django production environment deployment: nginx+SSL certificate start wss+https

Keywords: Nginx SSL DNS

Download certificate

It took me an hour here. I'm Tencent cloud's server. For the domain name purchased by Alibaba cloud, first apply for a free ssl Certificate in Tencent cloud. During this period, just follow the instructions. One step is to change the DNS in Alibaba cloud.
I don't need to talk about it in detail. After I get it all, I can download the certificate in ten minutes

Configuration certificate

Copy the two files 1 www.domain.com bundle.crt and 2 www.domain.com.key in the downloaded certificate to the root directory of nginx:

Then modify the configuration of nginx.conf:

server {
        listen 443;           # Original 80
        server_name  www.arrowarcher.top; #Change to your own domain name, no domain name change to 127.0.0.1:80
        ssl on;
        ssl_certificate 1_www.arrowarcher.top_bundle.crt;
        ssl_certificate_key 2_www.arrowarcher.top.key;
        ssl_session_timeout 5m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #Configure according to this protocol
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;#Follow this package configuration
        ssl_prefer_server_ciphers on;
        charset utf-8;
        location / {
           include uwsgi_params;
           uwsgi_pass 127.0.0.1:8000;  #The port should be the same as that configured in uwsgi
           uwsgi_param UWSGI_SCRIPT bmxf.wsgi;  #Directory name of wsgi.py +. WSGI
           uwsgi_param UWSGI_CHDIR /home/arrow/bmxf; #Project path
           
        }
        location /static {
        alias /home/arrow/bmxf/static/; #Static resource path
        }
        location /wss {
         proxy_pass http://127.0.0.1:8888;
         # proxy_connect_timeout 2s
         proxy_http_version 1.1;
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection 'upgrade';
         proxy_redirect off;
         proxy_set_header Host $host;
         # proxy_set_header X-Real_IP $remote_addr_IP;   
         proxy_set_header X-Real_IP $remote_addr;   
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Host $server_name;
         # proxy_read_timeout 60s;#The default is 60s.
         # proxy_send_timeout 60s;#The default is 60s.
            
        }
    }

Mainly add ssl related configuration, WS - > WSS

Last but not least:

Restart three services: uginx, daphne, nginx
Please be sure to follow this order. In the beginning, I restarted nginx at the first place. As a result, websocket failed to link forever!

Posted by nightdesigns on Thu, 21 Nov 2019 11:29:33 -0800

Hot Keywords

©2024 Programmer Group