
proxy_pass http://localhost:5000;
proxy_set_header Host localhost;
expires epoch;

sub_filter_once off;
sub_filter_types application/json;
sub_filter 'http://localhost' 'http://$host';
}
location /contentapi {
proxy_pass http://localhost:5400;
proxy_set_header Host localhost;
expires epoch;
}
location /.well-known {
root /var/tmp;
}
location / {
root /opt/superdesk/client/dist;

# TODO: use "config.js:server" for user installations
sub_filter_once off;
sub_filter_types application/javascript;
sub_filter 'http://localhost' 'http://$host';
sub_filter 'ws://localhost/ws' 'ws://$host/ws';
}
location /mail {
alias /var/log/superdesk/mail/;
default_type text/plain;
autoindex on;
autoindex_exact_size off;
}
}

这是我第一次使用 nginx/gunicorn/django 应用程序,我完全迷路了。谁能给我指出正确的方向?

最佳答案

对于任何尝试设置 Superdesk 并遇到同样问题的人,我终于找到了正确的配置。

首先,这是我必须处理 HTTPS 请求并将 HTTP 请求重定向到 HTTPS 的 Nginx 配置:

server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name my.domain.com;

ssl on;
ssl_certificate /path/to/my/cert.pem;
ssl_certificate_key /path/to/my/key.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;

location /ws {
proxy_pass http://localhost:5100;
proxy_http_version 1.1;
proxy_buffering off;
proxy_read_timeout 3600;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}

location /api {
proxy_pass http://localhost:5000;
proxy_set_header Host my.domain.com;
expires epoch;

sub_filter_once off;
sub_filter_types application/json;
sub_filter 'http://localhost' 'https://$host';
}

location /contentapi {
proxy_pass http://localhost:5400;
proxy_set_header Host my.domain.com;
expires epoch;
}

location /.well-known {
root /var/tmp;
}
location / {
root /opt/superdesk/client/dist;

# TODO: use "config.js:server" for user installations
sub_filter_once off;
sub_filter_types application/javascript;
sub_filter 'http://localhost' 'https://$host';
sub_filter 'ws://localhost/ws' 'wss://$host/ws';
}
location /mail {
alias /var/log/superdesk/mail/;
default_type text/plain;
autoindex on;
autoindex_exact_size off;
}

}

server {
listen 80;
listen [::]:80;
server_name my.domain.com;
return 301 https://$host$request_uri;
}

我在配置中缺少的内容:

proxy_set_header字段必须设置为 proxy_set_header Host <my_domain name>sub_filter字段,它是必须设置为使用 HTTPS 的仅第二个参数

必须配置的 Superdesk 特定内容:

在/opt/superdesk/activate.sh 中,将 HOST_SSL 设置为 HOST_SSL=${HOST_SSL:-s} .这将确保通过邮件发送的链接(如密码保留电子邮件)作为 HTTPS 发送。

回想起来这似乎很简单,但是哇,如果对 Nginx 的知识有限,很难弄清楚......

关于django - 将 SSL 与 Gunicorn/Django/Nginx 应用程序一起使用时出现混合内容错误,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/54964520/

24 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com