如何在数字海洋上使用 https 制作 Flask 应用程序
[英]How to make a Flask app with https on digital ocean
问题描述
I have a flask app running on port 8000 of digital oceans' droplet.
我有一个 flask 应用程序在数字海洋水滴的 8000 端口上运行。 I needed to implement https on this server, and i followed this tutorial我需要在这个服务器上实现 https,我按照这个教程
https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04 https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04
With that, my 'mydomain.com' has https, but 'mydomain.com:8000' doesn't.这样,我的“mydomain.com”有 https,但“mydomain.com:8000”没有。 I've tried to put我试着把
listen 8000 ssl;
listen [::]:8000 ssl;
server_name funders-api.ninja www.funders-api.ninja;
ssl_certificate /etc/letsencrypt/live/funders-api.ninja/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/funders-api.ninja/privkey.pem; # managed by Certbot
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
}
on my nginx congif, but still doesn't work.在我的 nginx congif 上,但仍然无法正常工作。 With this code above, I can't start my flask app because the port 8000 it's already been used from nginx process使用上面的代码,我无法启动我的 flask 应用程序,因为端口 8000 已经从 nginx 进程中使用
My full config file is like this:我的完整配置文件是这样的:
server {
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name funders-api.ninja www.funders-api.ninja;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
# pass PHP scripts to FastCGI server
#
#location ~ \.php$ {
# include snippets/fastcgi-php.conf;
#
# # With php-fpm (or other unix sockets):
# fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
# # With php-cgi (or other tcp sockets):
# fastcgi_pass 127.0.0.1:9000;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/funders-api.ninja/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/funders-api.ninja/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
listen 8000 ssl;
listen [::]:8000 ssl;
server_name funders-api.ninja www.funders-api.ninja;
ssl_certificate /etc/letsencrypt/live/funders-api.ninja/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/funders-api.ninja/privkey.pem; # managed by Certbot
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
}
# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
# listen 80;
# listen [::]:80;
#
# server_name example.com;
#
# root /var/www/example.com;
# index index.html;
#
# location / {
# try_files $uri $uri/ =404;
# }
#}
server {
if ($host = www.funders-api.ninja) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = funders-api.ninja) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 default_server;
listen [::]:80 default_server;
server_name funders-api.ninja www.funders-api.ninja;
return 404; # managed by Certbot
}
1 个解决方案
解决方案1
1 已采纳 2019-09-23 10:03:34
Only 1 application/service may be listening to 1 concrete port.只有 1 个应用程序/服务可能正在侦听 1 个具体端口。
If your flask app is already listening to port 8000, nginx can't.如果您的 flask 应用程序已经在侦听端口 8000,则 nginx 不能。
Normal https connections enter through port 443.正常的 https 连接通过端口 443 进入。
I would change the configuration to:我会将配置更改为:
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name funders-api.ninja www.funders-api.ninja;
ssl_certificate /etc/letsencrypt/live/funders-api.ninja/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/funders-api.ninja/privkey.pem; # managed by Certbot
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
location / {
include proxy_params;
proxy_pass http://127.0.0.1:8000;
}
}
Like this, secure conection enters through port 443, gets validated by nginx with the certificates像这样,安全连接通过端口 443 进入,通过 nginx 的证书验证
ssl_certificate /etc/letsencrypt/live/funders-api.ninja/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/funders-api.ninja/privkey.pem; # managed by Certbot
And then you make a proxy to the port which your flask app is listening to (once the connection has been secured).然后您对 flask 应用程序正在侦听的端口进行代理(一旦连接得到保护)。
This is an example on how I'd do it.这是我如何做的一个例子。 If nginx is the one to process the connection with the certificate, it's nginx that needs to listen to the port you make the connection, and then proxy the connection to your flask app.如果 nginx 是用证书来处理连接的,那么 nginx 需要监听你建立连接的端口,然后将连接代理到你的 Z319C3206A7F10C17C3B469116D4A9576 应用程序。
If your request is made directly to the flask app, nginx doesn't do anything, as the connection has not gone through it.如果您的请求是直接向 flask 应用程序发出的,则 nginx 不会执行任何操作,因为连接尚未通过它。
If you have any questions don't doubt on asking me.如果您有任何问题,请不要怀疑问我。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.