ubuntu + uwsgi + nginx + django 배치 수기 3 (https 설정)

4231 단어 uWSGInginx
django rest framwork 는 위 챗 애플 릿 의 접근 에 맞 추기 위해 nginx ssl 설정 https https 를 통 해 두 부분 으로 구성 되 어 있 습 니 다. HTTP + SSL / TLS
#  ,cd        、       
#1.            server.key:
openssl genrsa -des3 -out server.key 1024
#    ,    ,      ,     ,     。
#2.             server.csr
openssl req -new -key server.key -out server.csr
#     :
#Enter pass phrase for root.key: ←           
#Country Name (2 letter code) [AU]:CN ←     ,    CN 
#State or Province Name (full name) [Some-State]:BeiJing ←     ,   
#Locality Name (eg, city) []:BeiJing ←     ,   
#Organization Name (eg, company) [Internet Widgits Pty Ltd]:MyCompany Corp. ←       
#Organizational Unit Name (eg, section) []: ←       
#Common Name (eg, YOUR name) []: ←       
#Email Address []:[email protected] ←     ,    
#Please enter the following ‘extra’ attributes 
#to be sent with your certificate request 
#A challenge password []: ←       
#An optional company name []: ←      
#3.           
cp server.key server.key.org
#4.      
openssl rsa -in server.key.org -out server.key
#5.      server.crt
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
  • https 접근 만 허용
  • server {
        listen    8010 ssl; #    443,           
        server_name _;
        
        ssl_certificate /home/hayley/nginx/server.crt;	#  
        ssl_certificate_key /home/hayley/nginx/server.key;	#  
    
        ……
    }
    
    
  • http, https
  • 동시 지원
    #       http,https   ,http        https(http 80   https 443)
    server {
        listen 80 default_server;
        listen [::]:80 default_server;
    
        # Redirect all HTTP requests to HTTPS with a 301 Moved Permanently response.
        return 301 https://$host$request_uri;
    }
    
    server {
        listen 443 ssl http2;
        listen [::]:443 ssl http2;
    
        # certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
        ssl_certificate /path/to/signed_cert_plus_intermediates;
        ssl_certificate_key /path/to/private_key;
        #……
    
    #  nginx
    service nginx start
    

    참고: nginx https 사이트 설정 실현https://www.cnblogs.com/jingxiaoniu/p/6745254.html Nginx 설정 Httpshttps://www.cnblogs.com/bincoding/p/6118270.html Mozilla SSL Configuration Generator https://mozilla.github.io/server-side-tls/ssl-config-generator/

    좋은 웹페이지 즐겨찾기