现在稍微超过4个小时,我无法让我的nginx服务器使用我的Django应用程序的SSL证书。
这是我的nginx.conf:
http我确实设法将所有https流量重定向到https://www.example.com,但当我访问ERR_CONNECTION_REFUSED时,我得到了一个漂亮的SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
。
我在Django应用程序中可以想到的唯一相关部分是:
ADD但我确实认为问题出在nginx级别。我在Django Cookiecutter使用pydanny。可以找到未修改的nginx.conf文件here。我确实将Dockerfile编辑为{{1}}我的证书。
谢谢!
答案 0 :(得分:0)
这是我用于该案例的conf文件。您可能想要比较或遵循相同的方法:
# nginx config file for example.com
upstream django {
server unix:/srv/www/app/run/app.sock;
}
server {
listen 80 default_server;
server_name example.com www.example.com;
return 301 https://example.com$request_uri;
}
server {
listen 443 ssl;
server_name www.example.com;
ssl_certificate /etc/nginx/ssl/app.crt;
ssl_certificate_key /etc/nginx/ssl/app.key;
return 301 https://example.com$request_uri;
}
server {
listen 443 ssl;
server_name example.com;
ssl_certificate /etc/nginx/ssl/app.crt;
ssl_certificate_key /etc/nginx/ssl/app.key;
proxy_set_header X-Forwarded-Protocol $scheme;
add_header Strict-Transport-Security "max-age=31536000";
charset utf-8;
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_min_length 256;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/vnd.ms-fontobject application/x-font-ttf font/opentype image/svg+xml image/x-icon;
location /media {
alias /srv/www/app/app/media;
}
location /static {
alias /srv/www/app/app/collected_static;
}
location / {
uwsgi_pass django;
include /srv/www/app/run/uwsgi_params;
}
location /api/v1/app/upload {
uwsgi_max_temp_file_size 1M;
}
location /favicon.ico {
alias /srv/www/app/app/collected_static/img/favicon.ico;
}
}
在django方面,仅针对生产环境,我这样做:
# SSL
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTOCOL', 'https')
SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True
那就是它!