Nginx
在 Nginx 中設置 SSL 後出現超時錯誤
我的堆棧是前端帶有 Vue.js 的 Django-Rest-Framework。我將所有這些都執行在 Google Cloud 上的一個實例上(至少在我嘗試實施 SSL 之前它一直在執行),nginx 作為 Web 伺服器,Gunicorn 執行 Django 後端。
目前出現這樣的錯誤:
xhr.js:178 GET https://example.com:8000/api/.../.../ net::ERR_TIMED_OUT
這是我的 nginx.conf(在
/etc/nginx/sites-available/example.com.conf
):server { listen 80; server_name *.example.com; return 301 https://example.com$request_uri; } server { listen 443 default_server ssl; server_name example.com; ssl_certificate /etc/ssl/private/ssl-bundle.crt; ssl_certificate_key /etc/ssl/private/example.com.key; ssl_session_cache shared:SSL:20m; ssl_session_timeout 60m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; location / { alias /path/to/project/; try_files $uri $uri/ /index.html; } location /dist/ { root /path/to/project; } location ^~ /(api|rest-auth|admin)/ { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $host; proxy_pass https://0.0.0.0:8000; } }
我正在使用 axios 發出 xhr 請求,這是與此問題相關的標頭配置:
axios.defaults.xsrfCookieName = 'csrftoken' axios.defaults.xsrfHeaderName = 'X-CSRFToken' axios.defaults.baseURL = 'https://example.com:8000'
一些可能相關的 Django 設置:
ALLOWED_HOSTS =['www.example.com','example.com','127.0.0.1'] CORS_ORIGIN_ALLOW_ALL=True SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https') SECURE_SSL_REDIRECT = True CSRF_COOKIE_SECURE = True
我遇到的另一個問題是從 http -> https 的域轉發似乎不起作用(即我必須輸入https://example.com才能看到該站點)。
對於任何想知道的人,這不是防火牆問題。我最終確實讓這個工作與對 nginx 配置和其他一些東西的一些調整一起工作。在這裡發帖以防有人像我一樣偶然發現這個問題。
Django 配置
ALLOWED_HOSTS = ['.example.co']
axios 配置
axios.defaults.baseURL = 'https://example.co'
nginx.conf
upstream django-api { server 127.0.0.1:8000; } server { listen 80; server_name .example.com; return 301 https://example.co$request_uri; } server { gzip on; listen 443 default_server ssl; server_name example.co; add_header Strict-Transport-Security "max-age=31536000"; include SubDomains" always; ssl_certificate /etc/ssl/private/ssl-bundle.crt; ssl_certificate_key /etc/ssl/private/example.co.key; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:20m; ssl_session_timeout 60m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; location / { alias /path/to/project/; try_files $uri $uri/ /index.html; } location /dist/ { root /path/to/project/; } location /api/ { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $host; proxy_pass http://django-api; } location /rest-auth/ { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $host; proxy_pass http://django-api; } }