Warning: file_get_contents(/data/phpspider/zhask/data//catemap/0/docker/10.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Python 使用Nginx和HTTPS运行Flask应用程序_Python_Docker_Nginx_Flask_Gunicorn - Fatal编程技术网
Fatal编程技术网
  • python/
  • Python 使用Nginx和HTTPS运行Flask应用程序

Python 使用Nginx和HTTPS运行Flask应用程序

python docker nginx flask

Python 使用Nginx和HTTPS运行Flask应用程序,python,docker,nginx,flask,gunicorn,Python,Docker,Nginx,Flask,Gunicorn,我需要运行一个带有https的Flask应用程序 为了配置SSL,我使用这个示例作为基础 带有HTTPS的Nginx用于示例html文件 但我无法正确更改设置以运行我的web应用程序 我正在使用以下命令运行应用程序 ENTRYPOINT ["gunicorn", "-b", "0.0.0.0:5000", "--log-level", "INFO", "manage: app"] Dockerfile ... COPY . /app WORKDIR /app RUN pip install

我需要运行一个带有https的Flask应用程序

为了配置SSL,我使用这个示例作为基础

带有HTTPS的Nginx用于示例html文件

但我无法正确更改设置以运行我的web应用程序

我正在使用以下命令运行应用程序

ENTRYPOINT ["gunicorn", "-b", "0.0.0.0:5000", "--log-level", "INFO", "manage: app"]
Dockerfile

...

COPY . /app
WORKDIR /app
RUN pip install -r requirements.txt

ENV FLASK_ENV=docker
EXPOSE 5000

ENTRYPOINT [ "gunicorn", "-b", "0.0.0.0:5000", "--log-level", "INFO", "manage:app" ]
这就是我的nginx配置文件现在的样子

.conf nginx

server {
    listen      80;
    listen [::]:80;
    server_name site-address.com;
    root /usr/share/nginx/html;

    location / {
        rewrite ^ https://$host$request_uri? permanent;
    }




    #for certbot challenges (renewal process)
    location ~ /.well-known/acme-challenge {
        allow all;
        root /data/letsencrypt;
    }
}


#https://site-address.com

upstream backend {
        ip_hash;

        server 0.0.0.0:5000;

        keepalive 20;
}

server {
    server_name site-address.com;
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_tokens off;

    ssl on;

    ssl_buffer_size 8k;
    ssl_dhparam /etc/ssl/certs/dhparam-2048.pem;

    ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
    ssl_prefer_server_ciphers on;
    ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;

    ssl_ecdh_curve secp384r1;
    ssl_session_tickets off;

    # OCSP stapling
    ssl_stapling on;
    ssl_stapling_verify on;
    resolver 8.8.8.8 8.8.4.4;

    ssl_certificate /etc/letsencrypt/live/site-address.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/site-address.com/privkey.pem;


    #location / {

    #### as a precaution I disabled the security settings if any of them could be interfering with the process


    #    #security headers
    #    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
    #    add_header X-XSS-Protection "1; mode=block" always;
    #    add_header X-Content-Type-Options "nosniff" always;
    #    add_header X-Frame-Options "DENY" always;
    #    #CSP
    #    add_header Content-Security-Policy "frame-src 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://ajax.googleapis.com; img-src 'self'; style-src 'self' https://maxcdn.bootstrapcdn.com; font-src 'self' data: https://maxcdn.bootstrapcdn.com; form-action 'self'; upgrade-insecure-requests;" always;
    #    add_header Referrer-Policy "strict-origin-when-cross-origin" always;

    #}

    ### this was the addition I made, but it didn't work


    location / {
        proxy_pass https://backend;

        proxy_pass_header Server;
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Scheme $scheme;
        proxy_set_header X-Forwarded-Proto $scheme;

        proxy_ssl_protocols TLSv1.2;
        proxy_ssl_ciphers ECDH+AESGCM;
        proxy_ssl_session_reuse on;
    }

}
我想知道如何更改设置以使用https运行我的应用程序

回溯

sudo docker logs production-nginx-container

2019/10/08 18:42:10 [warn] 1#1: the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/conf.d/default.conf:74

nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/conf.d/default.conf:74

2019/10/08 18:42:49 [error] 6#6: *1 connect() failed (111: Connection refused) while connecting to upstream, client: X.X.X.X, server: url-server.com, request: "GET / HTTP/2.0", upstream: "https://0.0.0.0:5000/", host: "url-server.com"

X.X.X.X - - [08/Oct/2019:18:42:49 +0000] "GET / HTTP/2.0" 502 552 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.90 Safari/537.36" "-"

2019/10/08 18:42:49 [error] 6#6: *1 connect() failed (111: Connection refused) while connecting to upstream, client: X.X.X.X, server: url-server.com, request: "GET /favicon.ico HTTP/2.0", upstream: "https://0.0.0.0:5000/favicon.ico", host: "url-server.com", referrer: "https://url-server.com/"

X.X.X.X - - [08/Oct/2019:18:42:49 +0000] "GET /favicon.ico HTTP/2.0" 502 552 "https://url-server.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.90 Safari/537.36" "-"
在console/terminal/cmd.exe中运行时是否会收到错误消息?始终将完整的错误消息(从单词“Traceback”开始)作为文本(而不是屏幕截图)进行讨论(不是评论)。还有其他有用的信息。@furas当前未运行,只是重新启动。我不能让它与uwsgi一起工作我希望我能使用gunicorn,并弄清楚如何在nginx上设置它我想你想在nginx中终止SSL,只在后端使用http我需要https@Carl@Guilherme您只需要在nginx而不是gunicorn中使用它,请尝试将proxy_pass更改为http://backend;