基于https的Django Cookiecutter

Question

现在已经超过4个小时了，我无法让我的nginx服务器使用我的Django应用程序的SSL证书。

这是我的nginx.conf：

user  nginx;
worker_processes  1;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;

    upstream app {
        server django:5000;
    }

    server {
        listen                  80;
        server_name             www.example.com;
        rewrite ^/(.*)          https://www.example.com/$1 permanent;
    }

    server {
        listen                  443 ssl;
        server_name             www.example.com;
        charset                 utf-8;

        ssl                     on;
        ssl_certificate         /etc/nginx/ssl/1_www.example.com_bundle.crt;
        ssl_certificate_key     /etc/nginx/ssl/example_rsa.key;

        location / {
            try_files           $uri                    @proxy_to_app;
        }

        location @proxy_to_app {
            proxy_pass          http://app;
            proxy_redirect      off;

            proxy_set_header    X-Forwarded-Proto       $scheme;
            proxy_set_header    X-Forwarded-For         $proxy_add_x_forwarded_for;
            proxy_set_header    X-Real-IP               $remote_addr;
            proxy_set_header    Host                    $http_host;
        }

    }
}

我确实设法将所有http流量重定向到https，但当我访问https://www.example.com时，我得到了一个漂亮的ERR_CONNECTION_REFUSED。

在我的Django应用程序中，我能想到的唯一相关部分是：

SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')

但我确实认为问题出在nginx级别。我正在使用pydanny的Django Cookiecutter。可以在here中找到未经修改的nginx.conf文件。我确实编辑了Dockerfile文件来ADD我的证书。

谢谢!

Answer 1

这是我在这种情况下使用的conf文件。您可能想要比较或遵循相同的方法：

# nginx config file for example.com

upstream django {
    server                  unix:/srv/www/app/run/app.sock;
}


server {
    listen                  80 default_server;
    server_name             example.com www.example.com;
    return                  301 https://example.com$request_uri;
}


server {
    listen                  443 ssl;
    server_name             www.example.com;
    ssl_certificate         /etc/nginx/ssl/app.crt;
    ssl_certificate_key     /etc/nginx/ssl/app.key;
    return                  301 https://example.com$request_uri;
}

server {
    listen                  443 ssl;
    server_name             example.com;
    ssl_certificate         /etc/nginx/ssl/app.crt;
    ssl_certificate_key     /etc/nginx/ssl/app.key;
    proxy_set_header        X-Forwarded-Protocol $scheme;
    add_header              Strict-Transport-Security "max-age=31536000";
    charset                 utf-8;

    gzip on;
    gzip_disable "msie6";

    gzip_vary on;
    gzip_proxied any;
    gzip_comp_level 6;
    gzip_buffers 16 8k;
    gzip_http_version 1.1;
    gzip_min_length 256;
    gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/vnd.ms-fontobject application/x-font-ttf font/opentype image/svg+xml image/x-icon;

    location /media  {
        alias               /srv/www/app/app/media;
    }

    location /static {
        alias               /srv/www/app/app/collected_static;
    }

    location / {
        uwsgi_pass  django;
        include             /srv/www/app/run/uwsgi_params;
    }

    location /api/v1/app/upload {
        uwsgi_max_temp_file_size    1M;
    }

    location /favicon.ico {
        alias               /srv/www/app/app/collected_static/img/favicon.ico;
    }
}

在django方面，仅针对生产环境，我这样做：

# SSL
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTOCOL', 'https')
SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True

就这样!