Nginx https反向代理无限循环

时间:2015-10-12 09:17:42

标签: redirect nginx flask gunicorn supervisord

这是我的网站可用的烧瓶应用程序的nginx配置

server {
    listen                     80;
    server_name                _;
    access_log                 /var/log/nginx/nginx_access.log;
    error_log                  /var/log/nginx/nginx_error.log;
    rewrite ^ https://$http_host$request_uri? permanent;
}

server {
    listen                     443;
    server_name                _;
    access_log                 /var/log/nginx/nginx_access.log;
    error_log                  /var/log/nginx/nginx_error.log;

    ssl                        on;
    ssl_certificate            /etc/nginx/ssl/<redacted>.pem;
    ssl_certificate_key        /etc/nginx/ssl/<redacted>.key;
    ssl_session_timeout        5m;
    ssl_protocols              TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers                "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
    ssl_prefer_server_ciphers  on;

    location / {
        proxy_pass             http://127.0.0.1:5000;
        proxy_redirect         off;
        proxy_set_header       Host $host;
        proxy_set_header       X-Real-IP $remote_addr;
        proxy_set_header       X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header       X-Forwarded-Proto $scheme;
        }
}

我已经完成了这些问题 Nginx configuration leads to endless redirect loop  和nginx redirect loop with ssl。我似乎已经在其中指定了配置。

修改

Flask应用程序通过gunicorn / supervisord运行

Supervisor config.conf

[program:config]
command=/usr/local/bin/gunicorn run:app --config /etc/gunicorn/gunicorn.conf --preload
directory=/srv/<application>
autostart=true
autorestart=true
startretries=10
stderr_logfile = /var/log/supervisord/<application>-stderr.log
stdout_logfile = /var/log/supervisord/<application>-stdout.log
user=root

Gunicorn gunicorn.conf

bind = '0.0.0.0:5000'
backlog = 2048
workers = 3
worker_class = 'sync'
worker_connections = 1000
timeout = 30
keepalive = 2
accesslog='/var/log/gunicorn/gunicorn_access.log'
errorlog='/var/log/gunicorn/gunicorn_error.log'
pidfile = '/tmp/gunicorn.pid'
loglevel = 'debug'

烧瓶应用

run.py

from app import app
from app import views

if __name__ == '__main__':
    app.run(host='0.0.0.0', debug=True)

view.py

from app import app, session
from flask import render_template, json, jsonify
import datetime



@app.route("/hello/")
def render_templates():
    return render_template("display.html")

(... other code ..)

注意:我在烧瓶应用程序前面有一个ELB。 80和443个端口是开放的。

输入:https://example.com/hello/输出:重定向循环

任何帮助将不胜感激。谢谢。

1 个答案:

答案 0 :(得分:0)

我确实弄明白了这个问题。

nginx配置应该是

server {
    listen                     80;
    server_name                _;
    access_log                 /var/log/nginx/nginx_access.log;
    error_log                  /var/log/nginx/nginx_error.log;

    location / {
        proxy_pass             http://127.0.0.1:5000;
        proxy_set_header       Host $host;
        proxy_set_header       X-Real-IP $remote_addr;
        proxy_set_header       X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}

由于ELB将HTTPS加密卸载到HTTP请求,我之前的配置是将所有HTTP请求重定向到HTTPS。