如何使用https服务devpi?
[英]How to serve devpi with https?
问题描述
I have an out-of-the-box devpi-server running on http:// 
我在http://上运行了一个开箱即用的devpi-server
I need to get it to work on https:// instead. 我需要让它在https://上工作。
I already have the certificates for the domain. 我已经拥有域名证书。
I followed the documentation for nginx-site-config, and created the /etc/nginx/conf.d/domain.conf file that has the server{} block that points to my certificates (excerpt below). 我按照nginx-site-config的文档 ,创建了/etc/nginx/conf.d/domain.conf文件,该文件具有指向我的证书的server{}块(摘录如下)。
However, my devpi-server --start --init is totally ignoring any/all nginx configurations. 但是,我的devpi-server --start --init完全忽略了任何/所有nginx配置。 How do i point the devpi-server to use the nginx configurations? 如何指出devpi-server使用nginx配置? Is it even possible, or am I totally missing the point? 它甚至可能,还是我完全忽略了这一点?
/etc/nginx/conf.d/domain.conf file contents: /etc/nginx/conf.d/domain.conf文件内容:
server {
server_name localhost $hostname "";
listen 8081 ssl default_server;
listen [::]:8081 ssl default_server;
server_name domain;
ssl_certificate /root/certs/domain/domain.crt;
ssl_certificate_key /root/certs/domain/domain.key;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH;
gzip on;
gzip_min_length 2000;
gzip_proxied any;
gzip_types application/json;
proxy_read_timeout 60s;
client_max_body_size 64M;
# set to where your devpi-server state is on the filesystem
root /root/.devpi/server;
# try serving static files directly
location ~ /\+f/ {
# workaround to pass non-GET/HEAD requests through to the named location below
error_page 418 = @proxy_to_app;
if ($request_method !~ (GET)|(HEAD)) {
return 418;
}
expires max;
try_files /+files$uri @proxy_to_app;
}
# try serving docs directly
location ~ /\+doc/ {
try_files $uri @proxy_to_app;
}
location / {
# workaround to pass all requests to / through to the named location below
error_page 418 = @proxy_to_app;
return 418;
}
location @proxy_to_app {
proxy_pass https://localhost:8081;
proxy_set_header X-outside-url $scheme://$host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto https;
}
}
1 个解决方案
解决方案1
0 2019-05-29 06:47:16
This is the answer I gave to the same question on superuser . 这是我对超级用户提出的相同问题的答案。
Devpi doesn't know anything about Nginx, it will just serve HTTP traffic. Devpi对Nginx一无所知,只会提供HTTP流量。 When we want to interact with a web-app via HTTPS instead, we as the client need to talk to a front-end which can handle it (Nginx) which will in turn communicate with our web-app. 当我们想要通过HTTPS与网络应用程序进行交互时,我们作为客户端需要与可以处理它的前端(Nginx)交谈,后者将与我们的网络应用程序进行通信。 This application of Nginx is known as a reverse proxy . Nginx的这个应用程序被称为反向代理 。 As a reverse proxy we can also benefit from Nginx's ability to serve static files more efficiently than getting our web-app to do it itself (hence the "try serving..." location blocks). 作为反向代理,我们也可以从Nginx能够更有效地提供静态文件的能力中获益,而不是让我们的Web应用程序自己完成(因此“尝试服务...”位置块)。
Here is a complete working Nginx config that I use for devpi. 这是一个完整的工作Nginx配置,我用于devpi。 Note that this is /etc/nginx/nginx.conf file rather than a domain config like yours because I'm running Nginx and Devpi in docker with compose but you should be able to pull out what you need: 请注意,这是/etc/nginx/nginx.conf文件,而不是像您这样的域配置,因为我在使用compose在docker中运行Nginx和Devpi,但是您应该能够提取所需内容:
worker_processes 1;
events {
worker_connections 1024;
}
http {
# Define the location for devpi
upstream pypi-backend {
server localhost:8080;
}
# Redirect HTTP to HTTPS
server {
listen 80;
listen [::]:80;
server_name _;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name example.co.uk; # This is the accessing address eg. https://example.co.uk
root /devpi/server; # This is where your devpi server directory is
gzip on;
gzip_min_length 2000;
gzip_proxied any;
proxy_read_timeout 60s;
client_max_body_size 64M;
ssl_certificate /etc/nginx/certs/cert.crt; Path to certificate
ssl_certificate_key /etc/nginx/certs/cert.key; Path to certificate key
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/pypi.access.log;
# try serving static files directly
location ~ /\+f/ {
error_page 418 = @pypi_backend;
if ($request_method !~ (GET)|(HEAD)) {
return 418;
}
expires max;
try_files /+files$uri @pypi_backend;
}
# try serving docs directly
location ~ /\+doc/ {
try_files $uri @pypi_backend;
}
location / {
error_page 418 = @pypi_backend;
return 418;
}
location @pypi_backend {
proxy_pass http://pypi-backend; # Using the upstream definition
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-outside-url $scheme://$host:$server_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
}
}
With Nginx using this configuration and devpi running on http://localhost:8080 , you should be able to access https://localhost or with your machine with appropriate DNS https://example.co.uk . 使用此配置的Nginx和在http://localhost:8080上运行的devpi,您应该能够访问https://localhost或使用适当的DNS https://example.co.uk访问您的计算机。 A request will be: 请求将是:
client (HTTPS) > Nginx (HTTP) > devpi (HTTP) > Nginx (HTTPS) > client
This also means that you will need to make sure that Nginx is running yourself, as devpi start won't know any better. 这也意味着你需要确保Nginx自己运行,因为devpi start不会更好。 You should at the very least see an Nginx welcome page. 你应该至少看到一个Nginx欢迎页面。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.