Fatal编程技术网
  • django/
  • Django 如何在nginx中同时使用自签名和LetsEncrypt Certbot SSL证书?

Django 如何在nginx中同时使用自签名和LetsEncrypt Certbot SSL证书?

django nginx ssl server

Django 如何在nginx中同时使用自签名和LetsEncrypt Certbot SSL证书?,django,nginx,ssl,server,digital-ocean,Django,Nginx,Ssl,Server,Digital Ocean,我正在主持一个关于数字海洋的django网站。我希望使用带有自签名证书的https访问我网站的IP,因为Let's Encrypt不提供公共IP地址的证书。我遵循这一点,编写了一个nginx服务器块。我可以访问https://example-ip-address 与: server { listen 443 ssl; listen [::]:443 ssl; include /etc/nginx/snippets/self-signed.conf; include

我正在主持一个关于数字海洋的django网站。我希望使用带有自签名证书的https访问我网站的IP,因为Let's Encrypt不提供公共IP地址的证书。我遵循这一点,编写了一个nginx服务器块。我可以访问https://example-ip-address 与:

server {
    listen 443 ssl;
    listen [::]:443 ssl;
    include /etc/nginx/snippets/self-signed.conf;
    include /etc/nginx/snippets/ssl-params.conf;

    server_name 123.123.12.123;

    location = /favicon.ico { access_log off; log_not_found off; }
    location /static/ {
        root /home/user/djangotemplates;
    }

    location / {
        include /etc/nginx/proxy_params;
        proxy_pass http://unix:/run/gunicorn.sock;
    }

}


server {
    listen 80;
    listen [::]:80;

    server_name 123.123.12.123;

    return 301 https://$server_name$request_uri;
}
我可以通过以下方式访问并加密SSL证书,这是我编写的服务器块:

server {
    server_name www.example.com example.com;

    location = /favicon.ico { access_log off; log_not_found off; }
    location /static/ {
        root /home/user/djangotemplates;
    }

    location / {
        include proxy_params;
        proxy_pass http://unix:/run/gunicorn.sock;
    }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot



}

server {
    if ($host = www.example.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    if ($host = example.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    listen 80;
    server_name www.example.com example.com;
    return 404; # managed by Certbot




}
这里的问题是,当我将两个服务器块放入一个配置文件并访问https://example-ip-address,则连接不加密。但是,对于和,它工作得很好。知道这里出了什么问题吗

我刚刚在digital ocean上启动了django网站live,我收到了一封错误电子邮件“无效的HTTP_主机头:'123.123.12.123”。您可能需要将“123.123.12.123”添加到允许的_主机。因此,我在允许的_主机中添加了ip地址。我认为使用https访问ip地址更安全。

我建议您使用certbot而不是自签名证书