生成 HTTP 链接而不是 HTTPS,但 SSL 有效,如何解决?
Generate HTTP links instead HTTPS, but SSL is working, how to fix?
Jinja2 生成 HTTP 链接,而不是 HTTPS,HTTPS 正在工作,我也设置了 base 标记,但无法理解问题出在哪里。
Docker 文件
FROM python:3.9.5
COPY ./gmcrm /app/src
COPY ./ssl /app/ssl
COPY ./poetry.lock /app
COPY ./pyproject.toml /app
WORKDIR /app
RUN pip3 install poetry
RUN poetry config virtualenvs.create false
RUN poetry install --no-dev --no-interaction --no-ansi
RUN pip3 install gunicorn uvloop httptools
EXPOSE 8080
WORKDIR /app/src
ENV ACCESS_LOG=${ACCESS_LOG:-/proc/1/fd/1}
ENV ERROR_LOG=${ERROR_LOG:-/proc/1/fd/2}
ENTRYPOINT /usr/local/bin/gunicorn \
-b 0.0.0.0:8080 \
-w 4 \
-k uvicorn.workers.UvicornWorker main:app \
--keyfile=/app/ssl/example.key \
--certfile=/app/ssl/example.crt \
--chdir /app/src \
--access-logfile "$ACCESS_LOG" \
--error-logfile "$ERROR_LOG"
NGINX 配置(在 docker 中)
upstream app_server {
# fail_timeout=0 means we always retry an upstream even if it failed
# to return a good HTTP response
# for UNIX domain socket setups
#server unix:/tmp/gunicorn.sock fail_timeout=0;
# for a TCP configuration
server gmcrm:8080 fail_timeout=0;
}
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen *:443 ssl;
listen [::]:443;
server_name example;
# SSL
ssl_certificate /etc/nginx/ssl-stuff/example.crt;
ssl_certificate_key /etc/nginx/ssl-stuff/example.key;
# security
include nginxconfig.io/security.conf;
# additional config
include nginxconfig.io/general.conf;
}
# subdomains redirect
server {
listen *:443 ssl;
listen [::]:443;
server_name *.example;
# SSL
ssl_certificate /etc/nginx/ssl-stuff/example.crt;
ssl_certificate_key /etc/nginx/ssl-stuff/example.key;
return 301 https://example$request_uri;
}
# HTTP redirect
server {
listen *:80;
listen [::]:80;
server_name *.example;
return 301 https://example$request_uri;
}
一般文件配置
# favicon.ico
location = /favicon.ico {
log_not_found off;
access_log off;
}
# robots.txt
location = /robots.txt {
log_not_found off;
access_log off;
}
location / {
try_files $uri @proxy_to_app;
}
location @proxy_to_app {
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_redirect off;
proxy_pass http://app_server;
}
# gzip
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;
需要将此 header 添加到我的 conf
proxy_set_header X-Forwarded-Protocol $scheme;
Jinja2 生成 HTTP 链接,而不是 HTTPS,HTTPS 正在工作,我也设置了 base 标记,但无法理解问题出在哪里。
Docker 文件
FROM python:3.9.5
COPY ./gmcrm /app/src
COPY ./ssl /app/ssl
COPY ./poetry.lock /app
COPY ./pyproject.toml /app
WORKDIR /app
RUN pip3 install poetry
RUN poetry config virtualenvs.create false
RUN poetry install --no-dev --no-interaction --no-ansi
RUN pip3 install gunicorn uvloop httptools
EXPOSE 8080
WORKDIR /app/src
ENV ACCESS_LOG=${ACCESS_LOG:-/proc/1/fd/1}
ENV ERROR_LOG=${ERROR_LOG:-/proc/1/fd/2}
ENTRYPOINT /usr/local/bin/gunicorn \
-b 0.0.0.0:8080 \
-w 4 \
-k uvicorn.workers.UvicornWorker main:app \
--keyfile=/app/ssl/example.key \
--certfile=/app/ssl/example.crt \
--chdir /app/src \
--access-logfile "$ACCESS_LOG" \
--error-logfile "$ERROR_LOG"
NGINX 配置(在 docker 中)
upstream app_server {
# fail_timeout=0 means we always retry an upstream even if it failed
# to return a good HTTP response
# for UNIX domain socket setups
#server unix:/tmp/gunicorn.sock fail_timeout=0;
# for a TCP configuration
server gmcrm:8080 fail_timeout=0;
}
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen *:443 ssl;
listen [::]:443;
server_name example;
# SSL
ssl_certificate /etc/nginx/ssl-stuff/example.crt;
ssl_certificate_key /etc/nginx/ssl-stuff/example.key;
# security
include nginxconfig.io/security.conf;
# additional config
include nginxconfig.io/general.conf;
}
# subdomains redirect
server {
listen *:443 ssl;
listen [::]:443;
server_name *.example;
# SSL
ssl_certificate /etc/nginx/ssl-stuff/example.crt;
ssl_certificate_key /etc/nginx/ssl-stuff/example.key;
return 301 https://example$request_uri;
}
# HTTP redirect
server {
listen *:80;
listen [::]:80;
server_name *.example;
return 301 https://example$request_uri;
}
一般文件配置
# favicon.ico
location = /favicon.ico {
log_not_found off;
access_log off;
}
# robots.txt
location = /robots.txt {
log_not_found off;
access_log off;
}
location / {
try_files $uri @proxy_to_app;
}
location @proxy_to_app {
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_redirect off;
proxy_pass http://app_server;
}
# gzip
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;
需要将此 header 添加到我的 conf
proxy_set_header X-Forwarded-Protocol $scheme;