Question

堆栈：React，NGINX 1.14.0，GUnicorn，Django 2.2.8，Python 3.6.9

错误：

：当React调用Django API（当然在请求标头中使用Origin）时，约30秒后，浏览器控制台会发生CORS错误。在浏览器控制台上的
：CORS策略已阻止从来源“ https：// mydomain”访问“ https：// mydomain：8000 / something /”处的XMLHttpRequest：无“ Access-Control-Allow-Origin”标头出现在请求的资源上。
另外，HTTP状态代码是502 Bad Gateway。
：SSL握手中的对等封闭连接，而SSL握手到上游时，客户端：某物，服务器：mydomain，请求：“ GET / something / HTTP / 1.1”，上游：“ https：// unix：/ home / ubuntu / django_path / gunicorn.sock：/ something /“，主机：” mydomain：8000“，引荐来源网址：” https：// mydomain / something“。客户端等待请求时客户端超时（110：连接超时），客户端：某些东西，服务器：0.0.0.0：443
在GUnicorn：[严重]工作人员超时
在Django上：我编码为查看日志，但未打印日志。

Conf ：

NGINX：

server {
    listen 80;
    server_name mydomain;

    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl;
    server_name mydomain;

    error_log /var/log/nginx/error.log debug;

    ssl_certificate /etc/letsencrypt/live/mydomain/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/mydomain/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    location / {
        root /home/ubuntu/react_path/build;
        index index.html index.htm;
        try_files $uri $uri/ /index.html;
    }
}

server {
    listen 8000 ssl;
    server_name mydomain;

    ssl_certificate /etc/letsencrypt/live/mydomain/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/mydomain/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    charset utf-8;

    location / {
        include proxy_params;
        proxy_pass https://unix:/home/ubuntu/django_path/gunicorn.sock;
    }

    location /static/ {
        alias /home/ubuntu/django_path/static/;
    }

    location /media/ {
        alias /home/ubuntu/django_path/media/;
    }
}

GUnicorn：

[Unit]
Description=gunicorn daemon
After=network.target

[Service]
User=ubuntu
Group=www-data
WorkingDirectory=/home/ubuntu/django_path
ExecStart=/home/ubuntu/VENV/bin/gunicorn --workers 3 --bind unix:/home/ubuntu/django_path/gunicorn.sock api.wsgi:application

[Install]
WantedBy=multi-user.target

Django：

CORS_ALLOWED_ORIGINS = [
    'https://mydomain',
]

有一些问题，但是我认为发生CORS错误是因为流量没有到达Django，甚至GUnicorn也没有。

所以也许我换了NGINX conf。你有什么想法我该如何解决？

Answer 1

继续后，我找到了解决方法。

https://serverfault.com/questions/746297/how-to-run-gunicorn-upstream-with-an-nginx-ssl-configuration
很有帮助。

下面是NGINX的conf。

import socket, time

ip = ('127.0.0.1', 12345)    # local machine
conecttion = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

conecttion.connect(ip)

while True:
    data = conecttion.recv(1024)
    
    if data and chr(data[0]) == 'q':
        break
        
    print(data)

conecttion.close()

下面是GUnicorn的conf。

upstream gunicorn {
    server 127.0.0.1:8080;
}

server {
    listen 80;
    server_name mydomain;

    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl;
    server_name mydomain;

    ...
}

server {
    listen 8000 ssl;
    server_name mydomain;

    ...

    location / {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $host;
        proxy_pass http://gunicorn;
    }
    ...
}

NGINX-SSL握手中的闭合连接，同时与上游进行SSL握手

1 个答案: