安装 SSL 后 Gunicorn 工人超时(Django、Nginx)
[英]Gunicorn workers timing out after SSL install (Django, Nginx)
问题描述
After a bit of a struggle to set up AWS Route53 IPv6 and my DSN (Ionos) I've managed to set up SSL in my Django blog app running with Gunicorn and nginx.
在设置 AWS Route53 IPv6 和我的 DSN (Ionos) 有点困难之后,我设法在运行 Gunicorn 和 nginx 的 Django 博客应用程序中设置了 SSL。 I've used this tutorial我用过这个教程
Unfortunately, first it ran into the redirect loop error that I managed to fix but now it's 502 Bad Gateway and when I check the logs it looks like Gunicorn workers are alway timing out.不幸的是,首先它遇到了我设法修复的重定向循环错误,但现在是 502 Bad Gateway,当我检查日志时,看起来 Gunicorn 工作人员总是超时。 I tried setting the timeout to 300s for both nginx and Gunicorn but it just means a longer wait for 502 error, nothing else changes.我尝试将 nginx 和 Gunicorn 的超时设置为 300 秒,但这只是意味着等待 502 错误的时间更长,其他没有任何变化。
Here's the log:这是日志:
Mar 21 23:13:46 ip-172-31-35-104 systemd[1]: Started A high performance web server and a reverse proxy server.
-- Subject: Unit nginx.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit nginx.service has finished starting up.
--
-- The start-up result is done.
Mar 21 23:13:46 ip-172-31-35-104 sudo[2107]: pam_unix(sudo:session): session closed for user root
Mar 21 23:14:19 ip-172-31-35-104 gunicorn[2055]: [2019-03-21 23:14:19 +0000] [2055] [CRITICAL] WORKER TIMEOUT (pid:2061)
Mar 21 23:14:19 ip-172-31-35-104 gunicorn[2055]: [2019-03-21 23:14:19 +0000] [2061] [INFO] Worker exiting (pid: 2061)
Mar 21 23:14:19 ip-172-31-35-104 gunicorn[2055]: base dir path /home/ubuntu/puchalatravel/puchalatravel
Mar 21 23:14:19 ip-172-31-35-104 gunicorn[2055]: [2019-03-21 23:14:19 +0000] [2125] [INFO] Booting worker with pid: 2125
nginx setup: nginx设置:
server {
listen 80;
listen [::]:80;
server_name puchalatravel.com www.puchalatravel.com;
return 404; # managed by Certbot
return 301 https://puchalatravel.com$request_uri;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name puchalatravel.com;
ssl on;
ssl_certificate /etc/letsencrypt/live/puchalatravel.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/puchalatravel.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; #managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; #managed by Certbot
location /static {
root /home/ubuntu/puchalatravel/;
}
location /media {
root /home/ubuntu/puchalatravel/;
}
location /.well-known {
root /var/www/common/letsencrypt/;
}
location / {
# include proxy_params;
proxy_redirect off;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass https://unix:/home/ubuntu/puchalatravel/puchalatravel.sock;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 60s;
proxy_read_timeout 120s;
}
}
gunicorn setup:枪炮设置:
[Unit]
Description=gunicorn daemon
After=network.target
[Service]
User=ubuntu
Group=www-data
WorkingDirectory=/home/ubuntu/puchalatravel
ExecStart=/home/ubuntu/puchalatravel/puchalatravelenv/bin/gunicorn --access-logfile - --timeout 30 --workers 3 --bind unix:/home/ubuntu/puchalatravel/puchalatravel.sock puchalatravel.wsgi:application
[Install]
WantedBy=multi-user.target
No changes at all were made in Django code except for adding the following lines in settings.py:除了在 settings.py 中添加以下几行之外,在 Django 代码中没有做任何更改:
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
SECURE_SSL_REDIRECT = True
SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True
All the code can be found here: GitHub repo Website address: puchalatravel.com所有代码都可以在这里找到: GitHub repo网站地址: puchalatravel.com
Any ideas what could be the source of the issue?任何想法可能是问题的根源?
