Nginx反向代理与Gunicorn的处理方式不同

Question

我们有一个Django项目，该项目使用Nginx和Gunicorn反向代理设置进行生产。除了一个小细节，一切似乎都可以正常工作。浏览器以某种方式“将”以下地址视为不同的会话。

假设我使用example.com地址登录该站点。 然后，如果我访问https://www.example.com，浏览器将看不到用户已登录。

我访问www.example.com时，从Nginx的浏览器中收到404错误。

我怀疑这与Nginx或Gunicorn的设置方式有关。感谢您提供有关如何解决此差异的帮助。

Nginx配置：

server {

    root /home/example/mysite;

    # Add index.php to the list if you are using PHP
    index index.html index.htm;

    server_name example.com www.example.com;
    client_max_body_size 512M;
    location /static/ {
        alias /home/example/mysite/static/;
        expires 30d;
        add_header Vary Accept-Encoding;
        access_log off;
    }
    location /media {
        alias /home/example/mysite/media/;
        expires 30d;
        add_header Vary Accept-Encoding;
        access_log off;
    }
    location / {
        # try_files $uri $uri/ =404;
        proxy_pass http://127.0.0.1:8080;
        proxy_set_header Host $server_name;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Protocol $scheme;
        proxy_connect_timeout       6000;
        proxy_send_timeout          6000;
        proxy_read_timeout          6000;
        send_timeout                6000;
    }
    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /home/ubuntu/ssl/example_com_chain.crt;
    ssl_certificate_key /home/ubuntu/ssl/server.key;
    #include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    #ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

server {
    if ($host = example.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    listen 80 default_server;
    listen [::]:80 default_server;

    server_name example.com www.example.com;
    return 404; # managed by Certbot
}

Answer 1

重定向

http://www.example.com
http://example.com
https://www.example.com

到

https://example.com

您需要像这样对nginx vhost配置文件进行更改：

# Resirect 'http www' and 'http non-www' traffic to 'https non-www'
server {

    listen 80;
    server_name example.com  www.example.com;
    return  301 https://example.com$request_uri;

}

# Resirect 'https www' traffic to 'https non-www'
server {

    listen 443 ssl;
    server_name www.example.com;
    return  301 https://example.com$request_uri;

}

# https://example.com
server {

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot

    server_name example.com;

    root /home/example/mysite;

    # Add index.php to the list if you are using PHP
    index index.html index.htm;

    client_max_body_size 512M;
    location /static/ {
        alias /home/example/mysite/static/;
        expires 30d;
        add_header Vary Accept-Encoding;
        access_log off;
    }
    location /media {
        alias /home/example/mysite/media/;
        expires 30d;
        add_header Vary Accept-Encoding;
        access_log off;
    }
    location / {
        # try_files $uri $uri/ =404;
        proxy_pass http://127.0.0.1:8080;  # HERE review this line it should be the server IP not localhost
        proxy_set_header Host $server_name;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Protocol $scheme;
        proxy_connect_timeout       6000;
        proxy_send_timeout          6000;
        proxy_read_timeout          6000;
        send_timeout                6000;
    }

    ssl_certificate /home/ubuntu/ssl/example_com_chain.crt;
    ssl_certificate_key /home/ubuntu/ssl/server.key;
    # include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    # ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

此主题可能会为您https://www.digitalocean.com/community/questions/redirecting-https-www-domain-to-non-www-domain-with-nginx（我的回答基于）

并在您的settings.py中：

ALLOWED_HOSTS = [
    'example.com',  # https non-www
]

# SESSION_COOKIE_SECURE = True
# CSRF_COOKIE_SECURE = True

有关更多详细信息，请参见

• https://docs.djangoproject.com/en/3.1/topics/security/#ssl-https
• https://security.stackexchange.com/questions/8964/trying-to-make-a-django-based-site-use-https-only-not-sure-if-its-secure?newreg=bf8583d7f6d34236b7c6cbfb0fe315b4