django - nginx 添加新站点导致 ERR_TOO_MANY_REDIRECTS
问题描述
我正在尝试将另一个 Django 应用程序添加到我的服务器。我已经启动并运行了 xmlanalyzer.maciejg.pl,现在我正在尝试将另一个应用程序添加到现有的 nginx 和 gunicorn 设置中,以便在 fencing.maciejg.pl 上使用。
我使用了现有的XMLAnalyzer gunicorn 设置(工作正常):
#!/bin/bash
NAME="xmlanalyzer" # Name of the application
DJANGODIR=/home/django/xmlanalyzer # Django project directory
SOCKFILE=/home/django/xmlanalyzer/run/gunicorn.sock # we will communicte using this unix socket
USER=my-user-name # the user to run as
GROUP=my-user-name # the group to run as
NUM_WORKERS=3 # how many worker processes should Gunicorn spawn
DJANGO_SETTINGS_MODULE=xmlanalyzer.settings # which settings file should Django use
DJANGO_WSGI_MODULE=xmlanalyzer.wsgi # WSGI module name
echo "Starting $NAME as `whoami`"
# Activate the virtual environment
cd $DJANGODIR
source ../venv/bin/activate
export DJANGO_SETTINGS_MODULE=$DJANGO_SETTINGS_MODULE
export PYTHONPATH=$DJANGODIR:$PYTHONPATH
# Create the run directory if it doesn't exist
RUNDIR=$(dirname $SOCKFILE)
test -d $RUNDIR || mkdir -p $RUNDIR
# Start your Django Unicorn
# Programs meant to be run under supervisor should not daemonize themselves (do not use --daemon)
#exec gunicorn -b 127.0.0.1:8001 xmlanalyzer.wsgi:application --pid /tmp/gunicorn.pid ;
exec gunicorn -b 127.0.0.1:8001 ${DJANGO_WSGI_MODULE}:application \
--name $NAME \
--workers $NUM_WORKERS \
--user=$USER --group=$GROUP \
## --bind=unix:$SOCKFILE \
--bind=127.0.0.1:8001 \
--log-level=debug \
--log-file=-
这是Fencing应用程序的 gunicorn 设置(不工作):
#!/bin/bash
NAME="fencing" # Name of the application
DJANGODIR=/home/django/fencing # Django project directory
SOCKFILE=/home/django/fencing/run/gunicorn.sock # we will communicte using this unix socket
USER=my-user-name # the user to run as
GROUP=my-user-name # the group to run as
NUM_WORKERS=3 # how many worker processes should Gunicorn spawn
DJANGO_SETTINGS_MODULE=mysite.settings # which settings file should Django use
DJANGO_WSGI_MODULE=mysite.wsgi # WSGI module name
echo "Starting $NAME as `whoami`"
# Activate the virtual environment
cd $DJANGODIR
source ../venv/bin/activate
export DJANGO_SETTINGS_MODULE=$DJANGO_SETTINGS_MODULE
export PYTHONPATH=$DJANGODIR:$PYTHONPATH
# Create the run directory if it doesn't exist
RUNDIR=$(dirname $SOCKFILE)
test -d $RUNDIR || mkdir -p $RUNDIR
# Start your Django Unicorn
# Programs meant to be run under supervisor should not daemonize themselves (do not use --daemon)
exec gunicorn -b 127.0.0.1:8002 ${DJANGO_WSGI_MODULE}:application \
--name $NAME \
--workers $NUM_WORKERS \
--user=$USER --group=$GROUP \
## --bind=unix:$SOCKFILE \
--bind=127.0.0.1:8002 \
--log-level=debug \
--log-file=-
两者似乎都在上升:
ps -ef | grep gunicorn
my-user-name 780 20697 0 10:20 ? 00:00:01 /home/django/venv/bin/python3 /home/django/venv/bin/gunicorn -b 127.0.0.1:8002 mysite.wsgi:application --name fencing --workers 3 --user=my-user-name --group=my-user-name
my-user-name 787 780 0 10:20 ? 00:00:00 /home/django/venv/bin/python3 /home/django/venv/bin/gunicorn -b 127.0.0.1:8002 mysite.wsgi:application --name fencing --workers 3 --user=my-user-name --group=my-user-name
my-user-name 788 780 0 10:20 ? 00:00:00 /home/django/venv/bin/python3 /home/django/venv/bin/gunicorn -b 127.0.0.1:8002 mysite.wsgi:application --name fencing --workers 3 --user=my-user-name --group=my-user-name
my-user-name 789 780 0 10:20 ? 00:00:00 /home/django/venv/bin/python3 /home/django/venv/bin/gunicorn -b 127.0.0.1:8002 mysite.wsgi:application --name fencing --workers 3 --user=my-user-name --group=my-user-name
my-user-name 1712 1656 0 12:40 pts/1 00:00:00 grep --color=auto gunicorn
root 1730 1 0 2018 ? 01:04:09 /home/django/venv/bin/python3 /home/django/venv/bin/gunicorn -b 127.0.0.1:8001 xmlanalyzer.wsgi:application --name xmlanalyzer --workers 3 --user=my-user-name --group=my-user-name
