[英]Mixed content error in using SSL with Gunicorn/Django/Nginx application
我正在嘗試為Superdesk實例配置HTTPS,該實例使用Gunicorn和Nginx進行路由。 我安裝了證書,並且(我認為)在服務器上工作。 但是,將瀏覽器指向應用程序會在Firefox上“阻止加載混合的活動內容” http:// localhost / api ”,並且“ WebSocket連接到'ws:// localhost / ws'失敗:連接建立錯誤:net :: ERR_CONNECTION_REFUSED在Chrome上。 該應用程序的文檔幾乎不存在,我現在花了無數小時試圖使其正常工作。 我在GitHub上向開發人員提出了一個問題 ,但是我的回答並沒有很多運氣。 這是我的Nginx配置:
server {
listen 80;
listen 443 ssl;
server_name my_server_name;
ssl on;
ssl_certificate /path/to/my/cert.pem;
ssl_certificate_key /path/to/my/key/key.pem;
location /ws {
proxy_pass http://localhost:5100;
proxy_http_version 1.1;
proxy_buffering off;
proxy_read_timeout 3600;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
location /api {
proxy_pass http://localhost:5000;
proxy_set_header Host localhost;
expires epoch;
sub_filter_once off;
sub_filter_types application/json;
sub_filter 'http://localhost' 'http://$host';
}
location /contentapi {
proxy_pass http://localhost:5400;
proxy_set_header Host localhost;
expires epoch;
}
location /.well-known {
root /var/tmp;
}
location / {
root /opt/superdesk/client/dist;
# TODO: use "config.js:server" for user installations
sub_filter_once off;
sub_filter_types application/javascript;
sub_filter 'http://localhost' 'http://$host';
sub_filter 'ws://localhost/ws' 'ws://$host/ws';
}
location /mail {
alias /var/log/superdesk/mail/;
default_type text/plain;
autoindex on;
autoindex_exact_size off;
}
}
這是我第一次使用nginx / gunicorn / django應用程序,我完全迷路了。 有人能指出我正確的方向嗎?
對於嘗試設置Superdesk並遇到相同問題的任何人,我最終都找到了正確的配置。
首先,這是我必須處理HTTPS請求並將HTTP請求重定向到HTTPS的Nginx配置:
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name my.domain.com;
ssl on;
ssl_certificate /path/to/my/cert.pem;
ssl_certificate_key /path/to/my/key.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
location /ws {
proxy_pass http://localhost:5100;
proxy_http_version 1.1;
proxy_buffering off;
proxy_read_timeout 3600;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
location /api {
proxy_pass http://localhost:5000;
proxy_set_header Host my.domain.com;
expires epoch;
sub_filter_once off;
sub_filter_types application/json;
sub_filter 'http://localhost' 'https://$host';
}
location /contentapi {
proxy_pass http://localhost:5400;
proxy_set_header Host my.domain.com;
expires epoch;
}
location /.well-known {
root /var/tmp;
}
location / {
root /opt/superdesk/client/dist;
# TODO: use "config.js:server" for user installations
sub_filter_once off;
sub_filter_types application/javascript;
sub_filter 'http://localhost' 'https://$host';
sub_filter 'ws://localhost/ws' 'wss://$host/ws';
}
location /mail {
alias /var/log/superdesk/mail/;
default_type text/plain;
autoindex on;
autoindex_exact_size off;
}
}
server {
listen 80;
listen [::]:80;
server_name my.domain.com;
return 301 https://$host$request_uri;
}
我在配置中缺少的是:
proxy_set_header
字段必須設置為proxy_set_header Host <my_domain name>
並且在sub_filter
字段中,它是僅第二個參數 ,必須設置為使用HTTPS
必須配置的特定於Superdesk的內容:
在/opt/superdesk/activate.sh中,將HOST_SSL設置為HOST_SSL=${HOST_SSL:-s}
。 這將確保通過郵件發送的鏈接(如密碼保留電子郵件)以HTTPS的形式發送。
回想起來似乎很簡單,但是哇,很難用Nginx的有限知識來弄清楚...
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.