我有一个现成的devpi服务器,它在http://
上运行我需要让它在https://上运行。
我已经拥有该域的证书。
我跟随documentation进行了nginx-site-config的创建,并创建了一个/etc/nginx/conf.d/domain.conf
文件,该文件的server{}
块指向我的证书(以下摘录)。
但是,我的devpi-server --start --init
完全忽略了任何/所有nginx配置。
我如何指向devpi服务器使用nginx配置?甚至有可能,还是我完全忘记了要点?
/etc/nginx/conf.d/domain.conf
文件内容:
server {
server_name localhost $hostname "";
listen 8081 ssl default_server;
listen [::]:8081 ssl default_server;
server_name domain;
ssl_certificate /root/certs/domain/domain.crt;
ssl_certificate_key /root/certs/domain/domain.key;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH;
gzip on;
gzip_min_length 2000;
gzip_proxied any;
gzip_types application/json;
proxy_read_timeout 60s;
client_max_body_size 64M;
# set to where your devpi-server state is on the filesystem
root /root/.devpi/server;
# try serving static files directly
location ~ /\+f/ {
# workaround to pass non-GET/HEAD requests through to the named location below
error_page 418 = @proxy_to_app;
if ($request_method !~ (GET)|(HEAD)) {
return 418;
}
expires max;
try_files /+files$uri @proxy_to_app;
}
# try serving docs directly
location ~ /\+doc/ {
try_files $uri @proxy_to_app;
}
location / {
# workaround to pass all requests to / through to the named location below
error_page 418 = @proxy_to_app;
return 418;
}
location @proxy_to_app {
proxy_pass https://localhost:8081;
proxy_set_header X-outside-url $scheme://$host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto https;
}
}
答案 0 :(得分:0)
这是我在superuser上对相同问题的回答。
Devpi对Nginx一无所知,它将仅提供HTTP流量。当我们想通过HTTPS与Web应用程序进行交互时,作为客户端,我们需要与可以处理它的前端(Nginx)进行通信,该前端又将与我们的Web应用程序进行通信。 Nginx的这种应用称为reverse proxy。作为反向代理,我们还可以从Nginx的能力中受益,该能力比让我们的Web应用程序自己完成更有效地提供静态文件(因此,“尝试服务...” 位置块)。>
这是我用于devpi的完整的Nginx配置。请注意,这是/etc/nginx/nginx.conf
文件,而不是像您这样的域配置,因为我正在docker中使用compose在docker中运行Nginx和Devpi,但是您应该能够提取所需的内容:
worker_processes 1;
events {
worker_connections 1024;
}
http {
# Define the location for devpi
upstream pypi-backend {
server localhost:8080;
}
# Redirect HTTP to HTTPS
server {
listen 80;
listen [::]:80;
server_name _;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name example.co.uk; # This is the accessing address eg. https://example.co.uk
root /devpi/server; # This is where your devpi server directory is
gzip on;
gzip_min_length 2000;
gzip_proxied any;
proxy_read_timeout 60s;
client_max_body_size 64M;
ssl_certificate /etc/nginx/certs/cert.crt; Path to certificate
ssl_certificate_key /etc/nginx/certs/cert.key; Path to certificate key
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/pypi.access.log;
# try serving static files directly
location ~ /\+f/ {
error_page 418 = @pypi_backend;
if ($request_method !~ (GET)|(HEAD)) {
return 418;
}
expires max;
try_files /+files$uri @pypi_backend;
}
# try serving docs directly
location ~ /\+doc/ {
try_files $uri @pypi_backend;
}
location / {
error_page 418 = @pypi_backend;
return 418;
}
location @pypi_backend {
proxy_pass http://pypi-backend; # Using the upstream definition
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-outside-url $scheme://$host:$server_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
}
}
使用Nginx使用此配置并在http://localhost:8080
上运行devpi时,您应该能够访问https://localhost
或使用具有适当DNS https://example.co.uk
的计算机。请求将是:
client (HTTPS) > Nginx (HTTP) > devpi (HTTP) > Nginx (HTTPS) > client
这也意味着您将需要确保Nginx正在运行,因为devpi start不会更好。您至少应该看到一个Nginx欢迎页面。