nginx相关配置

2019-11-21 21:25:51 浏览数 (1)

重定向新旧域名

代码语言:javascript复制
server_name www.superpig.win www.yinzihao.com.cn;
if ($host != 'www.superpig.win' ) {
    rewrite ^/(.*)$ http://www.superpig.win/$1
    permanent;
}

解除上传限制

修改配置文件,加入

代码语言:javascript复制
    client_body_buffer_size     10M;
    #client_body_temp_path       /tmp 1 2
    client_max_body_size        50M;

对静态文件进行处理

代码语言:javascript复制
location /static {
    autoindex on;
    alias /home/yzh/workspace/dazhu0804/dazhu/static;
}

对django网站使用证书

后台用gunicorn启动

gunicorn --bind=0.0.0.0:8000 dazhu.wsgi:application

配置Nginx

参考配置文件如下

代码语言:javascript复制
upstream  dzapp {
    server 127.0.0.1:8000;
}

server {
    listen      80;
    server_tokens       off;
    # access_log  /var/log/nginx/web2.access.log main;
    server_name 10.67.54.227;
    #server_name www.superpig.win  www.yinzihao.com.cn;
    #if ($host != 'www.superpig.win' ) {
    #rewrite ^/(.*)$ http://www.superpig.win/$1 permanent;
    #}


    location ^~ /admin {
        rewrite ^ https://$server_name:443$request_uri? permanent;
    }

    location /static {
           autoindex on;
           alias /home/yzh/workspace/dazhu/dazhu/static;
    }

    location / {
        proxy_pass http://dzapp;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_next_upstream http_500 http_502 http_503 error timeout invalid_header;
    }
}

server {
    listen 443 ssl;
    server_name 10.67.54.227;
    ssl on;
    ssl_certificate /home/yzh/workspace/dazhu/keys/dazhu.cert;
    ssl_certificate_key /home/yzh/workspace/dazhu/keys/dazhu.key;
    ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers ALL:!ADH:!EXPORT56:RC4 RSA: HIGH: MEDIUM: LOW: SSLv2: EXP;
    ssl_prefer_server_ciphers on;
    location ^~ /admin {
        proxy_pass  http://dzapp;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_redirect     off; 
        ### Most PHP, Python, Rails, Java App can use this header -> https ###
        proxy_set_header X-Forwarded-Proto  $scheme;
    }

    location /static {
           autoindex on;
           alias /home/yzh/workspace/dazhu/dazhu/static;
    }

    location / {
        rewrite  ^  http://$server_name$request_uri? permanent;
    }
}
上面的配置太复杂,其实可以把重复部分用一个文件include
代码语言:javascript复制
location ^~ /admin {
       include /etc/nginx/dazhu_proxy.conf;
    }

dazhu_proxy.conf

代码语言:javascript复制
proxy_pass  http://dzapp;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect     off;
### Most PHP, Python, Rails, Java App can use this header -> https ###
proxy_set_header X-Forwarded-Proto  $scheme;

生成dazhu.cert和dazhu.key

代码语言:javascript复制
openssl genrsa 1024 > dazhu.key
openssl req -new -x509 -nodes -sha1 -days 365 -key dazhu.key > dazhu.cert

注意填写common name的时候,和Org name的时候填域名,否则出错。

django bind gunicorn include key

0 人点赞