我有一个功能齐全的网站,我转换为使用https://使用let-encrypt free certbot使用https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04上的教程。现在应用这个后我的django网址的视图和静态文件都没有工作,我得到503服务暂时不可用的错误页面,有时会在重新加载页面时消失,但静态文件不会加载
我已尝试过从各种论坛找到上述问题的所有解决方案,但我无法让它工作,可能是因为我是https安全网站的新手。求助
提前感谢你:)
nginx设置文件 - (/ etc / nginx / sites-available / default)
limit_conn_zone $binary_remote_addr zone=addr:10m;
limit_req_zone $binary_remote_addr zone=one:10m rate=30r/m;
server {
server_name bits-bosm.ml www.bits-bosm.ml;
location = /favicon.ico { access_log off; log_not_found off; }
location /static/ {
root /home/sammy/regsoft/regsoft;
expires max;
}
location / {
include proxy_params;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://unix:/home/sammy/regsoft/regsoft/regsoft.sock;
limit_req zone=one;
limit_conn addr 10;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/bits-bosm.ml/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/bits-bosm.ml/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
gzip on;
gzip_comp_level 5;
gzip_min_length 256;
gzip_proxied any;
gzip_vary on;
location ~* \.(ico|css|js|svg)$ {
expires 7d;
}
}
server {
if ($host = www.bits-bosm.ml) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = bits-bosm.ml) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name bits-bosm.ml www.bits-bosm.ml;
return 404; # managed by Certbot
}
server {
listen 80;
listen [::]:80;
server_name bits-bosm.ml www.bits-bosm.ml;
return 301 https://www.bits-bosm.ml$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /etc/letsencrypt/live/bits-bosm.ml/fullchain.pem; # managed$
ssl_certificate_key /etc/letsencrypt/live/bits-bosm.ml/privkey.pem; # manag$
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
server_name bits-bosm.ml;
add_header Strict-Transport-Security "max-age=31536000" always;
return 301 https://www.$server_name$request_uri;
}
django settings.py具有以下配置: -
MIDDLEWARE_CLASSES = [
'django.middleware.cache.UpdateCacheMiddleware',
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
'djangosecure.middleware.SecurityMiddleware',
'django.middleware.cache.FetchFromCacheMiddleware',
` ]
TEMPLATES = [
{
'BACKEND': 'django.template.backends.django.DjangoTemplates',
'DIRS': [os.path.join(BASE_DIR, 'templates')],
'APP_DIRS': True,
'OPTIONS': {
'context_processors': [
'django.template.context_processors.debug',
'django.template.context_processors.request',
'django.contrib.auth.context_processors.auth',
'django.template.context_processors.i18n',
'django.template.context_processors.media',
'django.template.context_processors.static',
'django.template.context_processors.tz',
'django.contrib.messages.context_processors.messages',
],
},
},
]
SECURE_SSL_REDIRECT = True
SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True
SECURE_HSTS_SECONDS = 31536000
SESSION_EXPIRE_AT_BROWSER_CLOSE = True
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
SECURE_HSTS_INCLUDE_SUBDOMAINS = True
STATIC_URL = 'https://www.bits-bosm.ml/static/'
STATIC_ROOT = os.path.join(BASE_DIR, 'static')
Ps:我在certbot设置期间选择了选项2,如下所示(如果有帮助的话) -
Please choose whether or not to redirect HTTP traffic to HTTPS,
removing HTTP access.
----------------------------------------------------------------------
---------
1: No redirect - Make no further changes to the webserver
configuration.
2: Redirect - Make all requests redirect to secure HTTPS access.
Choose this for
new sites, or if you're confident your site works on HTTPS. You can
undo this
change by editing your web server's configuration.
----------------------------------------------------------------------
---------
Select the appropriate number [1-2] then [enter] (press 'c' to
cancel):
更新: 我的nginx错误日志显示nginx正在尝试从
中查找静态文件 "/usr/share/nginx/html/static/main/fonts.css" failed (2: No such file or directory),
"/usr/share/nginx/html/static/pcradmin/js/jquery.js" failed (2: No such file or directory)