我的机器本地有一个Web项目。我正在为我的前端使用js框架,为后端使用django,它提供了一个API来与前端应用程序进行通信。节点应用程序在端口3000上运行,django在端口8000上运行。两者在我的本地计算机上运行正常。现在我想将其部署用于生产,并希望为反向代理设置Nginx。在过去,我只为django网站设置了nginx作为反向代理,如下所示:
server {
server_name someproject.com www.someproject.com;
location = /favicon.ico { access_log off; log_not_found off; }
location /static/ {
alias /home/someproject/static_cdn/;
}
location / {
include proxy_params;
proxy_pass http://unix:/home/someproject/someproject.sock;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/someproject.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/someproject.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.someproject.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = someproject.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name someproject.com www.someproject.com;
return 404; # managed by Certbot
}
但是,如何使用ssl配置和保护Nginx作为端口3000上运行的前端节点服务器和端口8000上运行的Django的反向代理。我希望我很清楚,如果没有请问。谢谢。
答案 0 :(得分:0)
有很多方法可以构建它,具体取决于您希望节点应用与django应用程序通信的方式。最简单的方法是将nginx配置与 two 单独的server_name配置的配置分开。例如,www.someproject.com => django的节点和api.someproject.com:
server {
server_name www.someproject.com;
location = /favicon.ico { access_log off; log_not_found off; }
location /static/ {
alias /home/someproject/static_cdn/;
}
location / {
include proxy_params;
proxy_pass http://unix:/home/someproject.node/someproject.sock;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/www.someproject.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/www.someproject.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
server_name api.someproject.com;
location = /favicon.ico { access_log off; log_not_found off; }
location / {
include proxy_params;
proxy_pass http://unix:/home/someproject.django/someproject.sock;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/api.someproject.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/api.someproject.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
# redirect someproject.com => www.someproject.com
listen 80;
listen 443 ssl;
server_name someproject.com;
location / {
return 301 https://www.someproject.com$request_uri;
}
}
server {
listen 80;
server_name www.someproject.com api.someproject.com;
# redirect http => https
location / {
return 301 https://$host$request_uri;
}
}
答案 1 :(得分:0)
另一种方法是将两个应用程序放在两个不同的路径下。
location /{
include proxy_params;
proxy_pass http://unix:/home/someproject/django.sock;
}
location /node {
include proxy_params;
proxy_pass http://unix:/home/someproject/node.sock;
}
在这种情况下,您需要调整节点网络应用,以考虑路径现在以node为前缀。