[英]How to properly configure nginx ssl for working with docker-compose and django-channel ssl socket
I have a django project with django-channels 2.X inside. 我有一个带有django-channels 2.X的django项目。 Locally it works perfect, but with production I have problem of connecting this socket with front-end.
在本地,它可以完美工作,但是在生产中,我很难将此插座与前端连接。
8:675 WebSocket connection to 'wss://air.my-server.com/excel-worker/' failed: Error in connection establishment: net::ERR_NOT_IMPLEMENTED 8:675 WebSocket连接到'wss://air.my-server.com/excel-worker/'失败:连接建立错误:net :: ERR_NOT_IMPLEMENTED
My app has SSL certificate from LetsEncrypt. 我的应用程序具有LetsEncrypt的SSL证书。
I've alreday tried all recommendation from here https://channels.readthedocs.io/en/latest/deploying.html and almost all, what i've found on Stackoverflow, Github (example: https://github.com/django/channels/issues/919 ). 我一直尝试从这里https://channels.readthedocs.io/en/latest/deploying.html尝试所有建议,以及几乎所有我在Github的Stackoverflow上发现的建议(示例: https : //github.com/ django / channels / issues / 919 )。 Also i've tried to configure nginx according to this https://www.nginx.com/blog/websocket-nginx/ but wothout luck.
我也尝试根据此https://www.nginx.com/blog/websocket-nginx/配置nginx,但没有运气。
I'm sure problem is in my Nginx config. 我确定问题出在我的Nginx配置中。
docker-compose.yml docker-compose.yml
version: '3.0'
services:
project_db:
image: postgres:9.6
container_name: air-db
volumes:
- ./src/data:/var/lib/postgresql/data
- ./prj_config/docker-entrypoint-initdb.d/:/docker-entrypoint-initdb.d/
restart: unless-stopped
env_file:
- prod.env
project_redis:
image: redis:latest
container_name: aircraft-redis
restart: unless-stopped
expose:
- 6379
backend: &backend
container_name: air-auto
build:
context: .
dockerfile: Dockerfile
command: sh -c "python manage.py makemigrations && python manage.py migrate && gunicorn service.wsgi -b 0.0.0.0:8112 --workers 1"
restart: unless-stopped
volumes:
- ./src:/src
depends_on:
- project_db
- project_redis
ports:
- 0.0.0.0:8112:8112
env_file:
- prod.env
channel-worker:
<<: *backend
container_name: air-channels
command: sh -c "daphne -e ssl:443:privateKey=privkey.pem:certKey=fullchain.pem -u /tmp/daphne.sock -p 8005 service.asgi:application -b 0.0.0.0"
depends_on:
- project_db
- project_redis
volumes:
- /etc/letsencrypt/:/etc/letsencrypt/
ports:
- 0.0.0.0:8005:8005
- 0.0.0.0:8006:443
nginx (sites-enabled) nginx(启用站点)
server {
listen 80;
server_name my-server.com;
include snippets/letsencrypt.conf;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
server_name my-server.com;
ssl_certificate /etc/letsencrypt/live/my-server.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/my-server.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/my-server.com/chain.pem;
include snippets/ssl.conf;
include snippets/letsencrypt.conf;
return 301 https://my-server.com.com$request_uri;
server {
listen 443 ssl http2;
server_name air.my-server.com;
ssl_certificate /etc/letsencrypt/live/air.my-server.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/air.my-server.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/air.my-server.com/chain.pem;
include snippets/ssl.conf;
include snippets/letsencrypt.conf;
location / {
proxy_pass http://localhost:8112/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /excel-worker/ {
proxy_pass http://0.0.0.0:8005/excel-worker/;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
location /static {
alias /path/to/my/staticfiles/;
}
location /media {
alias /path/to/my/media/;
}
location /robots.txt {
alias /path/to/my/robots.txt;
}
}
Logger result when containers start 容器启动时的记录器结果
air-redis | 1:M 15 Feb 2019 15:07:40.292 * DB loaded from disk: 0.000 seconds
air-redis | 1:M 15 Feb 2019 15:07:40.292 * Ready to accept connections
air-auto-db | LOG: database system was shut down at 2019-02-15 15:06:41 UTC
air-auto-db | LOG: MultiXact member wraparound protections are now enabled
air-auto-db | LOG: database system is ready to accept connections
air-auto-db | LOG: autovacuum launcher started
air-channels | 2019-02-15 15:07:41,548 INFO Starting server at ssl:443:privateKey=/etc/letsencrypt/live/air.my-server.com/privkey.pem:certKey=/etc/letsencrypt/live/air.my-server.com/fullchain.pem, tcp:port=8005:interface=0.0.0.0, unix:/tmp/daphne.sock
air-channels | 2019-02-15 15:07:41,549 INFO HTTP/2 support enabled
air-channels | 2019-02-15 15:07:41,550 INFO Configuring endpoint ssl:443:privateKey=/etc/letsencrypt/live/air.my-server.com/privkey.pem:certKey=/etc/letsencrypt/live/air.my-server.com/fullchain.pem
air-channels | 2019-02-15 15:07:41,554 INFO Listening on TCP address 0.0.0.0:443
air-channels | 2019-02-15 15:07:41,555 INFO Configuring endpoint tcp:port=8005:interface=0.0.0.0
air-channels | 2019-02-15 15:07:41,555 INFO Listening on TCP address 0.0.0.0:8005
air-channels | 2019-02-15 15:07:41,556 INFO Configuring endpoint unix:/tmp/daphne.sock
air-auto | No changes detected
air-auto | Running migrations:
air-auto | No migrations to apply.
air-auto | [2019-02-15 15:07:43 +0000] [1] [INFO] Starting gunicorn 19.9.0
air-auto | [2019-02-15 15:07:43 +0000] [1] [INFO] Listening at: http://0.0.0.0:8112 (1)
air-auto | [2019-02-15 15:07:43 +0000] [1] [INFO] Using worker: sync
air-auto | [2019-02-15 15:07:43 +0000] [20] [INFO] Booting worker with pid: 20
I need than my django-channels aprt of the project and my front-end socket made a handshake. 我比该项目的django-channels aprt和前端套接字进行了握手。 As I said earlier, locally it works fine.
就像我之前说的,在本地工作正常。
Any suggestions are welcomed! 任何建议都欢迎!
I figured out. 我想通了。
The problem was in using VPN. 问题出在使用VPN。 I switched it off and my websockets were able to perform handshake and return messages.
我将其关闭,我的websocket能够执行握手并返回消息。
Don't really know why this happed, but hope this will help someone. 真的不知道为什么会这样,但是希望这会对某人有所帮助。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.