在Gunicorn / Django / Nginx应用程序中使用SSL时出现混合内容错误
[英]Mixed content error in using SSL with Gunicorn/Django/Nginx application
问题描述
I'm trying to configure HTTPS for an instance of Superdesk , which is using Gunicorn and Nginx for routing. 
我正在尝试为Superdesk实例配置HTTPS,该实例使用Gunicorn和Nginx进行路由。 I have a certificate installed and (I think) working on the server. 我安装了证书,并且(我认为)在服务器上工作。 Pointing a browser to the application however gives "Blocked loading mixed active content “ http://localhost/api " on Firefox and "WebSocket connection to 'ws://localhost/ws' failed: Error in connection establishment: net::ERR_CONNECTION_REFUSED" on Chrome. 但是,将浏览器指向应用程序会在Firefox上“阻止加载混合的活动内容” http:// localhost / api ”,并且“ WebSocket连接到'ws:// localhost / ws'失败:连接建立错误:net :: ERR_CONNECTION_REFUSED在Chrome上。 The documentation for this application is close to non-existent and I've spent countless hours now trying to get this to work. 该应用程序的文档几乎不存在,我现在花了无数小时试图使其正常工作。 I filed an issue with the developer on GitHub, but I didn't have much luck with the answer. 我在GitHub上向开发人员提出了一个问题 ,但是我的回答并没有很多运气。 Here's my Nginx configuration: 这是我的Nginx配置:
server {
listen 80;
listen 443 ssl;
server_name my_server_name;
ssl on;
ssl_certificate /path/to/my/cert.pem;
ssl_certificate_key /path/to/my/key/key.pem;
location /ws {
proxy_pass http://localhost:5100;
proxy_http_version 1.1;
proxy_buffering off;
proxy_read_timeout 3600;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
location /api {
proxy_pass http://localhost:5000;
proxy_set_header Host localhost;
expires epoch;
sub_filter_once off;
sub_filter_types application/json;
sub_filter 'http://localhost' 'http://$host';
}
location /contentapi {
proxy_pass http://localhost:5400;
proxy_set_header Host localhost;
expires epoch;
}
location /.well-known {
root /var/tmp;
}
location / {
root /opt/superdesk/client/dist;
# TODO: use "config.js:server" for user installations
sub_filter_once off;
sub_filter_types application/javascript;
sub_filter 'http://localhost' 'http://$host';
sub_filter 'ws://localhost/ws' 'ws://$host/ws';
}
location /mail {
alias /var/log/superdesk/mail/;
default_type text/plain;
autoindex on;
autoindex_exact_size off;
}
}
This is the first time I've worked with nginx/gunicorn/django app and I'm completely lost. 这是我第一次使用nginx / gunicorn / django应用程序,我完全迷路了。 Would anyone be able to point me in the right direction? 有人能指出我正确的方向吗?
1 个解决方案
解决方案1
0 已采纳 2019-03-06 18:17:49
For anyone trying to set up Superdesk and having the same issue, I finally figured out the correct configuration. 对于尝试设置Superdesk并遇到相同问题的任何人,我最终都找到了正确的配置。
First, here's the Nginx configuration I have to handle HTTPS requests and redirect HTTP requests to HTTPS: 首先,这是我必须处理HTTPS请求并将HTTP请求重定向到HTTPS的Nginx配置:
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name my.domain.com;
ssl on;
ssl_certificate /path/to/my/cert.pem;
ssl_certificate_key /path/to/my/key.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
location /ws {
proxy_pass http://localhost:5100;
proxy_http_version 1.1;
proxy_buffering off;
proxy_read_timeout 3600;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
location /api {
proxy_pass http://localhost:5000;
proxy_set_header Host my.domain.com;
expires epoch;
sub_filter_once off;
sub_filter_types application/json;
sub_filter 'http://localhost' 'https://$host';
}
location /contentapi {
proxy_pass http://localhost:5400;
proxy_set_header Host my.domain.com;
expires epoch;
}
location /.well-known {
root /var/tmp;
}
location / {
root /opt/superdesk/client/dist;
# TODO: use "config.js:server" for user installations
sub_filter_once off;
sub_filter_types application/javascript;
sub_filter 'http://localhost' 'https://$host';
sub_filter 'ws://localhost/ws' 'wss://$host/ws';
}
location /mail {
alias /var/log/superdesk/mail/;
default_type text/plain;
autoindex on;
autoindex_exact_size off;
}
}
server {
listen 80;
listen [::]:80;
server_name my.domain.com;
return 301 https://$host$request_uri;
}
What I was missing in the configuration: 我在配置中缺少的是:
The proxy_set_header field had to be set to proxy_set_header Host <my_domain name> and in the sub_filter field, it was the second parameter only that had to be set to use HTTPS proxy_set_header字段必须设置为proxy_set_header Host <my_domain name>并且在sub_filter字段中,它是仅第二个参数 ,必须设置为使用HTTPS
Superdesk-specific stuff that had to be configured: 必须配置的特定于Superdesk的内容:
In /opt/superdesk/activate.sh, set HOST_SSL to HOST_SSL=${HOST_SSL:-s} . 在/opt/superdesk/activate.sh中,将HOST_SSL设置为HOST_SSL=${HOST_SSL:-s} 。 This will make sure links sent out by mail (like password rest emails) are sent as HTTPS. 这将确保通过邮件发送的链接(如密码保留电子邮件)以HTTPS的形式发送。
It seems simple in retrospect but wow was it difficult to figure out with limited knowledge of Nginx... 回想起来似乎很简单,但是哇,很难用Nginx的有限知识来弄清楚...
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.