my-user-name 17483 1730 0 Mar25 ? 00:01:12 /home/django/venv/bin/python3 /home/django/venv/bin/gunicorn -b 127.0.0.1:8001 xmlanalyzer.wsgi:application --name xmlanalyzer --workers 3 --user=my-user-name --group=my-user-name
my-user-name 17554 1730 0 Mar25 ? 00:01:05 /home/django/venv/bin/python3 /home/django/venv/bin/gunicorn -b 127.0.0.1:8001 xmlanalyzer.wsgi:application --name xmlanalyzer --workers 3 --user=my-user-name --group=my-user-name
my-user-name 17953 1730 0 Mar25 ? 00:00:41 /home/django/venv/bin/python3 /home/django/venv/bin/gunicorn -b 127.0.0.1:8001 xmlanalyzer.wsgi:application --name xmlanalyzer --workers 3 --user=my-user-name --group=my-user-name
我使用以下内容创建了 nginx 设置:
/etc/nginx/sites-available# more xmlanalyzer
server {
server_name xmlanalyzer.maciejg.pl;
access_log off;
location /static/ {
alias /home/django/xmlanalyzer/XMLAnalyzer/static/;
}
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:8001;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Real-IP $remote_addr;
add_header P3P 'CP="ALL DSP COR PSAa PSDa OUR NOR ONL UNI COM NAV"';
}
# managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/xmlanalyzer.maciejg.pl/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/xmlanalyzer.maciejg.pl/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = xmlanalyzer.maciejg.pl) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name xmlanalyzer.maciejg.pl;
listen 80;
return 404; # managed by Certbot
client_max_body_size 64M;
}
我已将文件夹和端口从 8001 更改为 8002。结果我得到了:
/etc/nginx/sites-available# more fencing
server {
server_name fencing.maciejg.pl;
access_log off;
location = /favicon.ico { access_log off; log_not_found off; }
location /static/ {
alias /home/django/fencing/fencingtournament/static/;
}
access_log /home/django/fencing/logs/nginx-access.log;
error_log /home/django/fencing/logs/nginx-error.log;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:8002;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Real-IP $remote_addr;
add_header P3P 'CP="ALL DSP COR PSAa PSDa OUR NOR ONL UNI COM NAV"';
}
# managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/fencing.maciejg.pl/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/fencing.maciejg.pl/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = fencing.maciejg.pl) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name fencing.maciejg.pl;
listen [::]:80;
return 404; # managed by Certbot
}
现在,虽然https://xmlanalyzer.maciejg.pl效果很好,但我在尝试访问https://fencing.maciejg.pl/时得到 ERR_TOO_MANY_REDIRECTS
curl证明域设置正确,nginx可用。由于某种原因,它不会重定向到我的应用程序:
curl fencing.maciejg.pl
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
两个站点都可用。
ll ../sites-enabled/
total 12
drwxr-xr-x 2 root root 4096 Mar 25 20:39 ./
drwxr-xr-x 6 root root 4096 Mar 25 22:59 ../
lrwxrwxrwx 1 root root 26 Mar 25 20:39 fencing -> ../sites-available/fencing
lrwxrwxrwx 1 root root 30 Feb 23 2018 xmlanalyzer -> ../sites-available/xmlanalyzer
gunicorn 日志对我来说看起来不错:
tail gunicorn-error.log
Starting fencing as my-user-name
[2019-03-26 10:20:01 +0000] [780] [INFO] Starting gunicorn 19.7.1
[2019-03-26 10:20:01 +0000] [780] [INFO] Listening at: http://127.0.0.1:8002 (780)
[2019-03-26 10:20:01 +0000] [780] [INFO] Using worker: sync
[2019-03-26 10:20:01 +0000] [787] [INFO] Booting worker with pid: 787
[2019-03-26 10:20:01 +0000] [788] [INFO] Booting worker with pid: 788
[2019-03-26 10:20:02 +0000] [789] [INFO] Booting worker with pid: 789
我的 /home/django/fencing/logs 文件夹中的 nginx-access.log 和 nginx-error.log 为空。
我错过了什么?我会很感激任何意见。
编辑只是添加 - 如果手动启动,可以访问该应用程序:
Starting development server at http://159.65.24.62:8002/
[26/Mar/2019 14:24:37] You're accessing the development server over HTTPS, but it only supports HTTP.
