如何使用uWSGI内部路由将HTTP重定向到HTTPS?

时间:2015-11-12 22:38:38

标签: uwsgi

我已经使用uWSGI部署了一个WSGI应用程序,但I am not using NGINX。如何使用uWSGI's internal routinghttp次请求重定向到https

我尝试了uwsgi --route-uri="^http:\/\/(.+)$ redirect-permanent:https://\$1",但是从uWSGI收到错误:unrecognized option '--route-uri=^https:\/\/(.+)$ redirect-permanent:https://\$1'

6 个答案:

答案 0 :(得分:4)

将http重定向到https,请使用以下配置:

[uwsgi]
; privileged port can only be opened as shared socket
shared-socket = 0.0.0.0:80
shared-socket = 0.0.0.0:443

;enable redirect to https
http-to-https = =0

; enable https, spdy is optional
https2 = addr==1,cert=server.crt,key=server.key,spdy=1
; alternative
; https = =1,server.crt,server.key

; force change of user after binding to ports as root
uid = user
gid = usergroup

; where original app will be running on IP or UNIX socket
socket = 127.0.0.1:8001

module = smthg.wsgi

答案 1 :(得分:3)

如果您的反向代理或负载均衡器将X-Forwarded-Proto标头与请求一起传递,则以下配置将起作用:

[uwsgi]
http-socket = :3031
<... your uwsgi config options here ... >
route-if=equal:${HTTP_X_FORWARDED_PROTO};http redirect-permanent:https://<your_host_name_here>${REQUEST_URI}

某些负载均衡器(例如AWS ELB)会传递此标头automatically

答案 2 :(得分:0)

要建立在Oleg的答案上:要使此工作正常,您需要手动添加一些标头以阻止UWSGI导致ELB出现502错误。 

route-if=equal:${HTTP_X_FORWARDED_PROTO};http addheader:Content-Type: */*; charset="UTF-8"
route-if=equal:${HTTP_X_FORWARDED_PROTO};http addheader:Content-Length: 0  
route-if=equal:${HTTP_X_FORWARDED_PROTO};http redirect-permanent:https://<your_host_name_here>${REQUEST_URI}

要使ELB识别302,您需要手动添加Content-Length和Content-Type标头。即使添加了ELB日志记录,这也不是很明显。

要进行调试,您需要记住实际发送带有curl的X-Forwarded-Proto标头:

curl -v  -H "X-Forwarded-Proto: http" http://localhost:port

答案 3 :(得分:0)

另一个答案。做

[uwsgi]
<... other uwsgi configs ... >
plugins = router_redirect
route-if-not = equal:${HTTPS};on redirect-permanent:https://${HTTP_HOST}${REQUEST_URI}

will force HTTPS for the whole site

已测试

答案 4 :(得分:0)

对于不希望运行nginx的任何人,您可以在此处直接在uWSGI中重定向并强制HTTPS。

[uwsgi]   
master = True
enable-threads = True
thunder-lock = True

shared-socket = :443

https2 = addr==0,cert=yourdomain.crt,key=yourdomain.key,HIGH,spdy=1
http-to-https = 0.0.0.0:80

route-if-not = equal:${HTTPS};on redirect-permanent:https://${HTTP_HOST}${REQUEST_URI}
route-if = equal:${HTTPS};on addheader:Strict-Transport-Security: max-age=31536000; includeSubDomains; preload

经过测试并也可以与docker一起使用(python:3.6.7-alpine3.8) 另外,如果您要调试HTTP请求,则会看到第一个响应标头是301到HTTPS。

然后,如果您再次尝试(在同一浏览器中),则由于启用了HSTS,您会看到307。

[uWSGI] getting INI configuration from uwsgi.ini
*** Starting uWSGI 2.0.17.1 (64bit) on [Fri Dec 21 20:06:47 2018] ***
compiled with version: 6.4.0 on 21 December 2018 20:05:49
os: Linux-3.10.0-514.26.2.el7.x86_64 #1 SMP Tue Jul 4 15:04:05 UTC 2017
nodename: web1
machine: x86_64
clock source: unix
pcre jit disabled
detected number of CPU cores: 4
current working directory: /usr/src/app
detected binary path: /usr/local/bin/uwsgi
*** dumping internal routing table ***
[rule: 0] subject: ${HTTPS};on func: !equal action: redirect-permanent:https://${HTTP_HOST}${REQUEST_URI}
[rule: 1] subject: ${HTTPS};on func: equal action: addheader:Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
*** end of the internal routing table ***
uwsgi shared socket 0 bound to TCP address :443 fd 3
uWSGI running as root, you can use --uid/--gid/--chroot options
*** WARNING: you are running uWSGI as root !!! (use the --uid flag) *** 
chdir() to /usr/src/app
your memory page size is 4096 bytes
detected max file descriptor number: 65536
lock engine: pthread robust mutexes
thunder lock: enabled
uWSGI http bound on :443 fd 3
uWSGI http bound on 0.0.0.0:80 fd 5
uwsgi socket 0 bound to TCP address 127.0.0.1:45870 (port auto-assigned) fd 4
uWSGI running as root, you can use --uid/--gid/--chroot options
*** WARNING: you are running uWSGI as root !!! (use the --uid flag) *** 
Python version: 3.6.7 (default, Dec 21 2018, 03:29:53)  [GCC 6.4.0]
Python main interpreter initialized at 0x7fdf16663b40
uWSGI running as root, you can use --uid/--gid/--chroot options
*** WARNING: you are running uWSGI as root !!! (use the --uid flag) *** 
python threads support enabled
your server socket listen backlog is limited to 100 connections
your mercy for graceful operations on workers is 60 seconds
mapped 364600 bytes (356 KB) for 4 cores
*** Operational MODE: preforking ***
WSGI app 0 (mountpoint='') ready in 1 seconds on interpreter 0x7fdf16663b40 pid: 1 (default app)
uWSGI running as root, you can use --uid/--gid/--chroot options
*** WARNING: you are running uWSGI as root !!! (use the --uid flag) *** 
*** uWSGI is running in multiple interpreter mode ***
spawned uWSGI master process (pid: 1)
spawned uWSGI worker 1 (pid: 18, cores: 1)
spawned uWSGI worker 2 (pid: 19, cores: 1)
spawned uWSGI worker 3 (pid: 20, cores: 1)
spawned uWSGI worker 4 (pid: 21, cores: 1)
spawned uWSGI http 1 (pid: 22)

请注意,它以root身份运行

希望这会有所帮助。

答案 5 :(得分:-1)

对于那些尝试过上述两个答案并且不幸失败的人,请保留uWSGI的内容并添加Nginx CONF:

server {
    listen          80;
    server_name     <your_domain>;
    rewrite ^/(.*)  https://<your_domain>/$1 permanent;
}

我觉得uWSGI在内部路由方面并不那么友好。

相关问题
最新问题