我有一个开箱即用的devpi 服务器正在运行http://。
我需要让它继续工作https://。
我已经拥有该域名的证书。
我关注了devpi 文档对于 nginx-site-config,并创建了/etc/nginx/conf.d/domain.conf包含server{}指向我的证书的块的文件(下面摘录)。
但是,我devpi-server --start --init完全忽略了任何/所有的 nginx 配置。
如何让 devpi-server 使用 nginx 配置?这有可能吗,还是我完全没理解重点?
/etc/nginx/conf.d/domain.conf文件内容:
server {
server_name localhost $hostname "";
listen 8081 ssl default_server;
listen [::]:8081 ssl default_server;
server_name domain;
ssl_certificate /root/certs/domain/domain.crt;
ssl_certificate_key /root/certs/domain/domain.key;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH;
gzip on;
gzip_min_length 2000;
gzip_proxied any;
gzip_types application/json;
proxy_read_timeout 60s;
client_max_body_size 64M;
# set to where your devpi-server state is on the filesystem
root /root/.devpi/server;
# try serving static files directly
location ~ /\+f/ {
# workaround to pass non-GET/HEAD requests through to the named location below
error_page 418 = @proxy_to_app;
if ($request_method !~ (GET)|(HEAD)) {
return 418;
}
expires max;
try_files /+files$uri @proxy_to_app;
}
# try serving docs directly
location ~ /\+doc/ {
try_files $uri @proxy_to_app;
}
location / {
# workaround to pass all requests to / through to the named location below
error_page 418 = @proxy_to_app;
return 418;
}
location @proxy_to_app {
proxy_pass https://localhost:8081;
proxy_set_header X-outside-url $scheme://$host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto https;
}
}
答案1
Devpi 对 Nginx 一无所知,它只会提供 HTTP 流量。当我们想通过 HTTPS 与 Web 应用交互时,作为客户端,我们需要与可以处理它的前端(Nginx)对话,而前端又会与我们的 Web 应用通信。Nginx 的这个应用程序被称为反向代理。作为反向代理,我们还可以从 Nginx 提供静态文件的能力中受益,它比让我们的 Web 应用自己提供静态文件的能力更高效(因此“尝试服务...”位置块)。
以下是我为 devpi 使用的完整 Nginx 配置。请注意,这是/etc/nginx/nginx.conf一个文件,而不是像您这样的域配置,因为我正在使用 compose 在 docker 中运行 Nginx 和 Devpi,但您应该能够提取所需的内容:
worker_processes 1;
events {
worker_connections 1024;
}
http {
# Define the location for devpi
upstream pypi-backend {
server localhost:8080;
}
# Redirect HTTP to HTTPS
server {
listen 80;
listen [::]:80;
server_name _;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name example.co.uk; # This is the accessing address eg. https://example.co.uk
root /devpi/server; # This is where your devpi server directory is
gzip on;
gzip_min_length 2000;
gzip_proxied any;
proxy_read_timeout 60s;
client_max_body_size 64M;
ssl_certificate /etc/nginx/certs/cert.crt; Path to certificate
ssl_certificate_key /etc/nginx/certs/cert.key; Path to certificate key
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/pypi.access.log;
# try serving static files directly
location ~ /\+f/ {
error_page 418 = @pypi_backend;
if ($request_method !~ (GET)|(HEAD)) {
return 418;
}
expires max;
try_files /+files$uri @pypi_backend;
}
# try serving docs directly
location ~ /\+doc/ {
try_files $uri @pypi_backend;
}
location / {
error_page 418 = @pypi_backend;
return 418;
}
location @pypi_backend {
proxy_pass http://pypi-backend; # Using the upstream definition
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-outside-url $scheme://$host:$server_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
}
}
使用这个配置的 Nginx 和在 上运行的 devpi http://localhost:8080,你应该能够使用https://localhost合适的 DNS 访问 或 使用你的机器https://example.co.uk。请求将是:
client (HTTPS) > Nginx (HTTP) > devpi (HTTP) > Nginx (HTTPS) > client
这也意味着您需要确保 Nginx 正在运行,因为 devpi start 不会知道更多。您至少应该看到一个 Nginx 欢迎页面。