1. 首页
  2. 问答
  3. Nginx - 在https上服务瓶python和另一个端口没有https

Nginx - 在https上服务瓶python和另一个端口没有https

2016-09-15 47 views
0

我正在努力完成。 在https上有一个域。检查。它使用下面的配置工作正常。烧瓶应用程序运行在端口1337 - > nginx需要它 - >通过https服务它。一切正常工作Nginx - 在https上服务瓶python和另一个端口没有https

现在我想运行另一个应用程序,端口1338让我们说。但如果我这样做,浏览器(chrome)会自动将其重定向到https。 我想:http://domain.com:1338 ....运行OK 我得到:https://domain.com:1338 ...错误证书

我的问题是:如何才能让其他应用程序(在端口1338),无论是工作,https://或以http工作://

这里是我的配置...

server { 
     listen 80 default_server; 
     listen [::]:80 default_server; 


     root /home/cleverbots; 

     # Add index.php to the list if you are using PHP 
     index index.html index.htm index.nginx-debian.html; 

     server_name _; 



     # SSL configuration 
     # 
     listen 443 ssl http2 default_server; 
     listen [::]:443 ssl http2 default_server; 

     ssl_certificate  /xxxxxxxxxx.crt; 
     ssl_certificate_key /xxxxxxxxxx.key; 

     ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 
     ssl_prefer_server_ciphers on; 
     ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; 
     ssl_ecdh_curve secp384r1; 
     ssl_session_cache shared:SSL:10m; 
     ssl_session_tickets off; 
     ssl_stapling on; 
     ssl_stapling_verify on; 
     resolver 8.8.8.8 8.8.4.4 valid=300s; 
     resolver_timeout 5s; 
     # Disable preloading HSTS for now. You can use the commented out header line that includes 
     # the "preload" directive if you understand the implications. 
     #add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"; 
     add_header Strict-Transport-Security "max-age=63072000; includeSubdomains"; 
     add_header X-Frame-Options DENY; 
     add_header X-Content-Type-Options nosniff; 

     ssl_dhparam /xxxxxx/dhparam.pem; 




     location /static/ { 
       expires 30d; 
       add_header Last-Modified $sent_http_Expires; 
       alias /home/my_first_app/application/static/; 
     } 


     location/{ 
       try_files $uri @tornado; 
     } 

     location @tornado { 
       proxy_set_header Host $host; 
       proxy_set_header X-Real-IP $remote_addr; 
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
       proxy_pass  http://127.0.0.1:1337; 
     } 



}

来源

2016-09-15 OWADVL

+1

如果你想要这个程序是通过浏览器对公众开放,那么你就需要添加一个子域为它监听80端口上。如果你只是将它用于API调用(比如说),那么你可以在自定义端口上创建一个新的服务器模块,然后让Nginx代理它到端口1338 –

回答

2

的回答你的问题取决于正是你想要的用户体验是什么。

据我了解你的目标,你只有一个域(example.com)。您的第一个应用(我将称之为app1337)正在端口1337上运行,您可以在浏览器中访问https://example.com/。现在您想要添加另一个应用程序(app1338),您希望能够在https://example.com:1338/上访问该应用程序。这里的问题是只有一个服务可以在给定接口的给定端口上运行。这可以工作,但意味着你必须非常小心地确保你的烧瓶应用只有在环回(127.0.0.1)上侦听,并且Nginx只能侦听你的以太网接口。如果没有,你会得到“套接字已被使用”的错误。我会推荐在Nginx中使用其他类似8338的东西来避免这种混淆。

我能看到的最快速的解决方案是将现有的服务器模块完全保持原样。重复整个事情,并在新的块:

  1. 更改2条listen 443线要在浏览器 (8338)使用的端口。
  2. 删除listen 80行,或者如果您想在ssl和non-ssl上同时提供该应用,请将该端口更改为您要使用的非ssl端口。
  3. 将您的proxy_pass行更改为指向您的第二个应用程序。

和Keenan一样,我会建议你使用子域来排序你的流量。类似https://app1337.example.com/https://app1338.example.com/,以提供更好的用户体验。要做到这一点,请按照上面的方法复制服务器块,但这次请保留相同的端口,但更改每个块中的“server_name”指令以匹配域。从listen指令中删除所有“default_server”部分。

举个例子:

server { 
     listen 443 ssl http2; 
     listen [::]:443 ssl http2; 
     server_name app1337.example.com; 

     # SSL configuration 
     # Certificate and key for "app1337.example.com" 
     ssl_certificate  /xxxxxxxxxx.crt; 
     ssl_certificate_key /xxxxxxxxxx.key; 

     # The rest of the ssl stuff is common and can be moved to a shared file and included 
     # in whatever blocks it is needed. 
     include sslcommon.conf; 

     root /home/cleverbots; 
     # Add index.php to the list if you are using PHP 
     index index.html index.htm index.nginx-debian.html; 

     location /static/ { 
       expires 30d; 
       add_header Last-Modified $sent_http_Expires; 
       alias /home/my_first_app/application/static/; 
     } 

     location/{ 
       try_files $uri @tornado; 
     } 

     location @tornado { 
       proxy_set_header Host $host; 
       proxy_set_header X-Real-IP $remote_addr; 
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
       proxy_pass  http://127.0.0.1:1337; 
     } 
} 
server { 
     listen 443 ssl http2; 
     listen [::]:443 ssl http2; 
     server_name app1338.example.com; 

     # SSL configuration 
     # Certificate and key for "app1338.example.com" 
     ssl_certificate  /xxxxxxxxxx.crt; 
     ssl_certificate_key /xxxxxxxxxx.key; 

     # The rest of the ssl stuff is common and can be moved to a shared file and included 
     # in whatever blocks it is needed. 
     include sslcommon.conf; 

     ## This might be different for app1338 
     root /home/cleverbots; 
     # Add index.php to the list if you are using PHP 
     index index.html index.htm index.nginx-debian.html; 

     ## This might be different for app1338 
     location /static/ { 
       expires 30d; 
       add_header Last-Modified $sent_http_Expires; 
       alias /home/my_first_app/application/static/; 
     } 

     location/{ 
       try_files $uri @app1338; 
     } 

     location @app1338 { 
       proxy_set_header Host $host; 
       proxy_set_header X-Real-IP $remote_addr; 
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
       proxy_pass  http://127.0.0.1:1338; 
     } 
}

来源

2016-09-15 17:41:01

+0

非常感谢。我还必须补充说,你必须添加proxy_pass http:// localhost:1338; proxy_http_version 1。1; proxy_set_header升级$ http_upgrade; proxy_set_header连接“升级”; proxy_set_header主机$主机; proxy_set_header主机$主机; proxy_set_header X-Real-IP $ remote_addr; proxy_set_header X-Forwarded-For $ proxy_add_x_forwarded_for; – OWADVL

相关问题

 相关问题