我想要完成的事情。 在https上有一个域名。校验。它使用以下配置正常工作。烧瓶app在端口1337上运行 - > nginx接受它 - >通过https提供服务。一切都很好用
现在我想在1338端口运行另一个应用程序,让我们说。但是如果我这样做,浏览器(chrome)会自动将其重定向到https。 我想:http://domain.com:1338 ....运行正常 我得到:https://domain.com:1338 ...错误证书
我的问题是:如何让其他应用(在端口1338上)使用https://或使用http://
这是我的配置......
server {
listen 80 default_server;
listen [::]:80 default_server;
root /home/cleverbots;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name _;
# SSL configuration
#
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
ssl_certificate /xxxxxxxxxx.crt;
ssl_certificate_key /xxxxxxxxxx.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_ecdh_curve secp384r1;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
# Disable preloading HSTS for now. You can use the commented out header line that includes
# the "preload" directive if you understand the implications.
#add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
ssl_dhparam /xxxxxx/dhparam.pem;
location /static/ {
expires 30d;
add_header Last-Modified $sent_http_Expires;
alias /home/my_first_app/application/static/;
}
location / {
try_files $uri @tornado;
}
location @tornado {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:1337;
}
}
答案 0 :(得分:2)
您的问题的答案取决于您希望用户体验到底是什么。
据我了解您的目标,您只有一个域名(example.com)。您的第一个应用(我将称之为app1337
)正在端口1337上运行,您可以在https://example.com/的浏览器中访问。现在,您要添加另一个您希望能够在https://example.com:1338/访问的应用(app1338
)。这里的问题是只有一个服务可以在给定接口上的给定端口上运行。这可以工作,但意味着您必须非常小心,以确保您的烧瓶应用仅侦听环回(127.0.0.1)并且Nginx仅侦听您的以太网接口。如果没有,您将得到“套接字已在使用中”错误。我会建议在Nginx中使用其他类似8338的东西来避免这种混淆。
我能看到的最快解决方案是完全保留现有服务器块。复制整个事物,并在新的块中:
listen 443
行更改为要在浏览器中使用的端口
(8338)。listen 80
行,或者,如果要在ssl和non-ssl上同时提供应用,请将端口更改为要使用的非ssl端口。proxy_pass
行更改为指向您的第二个烧瓶应用。与Keenan一样,我建议您使用子域来对流量进行排序。像https://app1337.example.com/和https://app1338.example.com/之类的东西可以带来更好的用户体验。为此,请复制上述服务器块,但这次使端口保持不变,但更改每个块中的“server_name”指令以匹配域。从listen指令中删除所有“default_server”部分。
举个例子:
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name app1337.example.com;
# SSL configuration
# Certificate and key for "app1337.example.com"
ssl_certificate /xxxxxxxxxx.crt;
ssl_certificate_key /xxxxxxxxxx.key;
# The rest of the ssl stuff is common and can be moved to a shared file and included
# in whatever blocks it is needed.
include sslcommon.conf;
root /home/cleverbots;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
location /static/ {
expires 30d;
add_header Last-Modified $sent_http_Expires;
alias /home/my_first_app/application/static/;
}
location / {
try_files $uri @tornado;
}
location @tornado {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:1337;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name app1338.example.com;
# SSL configuration
# Certificate and key for "app1338.example.com"
ssl_certificate /xxxxxxxxxx.crt;
ssl_certificate_key /xxxxxxxxxx.key;
# The rest of the ssl stuff is common and can be moved to a shared file and included
# in whatever blocks it is needed.
include sslcommon.conf;
## This might be different for app1338
root /home/cleverbots;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
## This might be different for app1338
location /static/ {
expires 30d;
add_header Last-Modified $sent_http_Expires;
alias /home/my_first_app/application/static/;
}
location / {
try_files $uri @app1338;
}
location @app1338 {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:1338;
}
}