使用ssl/nginx/gunicorn访问流浪者盒子中的(django)应用程序时出现问题
我正在使用Ansible部署django/react应用程序。我正在开发数字海洋服务器上部署它,在这方面一切都很好。我正在使用类似的过程将其部署到一个流浪者盒子上。。。这是我遇到的麻烦 我无法从主机访问流浪客计算机上的应用程序。我在下面详细介绍了配置(vagrant、nginx文件) 当我访问像使用ssl/nginx/gunicorn访问流浪者盒子中的(django)应用程序时出现问题,django,ssl,nginx,vagrant,Django,Ssl,Nginx,Vagrant,我正在使用Ansible部署django/react应用程序。我正在开发数字海洋服务器上部署它,在这方面一切都很好。我正在使用类似的过程将其部署到一个流浪者盒子上。。。这是我遇到的麻烦 我无法从主机访问流浪客计算机上的应用程序。我在下面详细介绍了配置(vagrant、nginx文件) 当我访问像127.0.0.1:8443/time-series/这样的url时,nginx用400错误请求进行响应。普通HTTP请求被发送到HTTPS端口。但是,当我访问url127.0.0.1:8080/time
127.0.0.1:8443/time-series/
这样的url时,nginx用400错误请求进行响应。普通HTTP请求被发送到HTTPS端口。但是,当我访问url127.0.0.1:8080/time-series/
时,我有一个响应无法访问此站点,因为找不到tsango的服务器IP地址
。因此,nginx似乎已经到达,但无法为应用程序文件提供服务
我使用let's encrypt web page为localhost
创建了ssl crt/密钥
你认为我所做的有什么不对?还有,调试此类问题的好方法是什么?
该文件是:
# -*- mode: ruby -*-
# vi: set ft=ruby :
# Vagrantfile API/syntax version. Don't touch unless you know what you're doing!
VAGRANTFILE_API_VERSION = "2"
Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
config.vm.box = "ubuntu/bionic64"
config.ssh.forward_agent = true
config.vm.define "tsango", primary: true do |app|
app.vm.hostname = "tsango"
# app.vm.network "private_network", type: "dhcp"
app.vm.network "forwarded_port", guest: 80, host: 8080
app.vm.network "forwarded_port", guest: 443, host: 8443
end
config.vm.provider "virtualbox" do |vb|
vb.customize ["modifyvm", :id, "--name", "Tsango", "--memory", "2048"]
end
# Ansible provisioner.
config.vm.provision "ansible" do |ansible|
ansible.playbook = "vagrant.yml"
ansible.host_key_checking = false
ansible.verbose = "vv"
end
end
而Nginx配置文件是:
upstream tsango_wsgi_server {
server unix:/webapps/tsango/run/gunicorn.sock fail_timeout=0;
}
server {
listen 80;
server_name tsango;
server_tokens off;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name tsango;
server_tokens off;
ssl_certificate /etc/ssl/tsango.crt;
ssl_certificate_key /etc/ssl/tsango.key;
ssl_protocols TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
ssl_prefer_server_ciphers on;
# Prevent MIME type sniffing for security
add_header X-Content-Type-Options "nosniff";
# Enable XSS Protection in case user's browser has disabled it
add_header X-XSS-Protection "1; mode=block";
client_max_body_size 4G;
access_log /webapps/tsango/logs/nginx_access.log;
error_log /webapps/tsango/logs/nginx_error.log;
location /static/ {
alias /webapps/tsango/static/;
}
location /media/ {
alias /webapps/tsango/media/;
}
location / {
if (-f /webapps/tsango/maintenance_on.html) {
return 503;
}
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Host $http_host;
proxy_redirect off;
# Try to serve static files from nginx, no point in making an
# *application* server like Unicorn/Rainbows! serve static files.
if (!-f $request_filename) {
proxy_pass http://tsango_wsgi_server;
break;
}
}
# Error pages
error_page 500 502 504 /500.html;
location = /500.html {
root /webapps/tsango/tsango/tsango/templates/;
}
error_page 503 /maintenance_on.html;
location = /maintenance_on.html {
root /webapps/tsango/;
}
}
我发现了问题:我创建的ssl本地证书名为localhost
,而不是tsango