如何在數字海洋上使用 https 制作 Flask 應用程序
[英]How to make a Flask app with https on digital ocean
問題描述
我有一個 flask 應用程序在數字海洋水滴的 8000 端口上運行。 我需要在這個服務器上實現 https,我按照這個教程
這樣,我的“mydomain.com”有 https,但“mydomain.com:8000”沒有。 我試着把
listen 8000 ssl;
listen [::]:8000 ssl;
server_name funders-api.ninja www.funders-api.ninja;
ssl_certificate /etc/letsencrypt/live/funders-api.ninja/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/funders-api.ninja/privkey.pem; # managed by Certbot
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
}
在我的 nginx congif 上,但仍然無法正常工作。 使用上面的代碼,我無法啟動我的 flask 應用程序,因為端口 8000 已經從 nginx 進程中使用
我的完整配置文件是這樣的:
server {
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name funders-api.ninja www.funders-api.ninja;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
# pass PHP scripts to FastCGI server
#
#location ~ \.php$ {
# include snippets/fastcgi-php.conf;
#
# # With php-fpm (or other unix sockets):
# fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
# # With php-cgi (or other tcp sockets):
# fastcgi_pass 127.0.0.1:9000;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/funders-api.ninja/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/funders-api.ninja/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
listen 8000 ssl;
listen [::]:8000 ssl;
server_name funders-api.ninja www.funders-api.ninja;
ssl_certificate /etc/letsencrypt/live/funders-api.ninja/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/funders-api.ninja/privkey.pem; # managed by Certbot
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
}
# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
# listen 80;
# listen [::]:80;
#
# server_name example.com;
#
# root /var/www/example.com;
# index index.html;
#
# location / {
# try_files $uri $uri/ =404;
# }
#}
server {
if ($host = www.funders-api.ninja) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = funders-api.ninja) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 default_server;
listen [::]:80 default_server;
server_name funders-api.ninja www.funders-api.ninja;
return 404; # managed by Certbot
}
1 個解決方案
解決方案1
1 已采納 2019-09-23 10:03:34
只有 1 個應用程序/服務可能正在偵聽 1 個具體端口。
如果您的 flask 應用程序已經在偵聽端口 8000,則 nginx 不能。
正常的 https 連接通過端口 443 進入。
我會將配置更改為:
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name funders-api.ninja www.funders-api.ninja;
ssl_certificate /etc/letsencrypt/live/funders-api.ninja/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/funders-api.ninja/privkey.pem; # managed by Certbot
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
location / {
include proxy_params;
proxy_pass http://127.0.0.1:8000;
}
}
像這樣,安全連接通過端口 443 進入,通過 nginx 的證書驗證
ssl_certificate /etc/letsencrypt/live/funders-api.ninja/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/funders-api.ninja/privkey.pem; # managed by Certbot
然后您對 flask 應用程序正在偵聽的端口進行代理(一旦連接得到保護)。
這是我如何做的一個例子。 如果 nginx 是用證書來處理連接的,那么 nginx 需要監聽你建立連接的端口,然后將連接代理到你的 Z319C3206A7F10C17C3B469116D4A9576 應用程序。
如果您的請求是直接向 flask 應用程序發出的,則 nginx 不會執行任何操作,因為連接尚未通過它。
如果您有任何問題,請不要懷疑問我。
如何在Droplet Digital Ocean上使用Flask和Nginx更改HTML內容?
[英]How to change HTML content with Flask and Nginx on Droplet Digital Ocean?
如何通過Passenger / Nginx在數字海洋上部署Django / React / Webpack應用
[英]How to deploy Django/React/Webpack app on Digital Ocean through Passenger/Nginx
如何修復數字海洋 django 應用程序上的“413 請求實體太大”
[英]How to fix a “413 request entity too large” on digital ocean-django app
如何在Digital Ocean Droplet中安裝BeautifulSoup?
[英]How can I install BeautifulSoup in a Digital Ocean droplet?
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.
相關問題
如何在apache2(數字海洋)上運行Flask應用程序
如何在Droplet Digital Ocean上使用Flask和Nginx更改HTML內容?
如何在Digital Ocean上安裝python 2.7 mysql
如何將 fastapi api 部署到數字海洋水滴?
如何通過Passenger / Nginx在數字海洋上部署Django / React / Webpack應用
如何修復數字海洋 django 應用程序上的“413 請求實體太大”
Digital Ocean Django應用僅適用於Debug = True
如何在Digital Ocean Droplet中安裝BeautifulSoup?
如何顯示我部署在數字海洋上的網站的更新?
如何在 Digital Ocean 上設置 Python 游戲開發服務器?
相關標簽