EDIT.编辑。 Looks like an issue with SSL, nginx error log:看起来是 SSL 的问题,nginx 错误日志:
2019/03/22 07:15:24 [error] 2123#2123: *83 peer closed connection in SSL handshake while SSL handshaking to upstream, client: 83.6.170.100, server: puchalatravel.com, request: "GET / HTTP/1.1", upstream: "https://unix:/home/ubuntu/puchalatravel/puchalatravel.sock:/", host: "puchal$2019/03/22 07:15:56 [error] 2123#2123: *85 peer closed connection in SSL handshake while SSL handshaking to upstream, client: 83.6.170.100, server: puchalatravel.com, request: "GET /favicon.ico HTTP/1.1", upstream: "https://unix:/home/ubuntu/puchalatravel/puchalatravel.sock:/favic$2019/03/22 07:36:35 [error] 2123#2123: *94 peer closed connection in SSL handshake while SSL handshaking to upstream, client: 213.229.174.164, server: puchalatravel.com, request: "GET / HTTP/1.1", upstream: "https://unix:/home/ubuntu/puchalatravel/puchalatravel.sock:/", host: "puc$2019/03/22 07:37:06 [error] 2123#2123: *94 peer closed connection in SSL handshake while SSL handshaking to upstream, client: 213.229.174.164, server: puchalatravel.com, request: "GET /favicon.ico HTTP/1.1", upstream: "https://unix:/home/ubuntu/puchalatravel/puchalatravel.sock:/fa$2019/03/22 07:40:58 [error] 2123#2123: *100 peer closed connection in SSL handshake while SSL handshaking to upstream, client: 213.229.174.164, server: puchalatravel.com, request: "GET / HTTP/1.1", upstream: "https://unix:/home/ubuntu/puchalatravel/puchalatravel.sock:/", host: "pu$2019/03/22 07:41:29 [error] 2123#2123: *100 peer closed connection in SSL handshake while SSL handshaking to upstream, client: 213.229.174.164, server: puchalatravel.com, request: "GET /favicon.ico HTTP/1.1", upstream: "https://unix:/home/ubuntu/puchalatravel/puchalatravel.sock:/f$2019/03/22 07:44:22 [error] 12508#12508: *1 peer closed connection in SSL handshake while SSL handshaking to upstream, client: 213.229.174.164, server: puchalatravel.com, request: "GET / HTTP/1.1", upstream: "https://unix:/home/ubuntu/puchalatravel/puchalatravel.sock:/", host: "pu$2019/03/22 07:44:52 [error] 12508#12508: *1 peer closed connection in SSL handshake while SSL handshaking to upstream, client: 213.229.174.164, server: puchalatravel.com, request: "GET /favicon.ico HTTP/1.1", upstream: "https://unix:/home/ubuntu/puchalatravel/puchalatravel.sock:/f$2019/03/22 07:53:57 [error] 12508#12508: *4 peer closed connection in SSL handshake while SSL handshaking to upstream, client: 213.229.174.164, server: puchalatravel.com, request: "GET / HTTP/1.1", upstream: "https://unix:/home/ubuntu/puchalatravel/puchalatravel.sock:/", host: "pu$2019/03/22 07:54:10 [notice] 12698#12698: signal process started
2019/03/22 07:54:24 [notice] 12700#12700: signal process started
2019/03/22 07:54:27 [notice] 12703#12703: signal process started
2019/03/22 07:54:28 [error] 12508#12508: *4 peer closed connection in SSL handshake while SSL handshaking to upstream, client: 213.229.174.164, server: puchalatravel.com, request: "GET /favicon.ico HTTP/1.1", upstream: "https://unix:/home/ubuntu/puchalatravel/puchalatravel.sock:/f$2019/03/22 07:58:51 [error] 12704#12704: *27 peer closed connection in SSL handshake while SSL handshaking to upstream, client: 5.255.250.163, server: puchalatravel.com, request: "GET /robots.txt HTTP/1.1", upstream: "https://unix:/home/ubuntu/puchalatravel/puchalatravel.sock:/rob$2019/03/22 07:59:22 [error] 12704#12704: *30 peer closed connection in SSL handshake while SSL handshaking to upstream, client: 141.8.143.160, server: puchalatravel.com, request: "GET /robots.txt HTTP/1.1", upstream: "https://unix:/home/ubuntu/puchalatravel/puchalatravel.sock:/rob$2019/03/22 07:59:53 [error] 12704#12704: *32 peer closed connection in SSL handshake while SSL handshaking to upstream, client: 178.154.246.138, server: puchalatravel.com, request: "GET /posts/ HTTP/1.1", upstream: "https://unix:/home/ubuntu/puchalatravel/puchalatravel.sock:/posts$2019/03/22 