将Nginx设置为Nodejs和Django

时间:2018-03-05 19:31:17

标签: node.js django nginx gunicorn

我的机器本地有一个Web项目。我正在为我的前端使用js框架,为后端使用django,它提供了一个API来与前端应用程序进行通信。节点应用程序在端口3000上运行,django在端口8000上运行。两者在我的本地计算机上运行正常。现在我想将其部署用于生产,并希望为反向代理设置Nginx。在过去,我只为django网站设置了nginx作为反向代理,如下所示:

server {
    server_name someproject.com www.someproject.com;

    location = /favicon.ico { access_log off; log_not_found off; }
    location /static/ {
        alias /home/someproject/static_cdn/;
    }

    location / {
        include proxy_params;
        proxy_pass http://unix:/home/someproject/someproject.sock;
    }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/someproject.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/someproject.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

server {
    if ($host = www.someproject.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    if ($host = someproject.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    listen 80;
    server_name someproject.com www.someproject.com;
    return 404; # managed by Certbot
}

但是,如何使用ssl配置和保护Nginx作为端口3000上运行的前端节点服务器和端口8000上运行的Django的反向代理。我希望我很清楚,如果没有请问。谢谢。

2 个答案:

答案 0 :(得分:0)

有很多方法可以构建它,具体取决于您希望节点应用与django应用程序通信的方式。最简单的方法是将nginx配置与 two 单独的server_name配置的配置分开。例如,www.someproject.com => django的节点和api.someproject.com:

server {
    server_name www.someproject.com;

    location = /favicon.ico { access_log off; log_not_found off; }
    location /static/ {
        alias /home/someproject/static_cdn/;
    }

    location / {
        include proxy_params;
        proxy_pass http://unix:/home/someproject.node/someproject.sock;
    }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/www.someproject.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/www.someproject.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

server {
    server_name api.someproject.com;

    location = /favicon.ico { access_log off; log_not_found off; }
    location / {
        include proxy_params;
        proxy_pass http://unix:/home/someproject.django/someproject.sock;
    }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/api.someproject.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/api.someproject.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

server {
    # redirect someproject.com => www.someproject.com
    listen 80;
    listen 443 ssl;
    server_name someproject.com;
    location / {
        return 301 https://www.someproject.com$request_uri;
    }
}    

server {
    listen 80;
    server_name www.someproject.com api.someproject.com;
    # redirect http => https
    location / {
        return 301 https://$host$request_uri;
    }
}

答案 1 :(得分:0)

另一种方法是将两个应用程序放在两个不同的路径下。

location /{
    include proxy_params;
    proxy_pass http://unix:/home/someproject/django.sock;
}

location /node {
    include proxy_params;
    proxy_pass http://unix:/home/someproject/node.sock;
}

在这种情况下,您需要调整节点网络应用,以考虑路径现在以node为前缀。