对django网站使用证书 ##后台用gunicorn启动 `gunicorn --bind=0.0.0.0:8000 dazhu.wsgi:application` ##配置Nginx 参考配置文件如下 ``` upstream dzapp { server 127.0.0.1:8000; } server { listen 80; server_tokens off; # access_log /var/log/nginx/web2.access.log main; server_name 10.67.54.227; #server_name www.superpig.win www.yinzihao.com.cn; #if ($host != 'www.superpig.win' ) { #rewrite ^/(.*)$ http://www.superpig.win/$1 permanent; #} location ^~ /admin { rewrite ^ https://$server_name:443$request_uri? permanent; } location /static { autoindex on; alias /home/yzh/workspace/dazhu/dazhu/static; } location / { proxy_pass http://dzapp; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_next_upstream http_500 http_502 http_503 error timeout invalid_header; } } server { listen 443 ssl; server_name 10.67.54.227; ssl on; ssl_certificate /home/yzh/workspace/dazhu/keys/dazhu.cert; ssl_certificate_key /home/yzh/workspace/dazhu/keys/dazhu.key; ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP; ssl_prefer_server_ciphers on; location ^~ /admin { proxy_pass http://dzapp; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_redirect off; ### Most PHP, Python, Rails, Java App can use this header -> https ### proxy_set_header X-Forwarded-Proto $scheme; } location /static { autoindex on; alias /home/yzh/workspace/dazhu/dazhu/static; } location / { rewrite ^ http://$server_name$request_uri? permanent; } } ``` ##生成dazhu.cert和dazhu.key ``` openssl genrsa 1024 > dazhu.key openssl req -new -x509 -nodes -sha1 -days 365 -key dazhu.key > dazhu.cert ``` 注意填写common name的时候,和Org name的时候填域名,否则出错。 来自 大脸猪 写于 2017-01-19 12:01 -- 更新于2020-10-19 13:06 -- 0 条评论