如何实施Nginx' Service Unavailable'用SSL?

时间:2017-02-21 16:22:40

标签: django ssl nginx

最近我转换了我的Nginx / Gunicorn / Django网站' mysite' SSL和SSL连接完美运行。使用以前的非SSL版本的站点,我在我的Nginx配置文件中创建了一些指令,当我进行维护并且它正常工作时,该指令限制了对站点的访问。但是,现在我已将网站转换为SSL,这些指令不再有效,我无法弄清楚原因。重写命令有问题吗?这是我的配置文件:

# /etc/nginx/sites-available/mysite.conf
server_tokens off;

upstream mysite_server {
    server 127.0.0.1:8000 fail_timeout=0;
}

server {
    server_name web01.mysite.com;
    listen 80;
    return 301 https://web01.mysite.com$request_uri;
}

server {
    server_name web01.mysite.com;
    listen 443 ssl;
    ssl_certificate /srv/ssl/mysite.com/ssl-bundle.crt;
    ssl_certificate_key /srv/ssl/mysite.com/mysite.com.key;
    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:50m;
    ssl_session_tickets off;
    ssl_dhparam /srv/ssl/mysite.com/dhparam.pem;
    ssl_ciphers '<ciphers are here>';
    ssl_prefer_server_ciphers on;
    add_header Strict-Transport-Security "max-age=15768000; includeSubDomains;";
    ssl_stapling on;
    ssl_stapling_verify on;

    client_max_body_size 4G;
    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;

    location / {
        root /srv/http/mysite.com/repo;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto https;
        proxy_set_header Host $http_host;
        proxy_redirect off;

        if (!-f $request_filename) {
            proxy_pass http://mysite_server;
            break;
        }
    }

    location /static/ {
        proxy_pass http://<file_server_ip_addr>;
    }
    location /media/ {
        proxy_pass http://<file_server_ip_addr>;
    }

    ### START 503 SERVICE UNAVAILABLE BLOCK ###
    # Uncomment directives to invoke "503 Service Temporarily 
    # Unavailable" page

    # Uncomment this conditional to limit access to all IP addresses
#    if (-f $document_root/templates/503.html) {
#        return 503;
#    }
#    error_page 503 @maintenance;
#    location @maintenance {
#        rewrite ^(.*)$ /templates/503.html break;
#    }

    # Uncomment this conditional to limit access to a specific IP.
    # Look up the IP using a site like whatismyip.com.
#    if ($remote_addr != "<specific_ip>") {
#        return 503;
#    }
#    error_page 503 @maintenance;
#    location @maintenance {
#        rewrite ^(.*)$ /templates/503.html break;
#    }
    ### END 503 SERVICE UNAVAILABLE BLOCK ###
}

1 个答案:

答案 0 :(得分:0)

您的root声明不在范围内。你应该把它移到location /区块之外。

root /srv/http/mysite.com/repo;
location / { ... }
...
if (-f $document_root/templates/503.html) { return 503; }
...

有关详情,请参阅this document

相关问题
最新问题