nginx相关配置 ##重定向新旧域名 ``` server_name www.superpig.win www.yinzihao.com.cn; if ($host != 'www.superpig.win' ) { rewrite ^/(.*)$ http://www.superpig.win/$1 permanent; } ``` ##解除上传限制 修改配置文件,加入 ``` client_body_buffer_size 10M; #client_body_temp_path /tmp 1 2 client_max_body_size 50M; ``` ##对静态文件进行处理 ``` location /static { autoindex on; alias /home/yzh/workspace/dazhu0804/dazhu/static; } ``` ##对后端网站使用证书并转发 ###后台用gunicorn启动 `gunicorn --bind=0.0.0.0:8000 dazhu.wsgi:application` ###配置Nginx 参考配置文件如下 ``` server { listen 443 ssl http2; server_name www.superpig.com; gzip on; gzip_proxied any; gzip_min_length 1024; gzip_comp_level 3; gzip_types text/plain text/javascript text/css text/json application/javascript application/json image/jpeg image/gif image/png; ssl on; ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP; ssl_prefer_server_ciphers on; ssl_certificate /etc/letsencrypt/live/pan.superpig.win/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/pan.superpig.win/privkey.pem; location / { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; proxy_pass http://0.0.0.0:8000; } } ``` ####上面的配置太复杂,其实可以把重复部分用一个文件include ``` location ^~ /admin { include /etc/nginx/dazhu_proxy.conf; } ``` dazhu_proxy.conf ``` proxy_pass http://dzapp; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_redirect off; ### Most PHP, Python, Rails, Java App can use this header -> https ### proxy_set_header X-Forwarded-Proto $scheme; ``` ###生成dazhu.cert和dazhu.key ``` openssl genrsa 1024 > dazhu.key openssl req -new -x509 -nodes -sha1 -days 365 -key dazhu.key > dazhu.cert ``` 注意填写common name的时候,和Org name的时候填域名,否则出错。 来自 大脸猫 写于 2016-08-12 22:23 -- 更新于2021-01-24 23:57 -- 0 条评论