无法连接到网站 - 连接被拒绝 - Nginx - SSL

【问题标题】:Can't connect to Website - Connection refused - Nginx - SSL无法连接到网站 - 连接被拒绝 - Nginx - SSL
【发布时间】:2020-11-01 10:50:10
【问题描述】:

我正在使用 Docker、Nginx 和 Django。我想用 ssl 保护我的应用程序,但它不起作用。 我使用 certbot 获得了有效证书

这是我的 nginx.conf 文件:

upstream app {
    server app:80;
}

server {
        listen 80;
        listen [::]:80;
        server_name mydomain.de;
        return 301 https://$server_name$request_uri;

        location ~ /.well-known/acme-challenge {
            allow all;
            root /var/www/certbot;
        }
}

server {
        listen 443 ssl;
        listen [::]:443 ssl;
        server_name mydomain.de;

        ssl_certificate /etc/nginx/ssl/live/mydomain.de/fullchain.pem;
        ssl_certificate_key /etc/nginx/ssl/live/mydomain.de/privkey.pem;

        location / {
             proxy_pass https://app;
          #  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
          #  proxy_set_header Host $host;
          #  proxy_redirect off;
        }

        location /staticfiles/ {
            alias /app/staticfiles/;
            add_header Access-Control-Allow-Origin *;

        location ~ /.well-known/acme-challenge {
            allow all;
            root /var/www/certbot;
        }
    }
}

这是我的 docker-compose 文件:

version: '3.4'

services:
  app:
    image: django
    build:
      context: ./app
      dockerfile: Dockerfile
    env_file:
      - ./.env
    volumes:
      - ./app/:/app/
      - ./app/staticfiles/:/app/staticfiles
    command: gunicorn --bind 0.0.0.0:8000 --chdir /app/ Webserver.wsgi

  nginx:
    build: ./nginx
    ports:
      - 80:80
      - 433:433
    depends_on:
      - app
    volumes:
      - ./app/staticfiles/:/app/staticfiles
      - ./certbot/conf:/etc/nginx/ssl
      - ./certbot/data:/var/www/certbot

  db:
    image: postgres
    volumes:
      - postgres_data:/var/lib/postgresql/data/
    environment:
      POSTGRES_DB_PORT: "5432"
      POSTGRES_DB_HOST: "myhost"
      POSTGRES_PASSWORD: "mypw"
      POSTGRES_USER: myname
      POSTGRES_DB: dev_db


volumes:
  postgres_data:

如果我尝试访问我的网站,我只会看到浏览器消息“连接被拒绝”

我重命名了域名和密码等敏感信息

【问题讨论】:

    标签: django docker nginx


    【解决方案1】:

    下面我提供了一个有效的 certbot nginx 配置示例:

    server {
    # show half the users an optimized site, half the regular site
    listen      80;
    gzip              on;
    gzip_http_version 1.0;
    gzip_min_length  1100;
    gzip_buffers  4 32k;
    gzip_vary on;
    gzip_proxied      any;
    gzip_comp_level   9;
    gzip_disable      "MSIE [1-6]\.";
    gzip_types        text/plain text/xml text/css
                  text/comma-separated-values
                  text/javascript
                  application/x-javascript
                  application/atom+xml;
    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 65;
    types_hash_max_size 2048;
    # server_tokens off;

    # side note: only use TLS since SSLv2 and SSLv3 have had recent vulnerabilities

    access_log /var/www/vhosts/mydomain.de/logs/access_log;
    error_log  /var/www/vhosts/mydomain.de/logs/error_log;
    server_name 3dact.com www.mydomain.de;


    location ~* .+.>(xml|jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|js|swf) {
         access_log off;
         expires 30d;
         break;
    }


    charset utf-8;
    root    /var/www/vhosts/mydomain.de/public/dist;
    index   index.html index.htm;

    location / {
        try_files $uri $uri/ /index.html;
    }

    # what to serve if upstream is not available or crashes
    error_page 500 502 503 504 /media/50x.html;

    location ~* .+.>(xml|jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|js|swf) {
         root /var/www/vhosts/mydomain.de/public/dist;
         access_log off;
         expires 30d;
         add_header Pragma public;
         add_header Cache-Control "public";
         break;
    }

    location /dist {
        alias /var/www/vhosts/mydomain.de/public/dist;
    }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/nginx/ssl/live/mydomain.de/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/nginx/ssl/live/mydomain.de/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}


server {
    if ($host = www.mydomain.de) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    if ($host = mydomain.de) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    listen 80;
    server_name mydomain.de www.mydomain.de;
    return 404; # managed by Certbot
}

    第一个 server 块提供实际位置和 certbot 配置,第二个块由 certbot 用于域重定向 (www.)。如果您在 docker-compose.yml 中正确映射卷,那么在连接时应该保持一致性。另外,请确保端口80443 在容器外部得到适当的暴露。

    在您的 docker-compose.yml 中:

      nginx:
    build: ./nginx
    ports:
      - 80:80
      - 433:433
    depends_on:
      - app
    volumes:
      - ./app/staticfiles/:/app/staticfiles
      - ./certbot/conf:/etc/nginx/ssl # Make sure it maps into /etc/nginx/ssl/live/mydomain.de
      - ./certbot/data:/var/www/certbot
      - ./letsencrypt:/etc/letsencrypt # This is where options-ssl-nginx.conf and ssl-dhparams.pem are located

    如果您没有本地 ./letsencrypt 目录或文件位于不同的位置,请创建任何目录,将文件复制到那里并相应地配置映射。

    【讨论】:

      猜你喜欢
      • 2019-02-02
      • 1970-01-01
      • 2020-12-31
      • 1970-01-01
      • 1970-01-01
      • 2022-01-11
      • 1970-01-01
      • 2021-06-27
      • 2015-07-31
      相关资源
      最近更新 更多
      热门标签
      Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode