1. 首頁
  2. 問答
  3. Nginx - 在https上服務瓶python和另一個端口沒有https

Nginx - 在https上服務瓶python和另一個端口沒有https

2016-09-15 46 views
0

我正在努力完成。 在https上有一個域。檢查。它使用下面的配置工作正常。燒瓶應用程序運行在端口1337 - > nginx需要它 - >通過https服務它。一切正常工作Nginx - 在https上服務瓶python和另一個端口沒有https

現在我想運行另一個應用程序,端口1338讓我們說。但如果我這樣做,瀏覽器(chrome)會自動將其重定向到https。 我想:http://domain.com:1338 ....運行OK 我得到:https://domain.com:1338 ...錯誤證書

我的問題是:如何才能讓其他應用程序(在端口1338),無論是工作,https://或以http工作://

這裏是我的配置...

server { 
     listen 80 default_server; 
     listen [::]:80 default_server; 


     root /home/cleverbots; 

     # Add index.php to the list if you are using PHP 
     index index.html index.htm index.nginx-debian.html; 

     server_name _; 



     # SSL configuration 
     # 
     listen 443 ssl http2 default_server; 
     listen [::]:443 ssl http2 default_server; 

     ssl_certificate  /xxxxxxxxxx.crt; 
     ssl_certificate_key /xxxxxxxxxx.key; 

     ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 
     ssl_prefer_server_ciphers on; 
     ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; 
     ssl_ecdh_curve secp384r1; 
     ssl_session_cache shared:SSL:10m; 
     ssl_session_tickets off; 
     ssl_stapling on; 
     ssl_stapling_verify on; 
     resolver 8.8.8.8 8.8.4.4 valid=300s; 
     resolver_timeout 5s; 
     # Disable preloading HSTS for now. You can use the commented out header line that includes 
     # the "preload" directive if you understand the implications. 
     #add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"; 
     add_header Strict-Transport-Security "max-age=63072000; includeSubdomains"; 
     add_header X-Frame-Options DENY; 
     add_header X-Content-Type-Options nosniff; 

     ssl_dhparam /xxxxxx/dhparam.pem; 




     location /static/ { 
       expires 30d; 
       add_header Last-Modified $sent_http_Expires; 
       alias /home/my_first_app/application/static/; 
     } 


     location/{ 
       try_files $uri @tornado; 
     } 

     location @tornado { 
       proxy_set_header Host $host; 
       proxy_set_header X-Real-IP $remote_addr; 
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
       proxy_pass  http://127.0.0.1:1337; 
     } 



}

來源

2016-09-15 OWADVL

+1

如果你想要這個程序是通過瀏覽器對公衆開放,那麼你就需要添加一個子域爲它監聽80端口上。如果你只是將它用於API調用(比如說),那麼你可以在自定義端口上創建一個新的服務器模塊,然後讓Nginx代理它到端口1338 –

回答

2

的回答你的問題取決於正是你想要的用戶體驗是什麼。

據我瞭解你的目標,你只有一個域(example.com)。您的第一個應用(我將稱之爲app1337)正在端口1337上運行,您可以在瀏覽器中訪問https://example.com/。現在您想要添加另一個應用程序(app1338),您希望能夠在https://example.com:1338/上訪問該應用程序。這裏的問題是隻有一個服務可以在給定接口的給定端口上運行。這可以工作,但意味着你必須非常小心地確保你的燒瓶應用只有在環回(127.0.0.1)上偵聽,並且Nginx只能偵聽你的以太網接口。如果沒有,你會得到「套接字已被使用」的錯誤。我會推薦在Nginx中使用其他類似8338的東西來避免這種混淆。

我能看到的最快速的解決方案是將現有的服務器模塊完全保持原樣。重複整個事情,並在新的塊:

  1. 更改2條listen 443線要在瀏覽器 (8338)使用的端口。
  2. 刪除listen 80行,或者如果您想在ssl和non-ssl上同時提供該應用,請將該端口更改爲您要使用的非ssl端口。
  3. 將您的proxy_pass行更改爲指向您的第二個應用程序。

和Keenan一樣,我會建議你使用子域來排序你的流量。類似https://app1337.example.com/https://app1338.example.com/,以提供更好的用戶體驗。要做到這一點,請按照上面的方法複製服務器塊,但這次請保留相同的端口,但更改每個塊中的「server_name」指令以匹配域。從listen指令中刪除所有「default_server」部分。

舉個例子:

server { 
     listen 443 ssl http2; 
     listen [::]:443 ssl http2; 
     server_name app1337.example.com; 

     # SSL configuration 
     # Certificate and key for "app1337.example.com" 
     ssl_certificate  /xxxxxxxxxx.crt; 
     ssl_certificate_key /xxxxxxxxxx.key; 

     # The rest of the ssl stuff is common and can be moved to a shared file and included 
     # in whatever blocks it is needed. 
     include sslcommon.conf; 

     root /home/cleverbots; 
     # Add index.php to the list if you are using PHP 
     index index.html index.htm index.nginx-debian.html; 

     location /static/ { 
       expires 30d; 
       add_header Last-Modified $sent_http_Expires; 
       alias /home/my_first_app/application/static/; 
     } 

     location/{ 
       try_files $uri @tornado; 
     } 

     location @tornado { 
       proxy_set_header Host $host; 
       proxy_set_header X-Real-IP $remote_addr; 
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
       proxy_pass  http://127.0.0.1:1337; 
     } 
} 
server { 
     listen 443 ssl http2; 
     listen [::]:443 ssl http2; 
     server_name app1338.example.com; 

     # SSL configuration 
     # Certificate and key for "app1338.example.com" 
     ssl_certificate  /xxxxxxxxxx.crt; 
     ssl_certificate_key /xxxxxxxxxx.key; 

     # The rest of the ssl stuff is common and can be moved to a shared file and included 
     # in whatever blocks it is needed. 
     include sslcommon.conf; 

     ## This might be different for app1338 
     root /home/cleverbots; 
     # Add index.php to the list if you are using PHP 
     index index.html index.htm index.nginx-debian.html; 

     ## This might be different for app1338 
     location /static/ { 
       expires 30d; 
       add_header Last-Modified $sent_http_Expires; 
       alias /home/my_first_app/application/static/; 
     } 

     location/{ 
       try_files $uri @app1338; 
     } 

     location @app1338 { 
       proxy_set_header Host $host; 
       proxy_set_header X-Real-IP $remote_addr; 
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
       proxy_pass  http://127.0.0.1:1338; 
     } 
}

來源

2016-09-15 17:41:01

+0

非常感謝。我還必須補充說,你必須添加proxy_pass http:// localhost:1338; proxy_http_version 1。1; proxy_set_header升級$ http_upgrade; proxy_set_header連接「升級」; proxy_set_header主機$主機; proxy_set_header主機$主機; proxy_set_header X-Real-IP $ remote_addr; proxy_set_header X-Forwarded-For $ proxy_add_x_forwarded_for; – OWADVL

相關問題

 相關問題