我有一个安装了SSL证书的nginx服务器。 我想通过任何请求上游到我的运行在0.0.0.0:8000 Gunicorn服务器。 但是,每当我运行Gunicorn服务器,它给我一个错误,说有太多的redirect循环。 如果我通过https运行gunicorn,那么连接将变得安全,但它不会连接到gunicorn服务器,它只会说bad gateway 。 另外,这里是我尝试连接时运行gunicorn与https的错误:
Traceback (most recent call last): File "/opt/bitnami/python/lib/python2.7/site-packages/gunicorn/arbiter.py", line 515, in spawn_worker worker.init_process() File "/opt/bitnami/python/lib/python2.7/site-packages/gunicorn/workers/base.py", line 126, in init_process self.run() File "/opt/bitnami/python/lib/python2.7/site-packages/gunicorn/workers/sync.py", line 119, in run self.run_for_one(timeout) File "/opt/bitnami/python/lib/python2.7/site-packages/gunicorn/workers/sync.py", line 66, in run_for_one self.accept(listener) File "/opt/bitnami/python/lib/python2.7/site-packages/gunicorn/workers/sync.py", line 30, in accept self.handle(listener, client, addr) File "/opt/bitnami/python/lib/python2.7/site-packages/gunicorn/workers/sync.py", line 141, in handle self.handle_error(req, client, addr, e) File "/opt/bitnami/python/lib/python2.7/site-packages/gunicorn/workers/base.py", line 213, in handle_error self.log.exception("Error handling request %s", req.uri) AttributeError: 'NoneType' object has no attribute 'uri' [2016-01-01 15:37:45 +0000] [935] [INFO] Worker exiting (pid: 935) [2016-01-01 20:37:45 +0000] [938] [INFO] Booting worker with pid: 938 [2016-01-01 15:37:46 +0000] [938] [ERROR] Exception in worker process:
这是我的nginxconfiguration:
server { # port to listen on. Can also be set to an IP:PORT listen 80; listen 443 ssl; ssl_certificate /etc/ssl/pyhub_crt.crt; ssl_certificate_key /etc/ssl/pyhub.key; server_name www.pyhub.co; server_name_in_redirect off; access_log /opt/bitnami/nginx/logs/access.log; error_log /opt/bitnami/nginx/logs/error.log; location /E0130777F7D5B855A4C5DEB138808515.txt { root /home/bitnami; } location / { proxy_pass_header Server; proxy_set_header Host $host; proxy_set_header X-Scheme $scheme; proxy_set_header X-SSL-Protocal $ssl_protocol; proxy_connect_timeout 10; proxy_read_timeout 10; proxy_redirect http:// $scheme://; proxy_pass http://localhost:8000; }
如果gunicorn绑定到0.0.0.0,它就绑定到所有的接口,因此它已经暴露在外部接口。 如果nginx尝试绑定到同一个端口上的任何接口,它将会失败。
Gunicorn应该绑定到特定的IP或更好的127.0.0.1,所以它只绑定到内部IP。
Sesond,你说你想通过https到gunicorn,但交通是用SSL保护你的代理有证书,那是ngninx。 在那之后,stream量在内部是清楚的(即它是http)到gunicorn,除非你也在gunicorn上设置了SSL。
所以,你的nginxconfiguration应该有:
我的SSL的nginx代理configuration是这样的:
upstream website { ip_hash; # for sticky sessions, more below server website:8000 max_fails=1 fail_timeout=10s; } server { # only listen to https here listen 443 ssl http2; listen [::]:443 ssl http2; server_name yourdomain.here.com; access_log /var/log/nginx/yourdomain.here.com.access.log; error_log /var/log/nginx/yourdomain.here.com.error.log; ssl on; ssl_certificate /etc/nginx/certs/ca-cert.chained.crt; ssl_certificate_key /etc/nginx/certs/cert.key; ssl_session_cache shared:SSL:5m; ssl_session_timeout 10m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; #ssl_dhparam /etc/nginx/certs/dhparams.pem; # use the line above if you generated a dhparams file ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; ssl_buffer_size 8k; location / { proxy_pass http://website; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_http_version 1.1; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto http; proxy_redirect http:// $scheme://; } } # redirect http to https here server { listen 80; listen [::]:80; server_name yourdomain.here.com; return 301 https://$server_name/; }
尝试这个:
upstream app_server { server 127.0.0.1:8000 fail_timeout=0; } server { # port to listen on. Can also be set to an IP:PORT listen 80; listen 443 ssl; ssl_certificate /etc/ssl/pyhub_crt.crt; ssl_certificate_key /etc/ssl/pyhub.key; server_name www.pyhub.co; server_name_in_redirect off; access_log /opt/bitnami/nginx/logs/access.log; error_log /opt/bitnami/nginx/logs/error.log; location /E0130777F7D5B855A4C5DEB138808515.txt { root /home/bitnami; } location / { try_files @proxy_to_app; } location @proxy_to_app { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_redirect off; proxy_pass http://app_server; proxy_pass_header Server; proxy_set_header Host $host; proxy_set_header X-Scheme $scheme; proxy_set_header X-SSL-Protocol $ssl_protocol; } }
请注意,这将(正确)在nginx而不是gunicorn终止SSL。 您还在X-SSL-Protocal拼写了X-SSL-Protocal ; 固定在我的例子:)
在这里查看关于使用nginx部署gunicorn规范信息。
我应该很久以前发布了这个答案,因为我的网站已经工作了很长一段时间了。 但是,这是我如何让我的configuration工作。
在用Nginxconfiguration摆弄了很多之后,我感到非常沮丧,放弃了。 所以,我删除了这个服务器,创build了一个新的服务器,并安装了所有的东西,并从托pipe它的存储库克隆了我的网站的源代码。 做完这个之后,我使用这个Nginxconfiguration来工作:
upstream djangosite { server 127.0.0.1:8000 fail_timeout=2s; } server { # port to listen on. Can also be set to an IP:PORT listen 443 ssl; server_name pyhub.co; ssl_certificate /etc/ssl/pyhub.crt; ssl_certificate_key /etc/ssl/pyhub.key; location / { proxy_pass http://djangosite; } server { listen 80; server_name pyhub.co; return 301 https://$server_name$request_uri; }
到目前为止,我仍然不知道是什么原因导致了我的configuration问题,或者为什么我必须重新安装另一台服务器,但是我很高兴它可以正常工作。 我会select已经提供的两个优秀答案之一,但没有一个给我解决scheme,我不想select我自己的,因为我相信这是太具体的问题,我有select这个答案可能将来不能帮助很多人。