我想通过保留代理访问我的应用程序(最终):
请求 - > Apache - > gunicorn - >烧瓶
在读完大量线程并花费数小时后,我的实际apache配置是:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName app.%my domain name%.com
ProxyPreserveHost On
SSLProxyEngine On
ProxyPass / http://flask-server:8000/
ProxyPassReverse / http://flask-server:8000/
SSLCertificateFile /etc/letsencrypt/live/app.%my domain name%.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/app.%my domain name%.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
我正在使用flask fixproxy,因为它应该已经解决了问题。但事实并非如此:
[...]
from werkzeug.contrib.fixers import ProxyFix
login = LoginManager()
login.login_view = 'auth.login'
login.login_message = _l('Please log in to access this page.')
mail = Mail()
bootstrap = Bootstrap()
def create_app(config_class=Config):
app = Flask(__name__)
app.wsgi_app = ProxyFix(app.wsgi_app)
app.config.from_object(config_class)
[...]
我添加到所有正常工作的url_for _external=True, _scheme='https',但应用程序仍在我无法添加此属性的某些地方(例如,当我未登录时)转发给http。
我做了两张支票: 1)
curl -Ik https://app.%my domain name%.com
HTTP/1.1 302 FOUND
Date: Thu, 19 Apr 2018 22:07:31 GMT
Server: gunicorn/19.7.1
Content-Type: text/html; charset=utf-8
Content-Length: 247
Location: http://app.%my domain name%.com/auth/login?next=%2F
Set-Cookie: session=...
HttpOnly; Path=/
2)
curl -Ik -H "X-Forwarded-Proto: https" https://app.%my domain name%.com
HTTP/1.1 302 FOUND
Date: Thu, 19 Apr 2018 22:07:22 GMT
Server: gunicorn/19.7.1
Content-Type: text/html; charset=utf-8
Content-Length: 247
Location: https://app.%my domain name%.com/auth/login?next=%2F
Set-Cookie: session=...
HttpOnly; Path=/
似乎更像是一个apache问题。我的错误在哪里?
答案 0 :(得分:0)
感谢curl输出,我发现了问题所在:
RequestHeader set X-Forwarded-Proto "https"
会解决它。 别忘了启用它(就像我一样):
a2enmod headers