08:03:10 [error] 12813#12813: *1 peer closed connection in SSL handshake while SSL handshaking to upstream, client: 213.229.174.164, server: puchalatravel.com, request: "GET / HTTP/1.1", upstream: "https://unix:/home/ubuntu/puchalatravel/puchalatravel.sock:/", host: "pu$2019/03/22 08:03:41 [error] 12813#12813: *1 peer closed connection in SSL handshake while SSL handshaking to upstream, client: 213.229.174.164, server: puchalatravel.com, request: "GET /favicon.ico HTTP/1.1", upstream: "https://unix:/home/ubuntu/puchalatravel/puchalatravel.sock:/f$2019/03/22 08:37:39 [error] 12813#12813: *18 peer closed connection in SSL handshake while SSL handshaking to upstream, client: 213.229.174.164, server: puchalatravel.com, request: "GET / HTTP/1.1", upstream: "https://unix:/home/ubuntu/puchalatravel/puchalatravel.sock:/", host: "p$2019/03/22 08:56:08 [error] 13024#13024: *1 peer closed connection in SSL handshake while SSL handshaking to upstream, client: 213.229.174.164, server: puchalatravel.com, request: "GET / HTTP/1.1", upstream: "https://unix:/home/ubuntu/puchalatravel/puchalatravel.sock:/", host: "pu$2019/03/22 08:56:39 [error] 13024#13024: *1 peer closed connection in SSL handshake while SSL handshaking to upstream, client: 213.229.174.164, server: puchalatravel.com, request: "GET /favicon.ico HTTP/1.1", upstream: "https://unix:/home/ubuntu/puchalatravel/puchalatravel.sock:/f$
1 个解决方案
解决方案1
2 已采纳 2019-03-22 14:02:03
Turns out the issue was with this line in nginx config:原来问题出在 nginx 配置中的这一行:
proxy_pass https://unix:/home/ubuntu/puchalatravel/puchalatravel.sock;
The fix is to change https to http .解决方法是将https更改为http 。
Full nginx config in the end:最后是完整的 nginx 配置:
server {
listen 80;
listen [::]:80;
server_name puchalatravel.com www.puchalatravel.com;
return 301 https://puchalatravel.com;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name puchalatravel.com;
access_log /var/log/nginx/puchalatravel.com.access.log;
error_log /var/log/nginx/puchalatravel.com.error.log;
ssl on;
ssl_certificate /etc/letsencrypt/live/puchalatravel.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/puchalatravel.com/privkey.pem; # managed by Certbot
ssl_session_cache shared:SSL:5m;
include /etc/letsencrypt/options-ssl-nginx.conf; #managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; #managed by Certbot
location /static {
root /home/ubuntu/puchalatravel/;
}
location /media {
root /home/ubuntu/puchalatravel/;
}
location /.well-known {
root /var/www/common/letsencrypt/;
}
location / {
# include proxy_params;
proxy_redirect off;
proxy_ssl_server_name on;
proxy_ssl_certificate /etc/letsencrypt/live/puchalatravel.com/fullchain.pem; # managed by Certbot
proxy_ssl_certificate_key /etc/letsencrypt/live/puchalatravel.com/privkey.pem; # managed by Certbot
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://unix:/home/ubuntu/puchalatravel/puchalatravel.sock;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 60s;
proxy_read_timeout 120s;
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
nginx,gunicorn和django超时 - nginx, gunicorn and django timing out
SSL 在 Django、Nginx 和 Gunicorn - SSL on Django, Nginx, and Gunicorn
在 Django 中的 NGINX 和 Gunicorn 中配置 SSL - Configure SSL in NGINX and Gunicorn in Django
nginx和gunicorn工人数量 - nginx and gunicorn number of workers
带有Docker,Nginx,Gunicorn和SSL的Django - Django w/ Docker, Nginx, Gunicorn and SSL
Django + gunicorn 使用大尺寸 POST 请求超时 - Django + gunicorn timing out with POST requests with large sizes
django+gunicorn+nginx 电报 webhook ssl 问题 - Django+gunicorn+nginx telegram webhook ssl trouble
在Gunicorn / Django / Nginx应用程序中使用SSL时出现混合内容错误 - Mixed content error in using SSL with Gunicorn/Django/Nginx application
Django 3 中的管理员 static 文件问题(Ubuntu、Nginx、Gunicorn、SSL) - Issue with admin static files in Django 3 (Ubuntu, Nginx, Gunicorn, SSL)
使用 ssl/nginx/gunicorn 在流浪盒子中访问(django)应用程序的问题 - Issue accessing a (django) app in a vagrant box with ssl / nginx /gunicorn
相关标签