安装 SSL 后 Gunicorn 工作人员超时(Django、Nginx)

【问题标题】:Gunicorn workers timing out after SSL install (Django, Nginx)安装 SSL 后 Gunicorn 工作人员超时(Django、Nginx)
【发布时间】:2019-08-12 21:55:47
【问题描述】:

在设置 AWS Route53 IPv6 和我的 DSN (Ionos) 后,我设法在运行 Gunicorn 和 nginx 的 Django 博客应用程序中设置了 SSL。 我用过这个tutorial

不幸的是,首先它遇到了我设法修复的重定向循环错误,但现在它是 502 Bad Gateway,当我检查日志时,看起来 Gunicorn 工作人员总是超时。我尝试将 nginx 和 Gunicorn 的超时设置为 300 秒,但这只是意味着等待 502 错误的时间更长,没有其他任何变化。

这是日志:

Mar 21 23:13:46 ip-172-31-35-104 systemd[1]: Started A high performance web server and a reverse proxy server.
-- Subject: Unit nginx.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit nginx.service has finished starting up.
--
-- The start-up result is done.
Mar 21 23:13:46 ip-172-31-35-104 sudo[2107]: pam_unix(sudo:session): session closed for user root
Mar 21 23:14:19 ip-172-31-35-104 gunicorn[2055]: [2019-03-21 23:14:19 +0000] [2055] [CRITICAL] WORKER TIMEOUT (pid:2061)
Mar 21 23:14:19 ip-172-31-35-104 gunicorn[2055]: [2019-03-21 23:14:19 +0000] [2061] [INFO] Worker exiting (pid: 2061)
Mar 21 23:14:19 ip-172-31-35-104 gunicorn[2055]: base dir path /home/ubuntu/puchalatravel/puchalatravel
Mar 21 23:14:19 ip-172-31-35-104 gunicorn[2055]: [2019-03-21 23:14:19 +0000] [2125] [INFO] Booting worker with pid: 2125

nginx 设置:

server {
    listen 80;
    listen [::]:80;
    server_name puchalatravel.com www.puchalatravel.com;
    return 404; # managed by Certbot

    return 301 https://puchalatravel.com$request_uri;
}

server {

    listen 443 ssl;
    listen [::]:443 ssl;
    server_name puchalatravel.com;

    ssl on;
    ssl_certificate /etc/letsencrypt/live/puchalatravel.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/puchalatravel.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; #managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; #managed by Certbot

    location /static {
        root /home/ubuntu/puchalatravel/;
    }

    location /media {
        root /home/ubuntu/puchalatravel/;
    }

    location /.well-known {
        root /var/www/common/letsencrypt/;
    }

    location / {
        # include proxy_params;
        proxy_redirect off;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_pass https://unix:/home/ubuntu/puchalatravel/puchalatravel.sock;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_connect_timeout 60s;
        proxy_read_timeout 120s;
        }
}

gunicorn 设置:

[Unit]
Description=gunicorn daemon
After=network.target

[Service]
User=ubuntu
Group=www-data
WorkingDirectory=/home/ubuntu/puchalatravel
ExecStart=/home/ubuntu/puchalatravel/puchalatravelenv/bin/gunicorn --access-logfile - --timeout 30 --workers 3 --bind unix:/home/ubuntu/puchalatravel/puchalatravel.sock puchalatravel.wsgi:application

[Install]
WantedBy=multi-user.target

除了在 settings.py 中添加以下几行之外,Django 代码没有进行任何更改:

SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
SECURE_SSL_REDIRECT = True
SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True

所有代码都可以在这里找到:GitHub repo 网址:puchalatravel.com

任何想法可能是问题的根源?

