通过https的Django Cookiecutter

Question

现在已经超过4个小时了，我无法让我的nginx服务器为我的Django应用程序使用我的SSL证书。

这里是我的nginx.conf：

user nginx; 
worker_processes 1; 

error_log /var/log/nginx/error.log warn; 
pid  /var/run/nginx.pid; 


events { 
    worker_connections 1024; 
} 


http { 
    include  /etc/nginx/mime.types; 
    default_type application/octet-stream; 

    log_format main '$remote_addr - $remote_user [$time_local] "$request" ' 
         '$status $body_bytes_sent "$http_referer" ' 
         '"$http_user_agent" "$http_x_forwarded_for"'; 

    access_log /var/log/nginx/access.log main; 

    sendfile  on; 
    #tcp_nopush  on; 

    keepalive_timeout 65; 

    #gzip on; 

    upstream app { 
     server django:5000; 
    } 

    server { 
     listen     80; 
     server_name    www.example.com; 
     rewrite ^/(.*)   https://www.example.com/$1 permanent; 
    } 

    server { 
     listen     443 ssl; 
     server_name    www.example.com; 
     charset     utf-8; 

     ssl      on; 
     ssl_certificate   /etc/nginx/ssl/1_www.example.com_bundle.crt; 
     ssl_certificate_key  /etc/nginx/ssl/example_rsa.key; 

     location/{ 
      try_files   $uri     @proxy_to_app; 
     } 

     location @proxy_to_app { 
      proxy_pass   http://app; 
      proxy_redirect  off; 

      proxy_set_header X-Forwarded-Proto  $scheme; 
      proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for; 
      proxy_set_header X-Real-IP    $remote_addr; 
      proxy_set_header Host     $http_host; 
     } 

    } 
} 

我还是设法所有http流量重定向到https，但是当我访问https://www.example.com我得到一个漂亮ERR_CONNECTION_REFUSED。

我能想到的在我的Django应用程序的唯一相关的部分是：

SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https') 

，但我认为这个问题是在nginx的水平。我通过pydanny使用Django Cookiecutter。未修改的nginx.conf文件可以找到here。我确实将Dockerfile编辑为ADD我的证书。

谢谢！

Answer 1

这是我用于这种情况的conf文件。你可能想比较或遵循相同的方法：

# nginx config file for example.com 

upstream django { 
    server     unix:/srv/www/app/run/app.sock; 
} 


server { 
    listen     80 default_server; 
    server_name    example.com www.example.com; 
    return     301 https://example.com$request_uri; 
} 


server { 
    listen     443 ssl; 
    server_name    www.example.com; 
    ssl_certificate   /etc/nginx/ssl/app.crt; 
    ssl_certificate_key  /etc/nginx/ssl/app.key; 
    return     301 https://example.com$request_uri; 
} 

server { 
    listen     443 ssl; 
    server_name    example.com; 
    ssl_certificate   /etc/nginx/ssl/app.crt; 
    ssl_certificate_key  /etc/nginx/ssl/app.key; 
    proxy_set_header  X-Forwarded-Protocol $scheme; 
    add_header    Strict-Transport-Security "max-age=31536000"; 
    charset     utf-8; 

    gzip on; 
    gzip_disable "msie6"; 

    gzip_vary on; 
    gzip_proxied any; 
    gzip_comp_level 6; 
    gzip_buffers 16 8k; 
    gzip_http_version 1.1; 
    gzip_min_length 256; 
    gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/vnd.ms-fontobject application/x-font-ttf font/opentype image/svg+xml image/x-icon; 

    location /media { 
     alias    /srv/www/app/app/media; 
    } 

    location /static { 
     alias    /srv/www/app/app/collected_static; 
    } 

    location/{ 
     uwsgi_pass django; 
     include    /srv/www/app/run/uwsgi_params; 
    } 

    location /api/v1/app/upload { 
     uwsgi_max_temp_file_size 1M; 
    } 

    location /favicon.ico { 
     alias    /srv/www/app/app/collected_static/img/favicon.ico; 
    } 
} 

Django上侧，只为生产环境中，我做的：

# SSL 
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTOCOL', 'https') 
SESSION_COOKIE_SECURE = True 
CSRF_COOKIE_SECURE = True 

这就是它！