將 URL 從 http 改為 https 後,Nginx 重新導向到 ```https://server_name/ ```URL 而不是 ```https://server_name/projectname/```

將 URL 從 http 改為 https 後,Nginx 重新導向到 ```https://server_name/ ```URL 而不是 ```https://server_name/projectname/```

我有幾個像是 的 URL https://server_name/projectname/,現在的問題是,如果我在瀏覽器上輸入這個 URL,Django(或 Nginx)會將我重定向到https://server_name/,但它不存在。實際上,它應該將我重定向到https://server_name/projectname/.現在的問題是我該如何說 Django (或 Nginx )來做到這一點,我真的不知道問題是在 Django 還是在 Nginx 配置中。我在 settings.py 中嘗試過 FORCE_SCRIPT_NAME= '/projectname' 但它對所有網址都沒有幫助https://server_name/projectname/admin。順便說一句,在將 HTTP 更改為 HTTPs 之前,它運行得非常好。

Nginx 設定位於 site-available/project_name


upstream project_name_app{
  server unix:/home/webapps/project_name/run/gunicorn.sock fail_timeout=0;
}


server {

    listen 127.0.0.1:100;
    server_name servername;
    fastcgi_read_timeout 1600;

    proxy_connect_timeout       1600;
    proxy_send_timeout          1600;
    proxy_read_timeout          1600;
    send_timeout                1600;
    client_max_body_size 4G;

    access_log /home/webapps/projectname/logs/nginx-access.log;
    error_log /home/webapps/projectname/logs/nginx-error.log;

    location /static/ {
        alias   /home/webapps/projectname/project_name/static/;
    }

    location /media/ {
        alias   /home/webapps/projectname/project_name/media/;
    }

    location /{
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_redirect off;
        if (!-f $request_filename) {
            proxy_pass http://project_name_app;
            break;

        }
    }

    # Error pages
    error_page 500 502 503 504 /500.html;
    location = /404.html {
        root /home/webapps/projectname/project_name/templates/;
    }
}

Nginx 反向代理設定:

server {
        listen 80;
        server_name servername;

        # https redirect
        return 301 https://$host$request_uri;
}

server {
        listen 443 ssl http2;
        listen [::]:443 ssl http2;

        ssl on;
        ssl_certificate ...;
        ssl_certificate_key ...;

        root /home/webapps/landing/landing;
        index index.html;

        # Improve HTTPS performance with session resumption
        ssl_session_cache shared:SSL:10m;
        ssl_session_timeout 10m;

        # Enable server-side protection against BEAST attacks
        ssl_protocols TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_ciphers "ddfdf";

        # RFC-7919 recommended: https://wiki.mozilla.org/Security/Server_Side_TLS#ffdhe4096
        ssl_dhparam /;
        ssl_ecdh_curve /;

        
        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";

        # ref: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
        # add_header X-Frame-Options DENY always;
        add_header X-Frame-Options SAMEORIGIN;

        # ref: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
        add_header X-Content-Type-Options nosniff always;

        # ref: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
        add_header X-Xss-Protection "1; mode=block" always;

        # Reverse Proxy
        include /etc/nginx/sites-available/reverse-proxy.conf;
}




並在最後一行包含代理反向:


location /projectname/ {
        proxy_set_header X-Real-IP  $remote_addr;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header Host $host;
        proxy_redirect off;
        proxy_set_header Accept-Encoding "";

        proxy_read_timeout 1000;
        proxy_connect_timeout 1000;
        proxy_send_timeout 1000;

        proxy_pass http://localhost:100/;
        sub_filter '="/' '="/projectname/';

        sub_filter_once off;
}


Django 中的主 URL


urlpatterns = [
    path('', include('pages.urls')),
    path('dashboards/', include('dashboards.urls')),
    path('django_plotly_dash/', include('django_plotly_dash.urls')),
    re_path('admin/', admin.site.urls),
    
]

頁面網址

urlpatterns = [
    path('', views.index, name='index-pages'),
    re_path(r'^login/$', views.login_page, name='login'),
    re_path(r'^logout/$', views.logout_user, name='logout'),
]

儀表板網址

urlpatterns = [
    path('dashboard/', views.dashboard, name='dashboard'),
 ]

答案1

Django 支援 SCRIPT_NAME 很好。無論是在配置中強制執行、由 WSGI 伺服器發送還是從任何反向代理傳遞,它都會自行工作。僅在使用軟體時才需要或需要跳過障礙物來隱藏應用程式的路徑前綴不是支援植根於子資料夾。

配置MEDIA_URL&並從 nginx 配置中STATIC_URL刪除sub_filter/sub_filter_once行和尾部斜線。proxy_pass那將發送路徑包括前綴交給gunicorn,Django就能處理它。


我還強烈建議消除雙重代理。有關應用程式的配置可以直接內聯到location /projectname/ {}https 伺服器區塊中的名稱中,而不是建立其他難以診斷的 HTTP 代理特性/錯誤/漏洞的潛在來源。

相關內容