Nginx

在 Nginx 中設置 SSL 後出現超時錯誤

  • January 13, 2018

我的堆棧是前端帶有 Vue.js 的 Django-Rest-Framework。我將所有這些都執行在 Google Cloud 上的一個實例上(至少在我嘗試實施 SSL 之前它一直在執行),nginx 作為 Web 伺服器,Gunicorn 執行 Django 後端。

目前出現這樣的錯誤:

xhr.js:178 GET https://example.com:8000/api/.../.../ net::ERR_TIMED_OUT

這是我的 nginx.conf(在/etc/nginx/sites-available/example.com.conf):

server {
       listen 80;
       server_name *.example.com;
       return 301 https://example.com$request_uri;
}
server {
       listen 443 default_server ssl;
       server_name example.com;

       ssl_certificate /etc/ssl/private/ssl-bundle.crt;
       ssl_certificate_key /etc/ssl/private/example.com.key;

       ssl_session_cache shared:SSL:20m;
       ssl_session_timeout 60m;
       ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

       location / {
               alias /path/to/project/;
               try_files $uri $uri/ /index.html;
       }
       location /dist/ {
               root /path/to/project;
       }
       location ^~ /(api|rest-auth|admin)/ {
               proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
               proxy_set_header X-Forwarded-Proto $scheme;
               proxy_set_header Host $host;
               proxy_pass https://0.0.0.0:8000;
       }
}

我正在使用 axios 發出 xhr 請求,這是與此問題相關的標頭配置:

axios.defaults.xsrfCookieName = 'csrftoken'
axios.defaults.xsrfHeaderName = 'X-CSRFToken'
axios.defaults.baseURL = 'https://example.com:8000'

一些可能相關的 Django 設置:

ALLOWED_HOSTS =['www.example.com','example.com','127.0.0.1']
CORS_ORIGIN_ALLOW_ALL=True
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
SECURE_SSL_REDIRECT = True
CSRF_COOKIE_SECURE = True

我遇到的另一個問題是從 http -> https 的域轉發似乎不起作用(即我必須輸入https://example.com才能看到該站點)。

對於任何想知道的人,這不是防火牆問題。我最終確實讓這個工作與對 nginx 配置和其他一些東西的一些調整一起工作。在這裡發帖以防有人像我一樣偶然發現這個問題。

Django 配置

ALLOWED_HOSTS = ['.example.co']

axios 配置

axios.defaults.baseURL = 'https://example.co'

nginx.conf

upstream django-api {
       server 127.0.0.1:8000;
}

server {
       listen 80;
       server_name .example.com;
       return 301 https://example.co$request_uri;
}

server {
       gzip on;

       listen 443 default_server ssl;

       server_name example.co;

       add_header Strict-Transport-Security "max-age=31536000"; include
       SubDomains" always;
       ssl_certificate /etc/ssl/private/ssl-bundle.crt;
       ssl_certificate_key /etc/ssl/private/example.co.key;

       ssl_prefer_server_ciphers on;
       ssl_session_cache shared:SSL:20m;
       ssl_session_timeout 60m;

       ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

       location / {
               alias /path/to/project/;
               try_files $uri $uri/ /index.html;
       }

       location /dist/ {
               root /path/to/project/;
       }

       location /api/ {
               proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
               proxy_set_header X-Forwarded-Proto $scheme;
               proxy_set_header Host $host;
               proxy_pass http://django-api;
       }

       location /rest-auth/ {
               proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
               proxy_set_header X-Forwarded-Proto $scheme;
               proxy_set_header Host $host;
               proxy_pass http://django-api;
       }

}

引用自:https://serverfault.com/questions/890968