重定向新旧域名
server_name www.superpig.win www.yinzihao.com.cn;
if ($host != 'www.superpig.win' ) {
rewrite ^/(.*)$ http://www.superpig.win/$1
permanent;
}
解除上传限制
修改配置文件,加入
client_body_buffer_size 10M;
#client_body_temp_path /tmp 1 2
client_max_body_size 50M;
对静态文件进行处理
location /static {
autoindex on;
alias /home/yzh/workspace/dazhu0804/dazhu/static;
}
对django网站使用证书
后台用gunicorn启动
gunicorn --bind=0.0.0.0:8000 dazhu.wsgi:application
配置Nginx
参考配置文件如下
upstream dzapp { server 127.0.0.1:8000; }
server {
listen 80;
server_tokens off;
# access_log /var/log/nginx/web2.access.log main;
server_name 10.67.54.227;
#server_name www.superpig.win www.yinzihao.com.cn;
#if ($host != 'www.superpig.win' ) {
#rewrite ^/(.*)$ http://www.superpig.win/$1 permanent;
#}location ^~ /admin { rewrite ^ https://$server_name:443$request_uri? permanent; } location /static { autoindex on; alias /home/yzh/workspace/dazhu/dazhu/static; } location / { proxy_pass http://dzapp; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_next_upstream http_500 http_502 http_503 error timeout invalid_header; }
}
server {
listen 443 ssl;
server_name 10.67.54.227;
ssl on;
ssl_certificate /home/yzh/workspace/dazhu/keys/dazhu.cert;
ssl_certificate_key /home/yzh/workspace/dazhu/keys/dazhu.key;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
location ^~ /admin {
proxy_pass http://dzapp;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect off;
### Most PHP, Python, Rails, Java App can use this header -> https ###
proxy_set_header X-Forwarded-Proto $scheme;
}location /static { autoindex on; alias /home/yzh/workspace/dazhu/dazhu/static; } location / { rewrite ^ http://$server_name$request_uri? permanent; }
}
上面的配置太复杂,其实可以把重复部分用一个文件include
location ^~ /admin {
include /etc/nginx/dazhu_proxy.conf;
}
dazhu_proxy.conf
proxy_pass http://dzapp;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect off;Most PHP, Python, Rails, Java App can use this header -> https
proxy_set_header X-Forwarded-Proto $scheme;
生成dazhu.cert和dazhu.key
openssl genrsa 1024 > dazhu.key
openssl req -new -x509 -nodes -sha1 -days 365 -key dazhu.key > dazhu.cert
注意填写common name的时候,和Org name的时候填域名,否则出错。