编辑。看起来像是 SSL 的问题,nginx 错误日志:

2019/03/22 07:15:24 [error] 2123#2123: *83 peer closed connection in SSL handshake while SSL handshaking to upstream, client: 83.6.170.100, server: puchalatravel.com, request: "GET / HTTP/1.1", upstream: "https://unix:/home/ubuntu/puchalatravel/puchalatravel.sock:/", host: "puchal$2019/03/22 07:15:56 [error] 2123#2123: *85 peer closed connection in SSL handshake while SSL handshaking to upstream, client: 83.6.170.100, server: puchalatravel.com, request: "GET /favicon.ico HTTP/1.1", upstream: "https://unix:/home/ubuntu/puchalatravel/puchalatravel.sock:/favic$2019/03/22 07:36:35 [error] 2123#2123: *94 peer closed connection in SSL handshake while SSL handshaking to upstream, client: 213.229.174.164, server: puchalatravel.com, request: "GET / HTTP/1.1", upstream: "https://unix:/home/ubuntu/puchalatravel/puchalatravel.sock:/", host: "puc$2019/03/22 07:37:06 [error] 2123#2123: *94 peer closed connection in SSL handshake while SSL handshaking to upstream, client: 213.229.174.164, server: puchalatravel.com, request: "GET /favicon.ico HTTP/1.1", upstream: "https://unix:/home/ubuntu/puchalatravel/puchalatravel.sock:/fa$2019/03/22 07:40:58 [error] 2123#2123: *100 peer closed connection in SSL handshake while SSL handshaking to upstream, client: 213.229.174.164, server: puchalatravel.com, request: "GET / HTTP/1.1", upstream: "https://unix:/home/ubuntu/puchalatravel/puchalatravel.sock:/", host: "pu$2019/03/22 07:41:29 [error] 2123#2123: *100 peer closed connection in SSL handshake while SSL handshaking to upstream, client: 213.229.174.164, server: puchalatravel.com, request: "GET /favicon.ico HTTP/1.1", upstream: "https://unix:/home/ubuntu/puchalatravel/puchalatravel.sock:/f$2019/03/22 07:44:22 [error] 12508#12508: *1 peer closed connection in SSL handshake while SSL handshaking to upstream, client: 213.229.174.164, server: puchalatravel.com, request: "GET / HTTP/1.1", upstream: "https://unix:/home/ubuntu/puchalatravel/puchalatravel.sock:/", host: "pu$2019/03/22 07:44:52 [error] 12508#12508: *1 peer closed connection in SSL handshake while SSL handshaking to upstream, client: 213.229.174.164, server: puchalatravel.com, request: "GET /favicon.ico HTTP/1.1", upstream: "https://unix:/home/ubuntu/puchalatravel/puchalatravel.sock:/f$2019/03/22 07:53:57 [error] 12508#12508: *4 peer closed connection in SSL handshake while SSL handshaking to upstream, client: 213.229.174.164, server: puchalatravel.com, request: "GET / HTTP/1.1", upstream: "https://unix:/home/ubuntu/puchalatravel/puchalatravel.sock:/", host: "pu$2019/03/22 07:54:10 [notice] 12698#12698: signal process started
2019/03/22 07:54:24 [notice] 12700#12700: signal process started
2019/03/22 07:54:27 [notice] 12703#12703: signal process started
2019/03/22 07:54:28 [error] 12508#12508: *4 peer closed connection in SSL handshake while SSL handshaking to upstream, client: 213.229.174.164, server: puchalatravel.com, request: "GET /favicon.ico HTTP/1.1", upstream: "https://unix:/home/ubuntu/puchalatravel/puchalatravel.sock:/f$2019/03/22 07:58:51 [error] 12704#12704: *27 peer closed connection in SSL handshake while SSL handshaking to upstream, client: 5.255.250.163, server: puchalatravel.com, request: "GET /robots.txt HTTP/1.1", upstream: "https://unix:/home/ubuntu/puchalatravel/puchalatravel.sock:/rob$2019/03/22 07:59:22 [error] 12704#12704: *30 peer closed connection in SSL handshake while SSL handshaking to upstream, client: 141.8.143.160, server: puchalatravel.com, request: "GET /robots.txt HTTP/1.1", upstream: "https://unix:/home/ubuntu/puchalatravel/puchalatravel.sock:/rob$2019/03/22 07:59:53 [error] 12704#12704: *32 peer closed connection in SSL handshake while SSL handshaking to upstream, client: 178.154.246.138, server: puchalatravel.com, request: "GET /posts/ HTTP/1.1", upstream: "https://unix:/home/ubuntu/puchalatravel/puchalatravel.sock:/posts$2019/03/22 08:03:10 [error] 12813#12813: *1 peer closed connection in SSL handshake while SSL handshaking to upstream, client: 213.229.174.164, server: puchalatravel.com, request: "GET / HTTP/1.1", upstream: "https://unix:/home/ubuntu/puchalatravel/puchalatravel.sock:/", host: "pu$2019/03/22 08:03:41 [error] 12813#12813: *1 peer closed connection in SSL handshake while SSL handshaking to upstream, client: 213.229.174.164, server: puchalatravel.com, request: "GET /favicon.ico HTTP/1.1", upstream: "https://unix:/home/ubuntu/puchalatravel/puchalatravel.sock:/f$2019/03/22 08:37:39 [error] 12813#12813: *18 peer closed connection in SSL handshake while SSL handshaking to upstream, client: 213.229.174.164, server: puchalatravel.com, request: "GET / HTTP/1.1", upstream: "https://unix:/home/ubuntu/puchalatravel/puchalatravel.sock:/", host: "p$2019/03/22 08:56:08 [error] 13024#13024: *1 peer closed connection in SSL handshake while SSL handshaking to upstream, client: 213.229.174.164, server: puchalatravel.com, request: "GET / HTTP/1.1", upstream: "https://unix:/home/ubuntu/puchalatravel/puchalatravel.sock:/", host: "pu$2019/03/22 08:56:39 [error] 13024#13024: *1 peer closed connection in SSL handshake while SSL handshaking to upstream, client: 213.229.174.164, server: puchalatravel.com, request: "GET /favicon.ico HTTP/1.1", upstream: "https://unix:/home/ubuntu/puchalatravel/puchalatravel.sock:/f$

