如何在数字海洋上使用 https 制作 Flask 应用程序
[英]How to make a Flask app with https on digital ocean
问题描述
我有一个 flask 应用程序在数字海洋水滴的 8000 端口上运行。 我需要在这个服务器上实现 https,我按照这个教程
这样,我的“mydomain.com”有 https,但“mydomain.com:8000”没有。 我试着把
listen 8000 ssl;
listen [::]:8000 ssl;
server_name funders-api.ninja www.funders-api.ninja;
ssl_certificate /etc/letsencrypt/live/funders-api.ninja/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/funders-api.ninja/privkey.pem; # managed by Certbot
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
}
在我的 nginx congif 上,但仍然无法正常工作。 使用上面的代码,我无法启动我的 flask 应用程序,因为端口 8000 已经从 nginx 进程中使用
我的完整配置文件是这样的:
server {
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name funders-api.ninja www.funders-api.ninja;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
# pass PHP scripts to FastCGI server
#
#location ~ \.php$ {
# include snippets/fastcgi-php.conf;
#
# # With php-fpm (or other unix sockets):
# fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
# # With php-cgi (or other tcp sockets):
# fastcgi_pass 127.0.0.1:9000;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/funders-api.ninja/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/funders-api.ninja/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
listen 8000 ssl;
listen [::]:8000 ssl;
server_name funders-api.ninja www.funders-api.ninja;
ssl_certificate /etc/letsencrypt/live/funders-api.ninja/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/funders-api.ninja/privkey.pem; # managed by Certbot
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
}
# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
# listen 80;
# listen [::]:80;
#
# server_name example.com;
#
# root /var/www/example.com;
# index index.html;
#
# location / {
# try_files $uri $uri/ =404;
# }
#}
server {
if ($host = www.funders-api.ninja) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = funders-api.ninja) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 default_server;
listen [::]:80 default_server;
server_name funders-api.ninja www.funders-api.ninja;
return 404; # managed by Certbot
}
1 个解决方案
解决方案1
1 已采纳 2019-09-23 10:03:34
只有 1 个应用程序/服务可能正在侦听 1 个具体端口。
如果您的 flask 应用程序已经在侦听端口 8000,则 nginx 不能。
正常的 https 连接通过端口 443 进入。
我会将配置更改为:
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name funders-api.ninja www.funders-api.ninja;
ssl_certificate /etc/letsencrypt/live/funders-api.ninja/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/funders-api.ninja/privkey.pem; # managed by Certbot
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
location / {
include proxy_params;
proxy_pass http://127.0.0.1:8000;
}
}
像这样,安全连接通过端口 443 进入,通过 nginx 的证书验证
ssl_certificate /etc/letsencrypt/live/funders-api.ninja/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/funders-api.ninja/privkey.pem; # managed by Certbot
然后您对 flask 应用程序正在侦听的端口进行代理(一旦连接得到保护)。
这是我如何做的一个例子。 如果 nginx 是用证书来处理连接的,那么 nginx 需要监听你建立连接的端口,然后将连接代理到你的 Z319C3206A7F10C17C3B469116D4A9576 应用程序。
如果您的请求是直接向 flask 应用程序发出的,则 nginx 不会执行任何操作,因为连接尚未通过它。
如果您有任何问题,请不要怀疑问我。
如何在Droplet Digital Ocean上使用Flask和Nginx更改HTML内容?
[英]How to change HTML content with Flask and Nginx on Droplet Digital Ocean?
如何通过Passenger / Nginx在数字海洋上部署Django / React / Webpack应用
[英]How to deploy Django/React/Webpack app on Digital Ocean through Passenger/Nginx
如何修复数字海洋 django 应用程序上的“413 请求实体太大”
[英]How to fix a “413 request entity too large” on digital ocean-django app
如何在Digital Ocean Droplet中安装BeautifulSoup?
[英]How can I install BeautifulSoup in a Digital Ocean droplet?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
如何在apache2(数字海洋)上运行Flask应用程序
如何在Droplet Digital Ocean上使用Flask和Nginx更改HTML内容?
如何在Digital Ocean上安装python 2.7 mysql
如何将 fastapi api 部署到数字海洋水滴?
如何通过Passenger / Nginx在数字海洋上部署Django / React / Webpack应用
如何修复数字海洋 django 应用程序上的“413 请求实体太大”
Digital Ocean Django应用仅适用于Debug = True
如何在Digital Ocean Droplet中安装BeautifulSoup?
如何显示我部署在数字海洋上的网站的更新?
如何在 Digital Ocean 上设置 Python 游戏开发服务器?
相关标签