gpt4 book ai didi

ssl - NGINX - SSL 握手时关闭连接,同时 SSL 握手到上游

转载 作者:行者123 更新时间:2023-12-04 22:42:59 24 4
gpt4 key购买 nike

堆栈 : react ,NGINX 1.14.0,GUnicorn,Django 2.2.8,Python 3.6.9
错误 :

  • 在浏览器:当 React 调用 Django API(当然是在请求头中使用 Origin)时,大约 30 秒后浏览器控制台会出现 CORS 错误。在浏览器控制台中:CORS 策略已阻止从源“https://mydomain”访问“https://mydomain:8000/something/”处的 XMLHttpRequest:不存在“Access-Control-Allow-Origin” header 请求的资源。此外,HTTP 状态码是 502 Bad Gateway。
  • 在 NGINX:SSL 握手中的对等关闭连接,同时 SSL 与上游握手,客户端:某物,服务器:mydomain,请求:“GET/something/HTTP/1.1”,上游:“https://unix:/home/ubuntu/django_path/gunicorn.sock:/something/",主机:"mydomain:8000",引用者:"https://mydomain/something"。等待请求时客户端超时(110:连接超时),客户端:某事,服务器:0.0.0.0:443
  • 在 GUnicorn:[关键] worker 超时
  • 在 Django :我编写了日志以查看,但未打印日志。

  • session :
  • NGINX :
  • server {
    listen 80;
    server_name mydomain;

    return 301 https://$host$request_uri;
    }

    server {
    listen 443 ssl;
    server_name mydomain;

    error_log /var/log/nginx/error.log debug;

    ssl_certificate /etc/letsencrypt/live/mydomain/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/mydomain/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    location / {
    root /home/ubuntu/react_path/build;
    index index.html index.htm;
    try_files $uri $uri/ /index.html;
    }
    }

    server {
    listen 8000 ssl;
    server_name mydomain;

    ssl_certificate /etc/letsencrypt/live/mydomain/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/mydomain/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    charset utf-8;

    location / {
    include proxy_params;
    proxy_pass https://unix:/home/ubuntu/django_path/gunicorn.sock;
    }

    location /static/ {
    alias /home/ubuntu/django_path/static/;
    }

    location /media/ {
    alias /home/ubuntu/django_path/media/;
    }
    }
  • G unicorn :
  • [Unit]
    Description=gunicorn daemon
    After=network.target

    [Service]
    User=ubuntu
    Group=www-data
    WorkingDirectory=/home/ubuntu/django_path
    ExecStart=/home/ubuntu/VENV/bin/gunicorn --workers 3 --bind unix:/home/ubuntu/django_path/gunicorn.sock api.wsgi:application

    [Install]
    WantedBy=multi-user.target
  • Django :
  • CORS_ALLOWED_ORIGINS = [
    'https://mydomain',
    ]
    有一些问题,但我认为发生 CORS 错误是因为流量没有到达 Django,甚至 GUnicorn。
    所以也许我改变了NGINX conf。你怎么看?我该如何解决?

    最佳答案

    继续之后,我找到了解决办法。
    https://serverfault.com/questions/746297/how-to-run-gunicorn-upstream-with-an-nginx-ssl-configuration很有帮助。
    下面是 NGINX 的配置文件。

    upstream gunicorn {
    server 127.0.0.1:8080;
    }

    server {
    listen 80;
    server_name mydomain;

    return 301 https://$host$request_uri;
    }

    server {
    listen 443 ssl;
    server_name mydomain;

    ...
    }

    server {
    listen 8000 ssl;
    server_name mydomain;

    ...

    location / {
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $host;
    proxy_pass http://gunicorn;
    }
    ...
    }
    下面是 GUnicorn 的 conf。
    ...
    ExecStart=/home/ubuntu/VENV/bin/gunicorn --workers 3 --bind 127.0.0.1:8080:/home/ubuntu/django_path/gunicorn.sock api.wsgi:application
    ...

    关于ssl - NGINX - SSL 握手时关闭连接,同时 SSL 握手到上游,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/63830235/

    24 4 0
    Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
    广告合作:1813099741@qq.com 6ren.com