如何在ubuntu 16.04中配置nginx以使用SSL证书

时间:2017-04-20 12:52:49

标签: django ssl nginx encryption

https://www.petercuret.com/how-ssl-encrypt-your-django-heroku-projects-free-lets-encrypt/

这篇关于加密django app的文章是一个很棒的教程。除了最后一个,我完成了大部分过程。 “将安全证书添加到Heroku”,我的是使用Ubuntu 16.04的云服务器。所以它不适应我的服务器。

用Google搜索“Nginx ssl encrypt”,找到了本教程(https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04

我将nginx服务器配置为本教程。完成后,我用“curl https://example.com(my domain”测试了它,它返回“无法连接到example.com端口443:连接被拒绝”

PS:nginx在主机中运行,Django应用程序在docker容器中运行

我的服务器的一些结果:

root@i-atbxncfv:~# sudo ufw status
Status: active

To                         Action      From
--                         ------      ----
Nginx Full                 ALLOW       Anywhere                  
443/tcp                    ALLOW       Anywhere                  
443                        ALLOW       Anywhere                  
22/tcp                     ALLOW       Anywhere                  
Nginx Full (v6)            ALLOW       Anywhere (v6)             
443/tcp (v6)               ALLOW       Anywhere (v6)             
443 (v6)                   ALLOW       Anywhere (v6)             
22/tcp (v6)                ALLOW       Anywhere (v6) 




root@i-atbxncfv:~# sudo ufw app list
Available applications:
  Nginx Full
  Nginx HTTP
  Nginx HTTPS
  OpenSSH


root@i-atbxncfv:~# docker ps -a
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                                                                NAMES
b082bf17c218        e5b11bf09f49        "/usr/sbin/sshd -D"      2 days ago          Up 2 days           0.0.0.0:21->22/tcp, 0.0.0.0:32789->80/tcp, 0.0.0.0:32788->5000/tcp   django_app_1


root@i-atbxncfv:/etc/nginx/sites-enabled# cat example-com.conf
server {
    listen 80;
    server_name example.com;
    location / {
        proxy_set_header   X-Real-IP $remote_addr;
        proxy_set_header   Host      $http_host;
        proxy_pass         http://0.0.0.0:32788;
    }
}


root@i-atbxncfv:/etc/nginx/sites-available# cat default
server {
    listen 80;
    listen [::]:80;
        server_name test.doask.net;
        return 301 https://$server_name$request_uri;
    # SSL configuration
    # listen 443 ssl default_server;
    # listen [::]:443 ssl default_server;
    #
    # include snippets/snakeoil.conf;
}


server {

    # SSL configuration

    listen 443 ssl http2 default_server;
    listen [::]:443 ssl http2 default_server;
    include snippets/ssl-test.doask.net.conf;
    include snippets/ssl-params.conf;

0 个答案:

没有答案
相关问题
最新问题