我已经尝试了一切:
@斯塔莱特:
routes = [
Mount("/static/", StaticFiles(directory=parent+fs+"decoration"+fs+"static"), name="static"),
Route(....),
Route(....),
]
@Uvicorn:
--forwarded-allow-ips=domain.com
--proxy-headers
@url_for:
_external=True
_scheme="https"
@nginx:
proxy_set_header Subdomain $subdomain;
proxy_set_header Host $http_host;
proxy_pass http://localhost:7000/;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $server_name;
proxy_redirect http://$http_host/ https://$http_host/;
include proxy_params;
server {
if ($host = sub.domain.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 ;
listen [::]:80 ;
server_name sub.domain.com;
return 404; # managed by Certbot
}
如果我打开 .css 或 .js 链接,nginx 会将其呈现为 https。
当我允许 Firefox 忽略不安全内容时,整个页面会在生产服务器上正确呈现。
让我们加密与整个域完美配合,证书没有问题。
我觉得是uvicorn的--forwarded-allow-ips=domain.com部分需要有 Nginx 服务器的 IP,因为它是进行转发的。 (即将“domain.com”更改为您的nginx服务器的IP)注意您也可以使用环境变量FORWARDED_ALLOW_IPS=* or FORWARDED_ALLOW_IPS=1.2.3.4相反(如果在 nginx 后面的 Gunicorn 后面运行 uvicorn 则很有用)
对于登陆这里的其他读者:我遇到了同样的问题,因为我未能配置我的“服务器”配置部分来实际转发X-Forwarded-Proto and X-Forwarded-For标头,以便 uvicorn 能够获取它们。这是我需要的示例:
server {
server_name example.com
location / {
proxy_redirect off;
# These are the critical headers needed by uvicorn to honor HTTPS in url_for :
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# These are just some other headers you may find useful
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $server_name;
...
}
listen 443 ssl;
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系:hwhale#tublm.com(使用前将#替换为@)
