使用 Django 和 Gunicorn 配置 Ngnix

Question

我有下面的 Nginx 代码。 它有点工作。

If I enter 'https://' to go to the site, the SSL kicks in. However, if I just enter www.thaifoodbypla.com, it does not re-direct to HTTPS, it just loads HTTP.

Nginx 配置：

upstream gunicorn{
# fail_timeout=0 means we always retry an upstream even if it failed
# to return a good HTTP response (in case the Unicorn master nukes a
# single worker for timing out).

# for UNIX domain socket setups:

server unix:/home/ubuntu/thaiFoodByPla/project.sock  fail_timeout=0;

# for TCP setups, point these to your backend servers
# server 127.0.0.1:9000 fail_timeout=0;
}
server {
listen 80;
listen 443 ssl http2;
server_name www.thaifoodbypla.com;
ssl_certificate /etc/ssl/private/ssl-bundle.crt;
ssl_certificate_key /etc/ssl/private/briefing_key.pem;



# path for static files
root /home/ubuntu/thaiFoodByPla/project/project;

location / {
  # checks for static file, if not found proxy to app
  try_files $uri @proxy_to_app;
}

location @proxy_to_app {
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    # When Nginx is handling SSL it is helpful to pass the protocol information
    # to Gunicorn. Many web frameworks use this information to generate URLs.
    # Without this information, the application may mistakenly generate http
    # URLs in https responses, leading to mixed content warnings or broken
    # applications. In this case, configure Nginx to pass an appropriate header:
    proxy_set_header X-Forwarded-Proto $scheme;

    # pass the Host: header from the client right along so redirects
    # can be set properly within the Rack application
    proxy_set_header Host $http_host;

    # we don't want nginx trying to do something clever with
    # redirects, we set the Host: header above already.
    proxy_redirect off;


    # Try to serve static files from nginx, no point in making an
    # *application* server like Unicorn/Rainbows! serve static files.
    proxy_pass http://gunicorn;
}

我不知道该怎么办。 我可以更改什么以使其自动转发到 https://？

Answer 1

通过添加listen 80 nginx 将监听 http 并将其直接提供给 gunicorn。

您可以通过删除listen 80并创建从端口80到443的重定向来解决该问题，如下所示：

server {
    listen 443 ssl http2;
    server_name www.thaifoodbypla.com;
    ssl_certificate /etc/ssl/private/ssl-bundle.crt;
    ssl_certificate_key /etc/ssl/private/briefing_key.pem;
    # rest of this block
}

server {
    # if a request is made on port 80 to your domain, it will be redirected
    if ($host = www.thaifoodbypla.com) {
        return 301 https://$host$request_uri; 
    }
    listen 80;
    server_name www.thaifoodbypla.com;
    return 404;
}

这样，所有在 80 端口到您域的请求都将被重定向到 https，如果域不匹配，则返回 404 响应。