django - 带有 Gunicorn 的 Nginx 反向代理对站点名称的处理方式不同

问题描述

我们有一个使用 Nginx 和 Gunicorn 反向代理设置在生产环境中服务的 Django 项目。除了一个小细节外，一切似乎都有效。不知何故，浏览器将以下地址“视为”不同的会话。

example.com假设我使用该地址登录该站点。然后，如果我访问https://www.example.com，浏览器看不到用户已经登录。

当我访问时www.example.com，我在 Nginx 的浏览器中收到 404 错误。

我怀疑这与 Nginx 或 Gunicorn 的设置方式有关。感谢您提供有关如何解决此差异的任何帮助。

Nginx 配置：

server {

    root /home/example/mysite;

    # Add index.php to the list if you are using PHP
    index index.html index.htm;

    server_name example.com www.example.com;
    client_max_body_size 512M;
    location /static/ {
        alias /home/example/mysite/static/;
        expires 30d;
        add_header Vary Accept-Encoding;
        access_log off;
    }
    location /media {
        alias /home/example/mysite/media/;
        expires 30d;
        add_header Vary Accept-Encoding;
        access_log off;
    }
    location / {
        # try_files $uri $uri/ =404;
        proxy_pass http://127.0.0.1:8080;
        proxy_set_header Host $server_name;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Protocol $scheme;
        proxy_connect_timeout       6000;
        proxy_send_timeout          6000;
        proxy_read_timeout          6000;
        send_timeout                6000;
    }
    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /home/ubuntu/ssl/example_com_chain.crt;
    ssl_certificate_key /home/ubuntu/ssl/server.key;
    #include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    #ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

server {
    if ($host = example.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    listen 80 default_server;
    listen [::]:80 default_server;

    server_name example.com www.example.com;
    return 404; # managed by Certbot
}

标签： djangonginxgunicorn

解决方案

重定向

http://www.example.com
http://example.com
https://www.example.com

到

https://example.com

您需要nginx vhost像这样在配置文件中进行更改：

# Resirect 'http www' and 'http non-www' traffic to 'https non-www'
server {

    listen 80;
    server_name example.com  www.example.com;
    return  301 https://example.com$request_uri;

}

# Resirect 'https www' traffic to 'https non-www'
server {

    listen 443 ssl;
    server_name www.example.com;
    return  301 https://example.com$request_uri;

}

# https://example.com
server {

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot

    server_name example.com;

    root /home/example/mysite;

    # Add index.php to the list if you are using PHP
    index index.html index.htm;

    client_max_body_size 512M;
    location /static/ {
        alias /home/example/mysite/static/;
        expires 30d;
        add_header Vary Accept-Encoding;
        access_log off;
    }
    location /media {
        alias /home/example/mysite/media/;
        expires 30d;
        add_header Vary Accept-Encoding;
        access_log off;
    }
    location / {
        # try_files $uri $uri/ =404;
        proxy_pass http://127.0.0.1:8080;  # HERE review this line it should be the server IP not localhost
        proxy_set_header Host $server_name;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Protocol $scheme;
        proxy_connect_timeout       6000;
        proxy_send_timeout          6000;
        proxy_read_timeout          6000;
        send_timeout                6000;
    }

    ssl_certificate /home/ubuntu/ssl/example_com_chain.crt;
    ssl_certificate_key /home/ubuntu/ssl/server.key;
    # include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    # ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

该线程可能会帮助您https://www.digitalocean.com/community/questions/redirecting-https-www-domain-to-non-www-domain-with-nginx（我的答案基于）

在你的settings.py：

ALLOWED_HOSTS = [
    'example.com',  # https non-www
]

# SESSION_COOKIE_SECURE = True
# CSRF_COOKIE_SECURE = True

有关更多详细信息，请参阅

django - 带有 Gunicorn 的 Nginx 反向代理对站点名称的处理方式不同

问题描述

解决方案

推荐阅读