我有几个 URL,例如https://server_name/projectname/,现在的问题是,如果我在浏览器中输入此 URL,Django(或 Nginx)会将我重定向到https://server_name/,但该 URL 并不存在。实际上,它应该将我重定向到https://server_name/projectname/。现在的问题是,我该如何让 Django(或 Nginx)做到这一点,我真的不知道问题出在 Django 还是 Nginx 配置中。我已在 settings.py 中尝试 FORCE_SCRIPT_NAME='/projectname',但对于所有 URL(例如)都没有帮助https://server_name/projectname/admin。顺便说一句,在将 HTTP 更改为 HTTPs 之前,它运行得很好。
sites-available/project_name 中的 Nginx 配置
upstream project_name_app{
server unix:/home/webapps/project_name/run/gunicorn.sock fail_timeout=0;
}
server {
listen 127.0.0.1:100;
server_name servername;
fastcgi_read_timeout 1600;
proxy_connect_timeout 1600;
proxy_send_timeout 1600;
proxy_read_timeout 1600;
send_timeout 1600;
client_max_body_size 4G;
access_log /home/webapps/projectname/logs/nginx-access.log;
error_log /home/webapps/projectname/logs/nginx-error.log;
location /static/ {
alias /home/webapps/projectname/project_name/static/;
}
location /media/ {
alias /home/webapps/projectname/project_name/media/;
}
location /{
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
if (!-f $request_filename) {
proxy_pass http://project_name_app;
break;
}
}
# Error pages
error_page 500 502 503 504 /500.html;
location = /404.html {
root /home/webapps/projectname/project_name/templates/;
}
}
Nginx 反向代理配置:
server {
listen 80;
server_name servername;
# https redirect
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl on;
ssl_certificate ...;
ssl_certificate_key ...;
root /home/webapps/landing/landing;
index index.html;
# Improve HTTPS performance with session resumption
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
# Enable server-side protection against BEAST attacks
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "ddfdf";
# RFC-7919 recommended: https://wiki.mozilla.org/Security/Server_Side_TLS#ffdhe4096
ssl_dhparam /;
ssl_ecdh_curve /;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
# ref: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
# add_header X-Frame-Options DENY always;
add_header X-Frame-Options SAMEORIGIN;
# ref: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
add_header X-Content-Type-Options nosniff always;
# ref: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
add_header X-Xss-Protection "1; mode=block" always;
# Reverse Proxy
include /etc/nginx/sites-available/reverse-proxy.conf;
}
并在最后一行包含代理反向:
location /projectname/ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_redirect off;
proxy_set_header Accept-Encoding "";
proxy_read_timeout 1000;
proxy_connect_timeout 1000;
proxy_send_timeout 1000;
proxy_pass http://localhost:100/;
sub_filter '="/' '="/projectname/';
sub_filter_once off;
}
Django 中的主 URL
urlpatterns = [
path('', include('pages.urls')),
path('dashboards/', include('dashboards.urls')),
path('django_plotly_dash/', include('django_plotly_dash.urls')),
re_path('admin/', admin.site.urls),
]
页面网址
urlpatterns = [
path('', views.index, name='index-pages'),
re_path(r'^login/$', views.login_page, name='login'),
re_path(r'^logout/$', views.logout_user, name='logout'),
]
仪表板网址
urlpatterns = [
path('dashboard/', views.dashboard, name='dashboard'),
]
答案1
Django 很好地支持 SCRIPT_NAME。无论是在配置中强制执行、由 WSGI 服务器发送还是通过任何反向代理传递,它都可以自行工作。只有在使用软件时,才需要或希望通过各种手段来隐藏应用程序的路径前缀不是支持植根于子文件夹。
配置MEDIA_URL&并从 nginx 配置中STATIC_URL删除sub_filter/sub_filter_once行和尾部斜杠。这将proxy_pass发送路径包括前缀交给 gunicorn,Django 就能处理它了。
我还强烈建议消除双重代理。有关应用程序的配置可以直接内联到location /projectname/ {}https 服务器块中的名称中,而不是建立其他难以诊断的 HTTP 代理特性/错误/漏洞的潜在来源。