使用 ssl/nginx/gunicorn 在 vagrant box 中访问(django)应用程序的问题

Issue accessing a (django) app in a vagrant box with ssl / nginx /gunicorn

我正在使用 Ansible 部署 django/react 应用程序。我正在将它部署在开发 Digital Ocean 服务器上,一切都在这方面运行良好。我正在使用类似的过程将其部署在 Vagrant 盒子上……这是我遇到的麻烦。

我在从主机访问 vagrant 来宾计算机上的应用程序时遇到问题。我在下面详细说明配置(vagrant,nginx 文件)。

当我访问像 127.0.0.1:8443/time-series/ 这样的 url 时,nginx 正在响应 400 Bad Request The plain HTTP request was sent to HTTPS port。但是,当我访问 url 127.0.0.1:8080/time-series/ 时,我得到了一个响应 This site can’t be reached tsango’s server IP address could not be found。所以看起来 nginx 已经到达,但无法提供应用程序文件。

我使用 let's encrypt certificate for localhost 网页为 localhost 创建了 ssl crt/key。

你觉得我做的有什么问题吗?另外调试此类问题的好方法是什么?

Vagrantfile 是:

# -*- mode: ruby -*-
# vi: set ft=ruby :

# Vagrantfile API/syntax version. Don't touch unless you know what you're doing!
VAGRANTFILE_API_VERSION = "2"

Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
  config.vm.box = "ubuntu/bionic64"
  config.ssh.forward_agent = true
  config.vm.define "tsango", primary: true do |app|
    app.vm.hostname = "tsango"
#    app.vm.network "private_network", type: "dhcp"
    app.vm.network "forwarded_port", guest: 80, host: 8080
    app.vm.network "forwarded_port", guest: 443, host: 8443
  end

  config.vm.provider "virtualbox" do |vb|
    vb.customize ["modifyvm", :id, "--name", "Tsango", "--memory", "2048"]
  end

  # Ansible provisioner.
  config.vm.provision "ansible" do |ansible|
    ansible.playbook = "vagrant.yml"
    ansible.host_key_checking = false
    ansible.verbose = "vv"
  end
end

而 Nginx 配置文件是:

upstream tsango_wsgi_server {
  server unix:/webapps/tsango/run/gunicorn.sock fail_timeout=0;
}

server {
    listen      80;
    server_name tsango;
    server_tokens off;
    return 301  https://$server_name$request_uri;
}

server {
    listen              443 ssl;
    server_name         tsango;
    server_tokens       off;
        ssl_certificate     /etc/ssl/tsango.crt;
    ssl_certificate_key /etc/ssl/tsango.key;
        ssl_protocols       TLSv1.2;
    ssl_ciphers         'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
    ssl_prefer_server_ciphers on;

    # Prevent MIME type sniffing for security
    add_header X-Content-Type-Options "nosniff";

    # Enable XSS Protection in case user's browser has disabled it
    add_header X-XSS-Protection "1; mode=block";

    client_max_body_size 4G;

    access_log /webapps/tsango/logs/nginx_access.log;
    error_log /webapps/tsango/logs/nginx_error.log;

    location /static/ {
        alias   /webapps/tsango/static/;
    }

    location /media/ {
        alias   /webapps/tsango/media/;
    }

    location / {
        if (-f /webapps/tsango/maintenance_on.html) {
            return 503;
        }

        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto https;
        proxy_set_header Host $http_host;
        proxy_redirect off;

        # Try to serve static files from nginx, no point in making an
        # *application* server like Unicorn/Rainbows! serve static files.
        if (!-f $request_filename) {
            proxy_pass http://tsango_wsgi_server;
            break;
        }
    }

    # Error pages
    error_page 500 502 504 /500.html;
    location = /500.html {
        root /webapps/tsango/tsango/tsango/templates/;
    }

    error_page 503 /maintenance_on.html;
    location = /maintenance_on.html {
        root /webapps/tsango/;
    }
}

我发现了问题:我创建的 ssl 本地证书被命名为 localhost 而不是 tsango