这里的错误是预期的 - 这只是表明对https://fencing.maciejg.pl:8002/的 Web 请求确实到达了正确的位置,因此域设置正常。
编辑 2将 Fencing 应用程序的 nginx 设置更改为access_log on;,结果如下:
more nginx-access.log
37.30.26.37 - - [26/Mar/2019:14:14:04 +0000] "GET / HTTP/1.1" 301 5 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko
) Chrome/73.0.3683.86 Safari/537.36"
37.30.26.37 - - [26/Mar/2019:14:14:04 +0000] "GET / HTTP/1.1" 301 5 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko
) Chrome/73.0.3683.86 Safari/537.36"
所以我可以看到请求到达了 nginx 并且它被拒绝了。
编辑 3使用 certbot 禁用重定向后,我现在在访问http://fencing.maciejg.pl/时获得 nginx 登录页面- 所以再次,它正在通过,只是没有重定向到我运行的应用程序gunicorn。所以我仍然相信这是我的 nginx 设置中的一个错误 - 但是,我仍然没有看到它......
解决方案
好的,我终于解决了这个问题!有多个问题。
首先,我在 nginx 设置中遇到了冲突。虽然部分是,即使我解决了这个问题,我仍然遇到 HTTP 错误。这是因为 gunicorn 设置无效。虽然部分是,即使我解决了这个问题,我仍然遇到 HTTP 错误。这是因为 Django 设置无效。
所以我一遍又一遍地把每一块都弄乱了,我的建议和解决方法是:逐步分析。
首先:我在开发模式下运行我的 Django 应用程序,从python manage.py runserver 127.0.0.1:8000禁用Debug = TrueSSL 开始。通过这种方式,curl我能够让它响应并确认它有效。
接下来,我已经杀死了该应用程序并通过 gunicorn 脚本运行它。我发现由于保存 SECRET_KEY 的环境变量不可用而引发错误。老实说 - 我没有解决这个问题,我已经切换到将密钥保存在单独的文件中。所以,一个问题解决了,我的 gunicorn 运行良好。
嵌套步骤:杀死 gunicorn 进程并使用supervisiord. 原来有一个特权问题,因为supervisiord在不同的帐户上运行。
一旦我解决了这个问题,我就从头开始重新创建了我的 nginx 设置,直到它开始转发请求。没有 SSL。
接下来,我重新运行以certbot恢复 SSL。在这里,我还发现您需要清除浏览器缓存,因为即使下面的设置很好,它也没有显示页面。这也花费了一段时间——当我尝试在另一台笔记本电脑上访问我的网站以发现它工作正常时,我无意中发现了这个。
最后,我将我的其他 nginx 服务器配置一一放回 sites-enabled 中。
我希望我永远不需要这个解决方案,它只会对其他人有用:)
推荐阅读
- printf - 在 logstash 的 sprintf 语法中使用 sprintf 语法
- sas - SAS - 为数据集采样创建计数器变量
- java - 我们可以隐式地使 Spring Boot Test 和 Spring Test 重置模拟吗?
- mfc - COM+ 应用程序在某些未知情况下才会继续运行
- python - 通过张量流对整数数据进行分类
- sql - 如何将虚拟数据填充到现有表中?
- c# - 如何在 Dapper .Query<>() 中添加新的 PropertyType
- javascript - 重构类型脚本方法
- c - Windows 7 上的 Cygwin Control+D 不发出 EOF 信号
- c++ - 多个枚举值的一种模板特化