如何使用https为devpi提供服务?
我在http://上运行了一个开箱即用的devpi-server
我需要让它在https://上工作。
我已经有了域的证书。
我按照nginx-site- documentation的配置创建了/etc/nginx/conf.d/domain.conf文件,该文件包含指向我的证书的server{}块(摘录如下)。
然而,我的devpi-server --start --init完全忽略了任何/所有的nginx配置。如何让devpi-server使用nginx配置?这是可能的吗,还是我完全误解了重点?
/etc/nginx/conf.d/domain.conf文件内容:
server {
server_name localhost $hostname "";
listen 8081 ssl default_server;
listen [::]:8081 ssl default_server;
server_name domain;
ssl_certificate /root/certs/domain/domain.crt;
ssl_certificate_key /root/certs/domain/domain.key;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH;
gzip on;
gzip_min_length 2000;
gzip_proxied any;
gzip_types application/json;
proxy_read_timeout 60s;
client_max_body_size 64M;
# set to where your devpi-server state is on the filesystem
root /root/.devpi/server;
# try serving static files directly
location ~ /\+f/ {
# workaround to pass non-GET/HEAD requests through to the named location below
error_page 418 = @proxy_to_app;
if ($request_method !~ (GET)|(HEAD)) {
return 418;
}
expires max;
try_files /+files$uri @proxy_to_app;
}
# try serving docs directly
location ~ /\+doc/ {
try_files $uri @proxy_to_app;
}
location / {
# workaround to pass all requests to / through to the named location below
error_page 418 = @proxy_to_app;
return 418;
}
location @proxy_to_app {
proxy_pass https://localhost:8081;
proxy_set_header X-outside-url $scheme://$host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto https;
}
}回答 1
Stack Overflow用户
发布于 2019-05-29 14:47:17
这是我在上对相同问题的回答。
Devpi对Nginx一无所知,它只服务于HTTP流量。当我们想要通过HTTPS与web-app交互时,作为客户端,我们需要与一个可以处理它的前端(Nginx)进行对话,该前端将反过来与我们的web-app进行通信。Nginx的这个应用程序被称为reverse proxy。作为一个反向代理,我们还可以从Nginx提供静态文件服务的能力中获益,这比让我们的web应用程序自己提供服务更有效(因此有了“尝试服务...”位置块)。
下面是我在devpi中使用的一个完整的Nginx配置。请注意,这是/etc/nginx/nginx.conf文件,而不是像你这样的域配置,因为我在docker中使用compose运行Nginx和Devpi,但你应该能够提取出你需要的东西:
worker_processes 1;
events {
worker_connections 1024;
}
http {
# Define the location for devpi
upstream pypi-backend {
server localhost:8080;
}
# Redirect HTTP to HTTPS
server {
listen 80;
listen [::]:80;
server_name _;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name example.co.uk; # This is the accessing address eg. https://example.co.uk
root /devpi/server; # This is where your devpi server directory is
gzip on;
gzip_min_length 2000;
gzip_proxied any;
proxy_read_timeout 60s;
client_max_body_size 64M;
ssl_certificate /etc/nginx/certs/cert.crt; Path to certificate
ssl_certificate_key /etc/nginx/certs/cert.key; Path to certificate key
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/pypi.access.log;
# try serving static files directly
location ~ /\+f/ {
error_page 418 = @pypi_backend;
if ($request_method !~ (GET)|(HEAD)) {
return 418;
}
expires max;
try_files /+files$uri @pypi_backend;
}
# try serving docs directly
location ~ /\+doc/ {
try_files $uri @pypi_backend;
}
location / {
error_page 418 = @pypi_backend;
return 418;
}
location @pypi_backend {
proxy_pass http://pypi-backend; # Using the upstream definition
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-outside-url $scheme://$host:$server_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
}
}使用这种配置的Nginx和运行在http://localhost:8080上的devpi,您应该能够访问https://localhost,或者使用适当的DNS https://example.co.uk访问您的计算机。请求将为:
client (HTTPS) > Nginx (HTTP) > devpi (HTTP) > Nginx (HTTPS) > client这也意味着你需要确保Nginx是自己运行的,因为devpi start不会知道更多。你至少应该看到一个Nginx的欢迎页面。
https://stackoverflow.com/questions/56050912
复制相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号