【问题讨论】:

    标签: django ssl nginx https gunicorn


    【解决方案1】:

    原来问题出在 nginx 配置中的这一行:

    proxy_pass https://unix:/home/ubuntu/puchalatravel/puchalatravel.sock;

    解决方法是将 https 更改为 http

    完整的 nginx 配置结束:

    server {
    listen                  80;
    listen                  [::]:80;
    server_name             puchalatravel.com www.puchalatravel.com;

    return                  301 https://puchalatravel.com;
}

server {

    listen                  443 ssl http2;
    listen                  [::]:443 ssl http2;
    server_name             puchalatravel.com;

    access_log              /var/log/nginx/puchalatravel.com.access.log;
    error_log               /var/log/nginx/puchalatravel.com.error.log;

    ssl                     on;
    ssl_certificate         /etc/letsencrypt/live/puchalatravel.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key     /etc/letsencrypt/live/puchalatravel.com/privkey.pem; # managed by Certbot
    ssl_session_cache       shared:SSL:5m;
    include                 /etc/letsencrypt/options-ssl-nginx.conf; #managed by Certbot
    ssl_dhparam             /etc/letsencrypt/ssl-dhparams.pem; #managed by Certbot

    location /static {
        root /home/ubuntu/puchalatravel/;
    }

    location /media {
        root /home/ubuntu/puchalatravel/;
    }

    location /.well-known {
        root /var/www/common/letsencrypt/;
    }

    location / {
        # include proxy_params;
        proxy_redirect              off;
        proxy_ssl_server_name       on;
        proxy_ssl_certificate       /etc/letsencrypt/live/puchalatravel.com/fullchain.pem; # managed by Certbot
        proxy_ssl_certificate_key   /etc/letsencrypt/live/puchalatravel.com/privkey.pem; # managed by Certbot
        proxy_set_header            X-Forwarded-Proto $scheme;
        proxy_pass                  http://unix:/home/ubuntu/puchalatravel/puchalatravel.sock;
        proxy_set_header            Host $host;
        proxy_set_header            X-Real-IP $remote_addr;
        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_connect_timeout       60s;
        proxy_read_timeout          120s;
        }
}

    【讨论】:

    • 谢谢!你拯救了我的一天。它会自动更改为Certbot
    猜你喜欢
    • 1970-01-01
    • 2020-07-16
    • 2015-12-24
    • 2013-12-15
    • 2014-10-22
    • 1970-01-01
    • 2015-01-20
    • 1970-01-01
    • 2012-05-27
    相关资源
    最近更新 更多
    热门标签
    Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode