如何正确配置 nginx ssl 以使用 docker-compose 和 django-channel ssl 套接字
How to properly configure nginx ssl for working with docker-compose and django-channel ssl socket
我有一个 django 项目,里面有 django-channels 2.X。在本地它工作完美,但在生产中我无法将此套接字与前端连接。
8:675 WebSocket 连接到 'wss://air.my-server.com/excel-worker/' 失败:连接建立时出错:net::ERR_NOT_IMPLEMENTED
我的应用有来自 LetsEncrypt 的 SSL 证书。
我已经尝试了这里的所有建议 https://channels.readthedocs.io/en/latest/deploying.html and almost all, what i've found on Whosebug, Github (example: https://github.com/django/channels/issues/919)。我也试过根据这个配置nginx
https://www.nginx.com/blog/websocket-nginx/ 但运气不好。
我确定问题出在我的 Nginx 配置中。
docker-compose.yml
version: '3.0'
services:
project_db:
image: postgres:9.6
container_name: air-db
volumes:
- ./src/data:/var/lib/postgresql/data
- ./prj_config/docker-entrypoint-initdb.d/:/docker-entrypoint-initdb.d/
restart: unless-stopped
env_file:
- prod.env
project_redis:
image: redis:latest
container_name: aircraft-redis
restart: unless-stopped
expose:
- 6379
backend: &backend
container_name: air-auto
build:
context: .
dockerfile: Dockerfile
command: sh -c "python manage.py makemigrations && python manage.py migrate && gunicorn service.wsgi -b 0.0.0.0:8112 --workers 1"
restart: unless-stopped
volumes:
- ./src:/src
depends_on:
- project_db
- project_redis
ports:
- 0.0.0.0:8112:8112
env_file:
- prod.env
channel-worker:
<<: *backend
container_name: air-channels
command: sh -c "daphne -e ssl:443:privateKey=privkey.pem:certKey=fullchain.pem -u /tmp/daphne.sock -p 8005 service.asgi:application -b 0.0.0.0"
depends_on:
- project_db
- project_redis
volumes:
- /etc/letsencrypt/:/etc/letsencrypt/
ports:
- 0.0.0.0:8005:8005
- 0.0.0.0:8006:443
nginx(启用站点)
server {
listen 80;
server_name my-server.com;
include snippets/letsencrypt.conf;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
server_name my-server.com;
ssl_certificate /etc/letsencrypt/live/my-server.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/my-server.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/my-server.com/chain.pem;
include snippets/ssl.conf;
include snippets/letsencrypt.conf;
return 301 https://my-server.com.com$request_uri;
server {
listen 443 ssl http2;
server_name air.my-server.com;
ssl_certificate /etc/letsencrypt/live/air.my-server.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/air.my-server.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/air.my-server.com/chain.pem;
include snippets/ssl.conf;
include snippets/letsencrypt.conf;
location / {
proxy_pass http://localhost:8112/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /excel-worker/ {
proxy_pass http://0.0.0.0:8005/excel-worker/;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
location /static {
alias /path/to/my/staticfiles/;
}
location /media {
alias /path/to/my/media/;
}
location /robots.txt {
alias /path/to/my/robots.txt;
}
}
容器启动时的记录器结果
air-redis | 1:M 15 Feb 2019 15:07:40.292 * DB loaded from disk: 0.000 seconds
air-redis | 1:M 15 Feb 2019 15:07:40.292 * Ready to accept connections
air-auto-db | LOG: database system was shut down at 2019-02-15 15:06:41 UTC
air-auto-db | LOG: MultiXact member wraparound protections are now enabled
air-auto-db | LOG: database system is ready to accept connections
air-auto-db | LOG: autovacuum launcher started
air-channels | 2019-02-15 15:07:41,548 INFO Starting server at ssl:443:privateKey=/etc/letsencrypt/live/air.my-server.com/privkey.pem:certKey=/etc/letsencrypt/live/air.my-server.com/fullchain.pem, tcp:port=8005:interface=0.0.0.0, unix:/tmp/daphne.sock
air-channels | 2019-02-15 15:07:41,549 INFO HTTP/2 support enabled
air-channels | 2019-02-15 15:07:41,550 INFO Configuring endpoint ssl:443:privateKey=/etc/letsencrypt/live/air.my-server.com/privkey.pem:certKey=/etc/letsencrypt/live/air.my-server.com/fullchain.pem
air-channels | 2019-02-15 15:07:41,554 INFO Listening on TCP address 0.0.0.0:443
air-channels | 2019-02-15 15:07:41,555 INFO Configuring endpoint tcp:port=8005:interface=0.0.0.0
air-channels | 2019-02-15 15:07:41,555 INFO Listening on TCP address 0.0.0.0:8005
air-channels | 2019-02-15 15:07:41,556 INFO Configuring endpoint unix:/tmp/daphne.sock
air-auto | No changes detected
air-auto | Running migrations:
air-auto | No migrations to apply.
air-auto | [2019-02-15 15:07:43 +0000] [1] [INFO] Starting gunicorn 19.9.0
air-auto | [2019-02-15 15:07:43 +0000] [1] [INFO] Listening at: http://0.0.0.0:8112 (1)
air-auto | [2019-02-15 15:07:43 +0000] [1] [INFO] Using worker: sync
air-auto | [2019-02-15 15:07:43 +0000] [20] [INFO] Booting worker with pid: 20
我需要比项目的 django-channels aprt 和我的前端套接字进行握手。
正如我之前所说,在本地它工作正常。
欢迎提出任何建议!
我想通了。
问题出在使用 VPN 上。我将其关闭,我的 websockets 能够执行握手和 return 消息。
真的不知道为什么会这样,但希望这会对某人有所帮助。
我有一个 django 项目,里面有 django-channels 2.X。在本地它工作完美,但在生产中我无法将此套接字与前端连接。
8:675 WebSocket 连接到 'wss://air.my-server.com/excel-worker/' 失败:连接建立时出错:net::ERR_NOT_IMPLEMENTED
我的应用有来自 LetsEncrypt 的 SSL 证书。
我已经尝试了这里的所有建议 https://channels.readthedocs.io/en/latest/deploying.html and almost all, what i've found on Whosebug, Github (example: https://github.com/django/channels/issues/919)。我也试过根据这个配置nginx https://www.nginx.com/blog/websocket-nginx/ 但运气不好。
我确定问题出在我的 Nginx 配置中。
docker-compose.yml
version: '3.0'
services:
project_db:
image: postgres:9.6
container_name: air-db
volumes:
- ./src/data:/var/lib/postgresql/data
- ./prj_config/docker-entrypoint-initdb.d/:/docker-entrypoint-initdb.d/
restart: unless-stopped
env_file:
- prod.env
project_redis:
image: redis:latest
container_name: aircraft-redis
restart: unless-stopped
expose:
- 6379
backend: &backend
container_name: air-auto
build:
context: .
dockerfile: Dockerfile
command: sh -c "python manage.py makemigrations && python manage.py migrate && gunicorn service.wsgi -b 0.0.0.0:8112 --workers 1"
restart: unless-stopped
volumes:
- ./src:/src
depends_on:
- project_db
- project_redis
ports:
- 0.0.0.0:8112:8112
env_file:
- prod.env
channel-worker:
<<: *backend
container_name: air-channels
command: sh -c "daphne -e ssl:443:privateKey=privkey.pem:certKey=fullchain.pem -u /tmp/daphne.sock -p 8005 service.asgi:application -b 0.0.0.0"
depends_on:
- project_db
- project_redis
volumes:
- /etc/letsencrypt/:/etc/letsencrypt/
ports:
- 0.0.0.0:8005:8005
- 0.0.0.0:8006:443
nginx(启用站点)
server {
listen 80;
server_name my-server.com;
include snippets/letsencrypt.conf;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
server_name my-server.com;
ssl_certificate /etc/letsencrypt/live/my-server.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/my-server.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/my-server.com/chain.pem;
include snippets/ssl.conf;
include snippets/letsencrypt.conf;
return 301 https://my-server.com.com$request_uri;
server {
listen 443 ssl http2;
server_name air.my-server.com;
ssl_certificate /etc/letsencrypt/live/air.my-server.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/air.my-server.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/air.my-server.com/chain.pem;
include snippets/ssl.conf;
include snippets/letsencrypt.conf;
location / {
proxy_pass http://localhost:8112/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /excel-worker/ {
proxy_pass http://0.0.0.0:8005/excel-worker/;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
location /static {
alias /path/to/my/staticfiles/;
}
location /media {
alias /path/to/my/media/;
}
location /robots.txt {
alias /path/to/my/robots.txt;
}
}
容器启动时的记录器结果
air-redis | 1:M 15 Feb 2019 15:07:40.292 * DB loaded from disk: 0.000 seconds
air-redis | 1:M 15 Feb 2019 15:07:40.292 * Ready to accept connections
air-auto-db | LOG: database system was shut down at 2019-02-15 15:06:41 UTC
air-auto-db | LOG: MultiXact member wraparound protections are now enabled
air-auto-db | LOG: database system is ready to accept connections
air-auto-db | LOG: autovacuum launcher started
air-channels | 2019-02-15 15:07:41,548 INFO Starting server at ssl:443:privateKey=/etc/letsencrypt/live/air.my-server.com/privkey.pem:certKey=/etc/letsencrypt/live/air.my-server.com/fullchain.pem, tcp:port=8005:interface=0.0.0.0, unix:/tmp/daphne.sock
air-channels | 2019-02-15 15:07:41,549 INFO HTTP/2 support enabled
air-channels | 2019-02-15 15:07:41,550 INFO Configuring endpoint ssl:443:privateKey=/etc/letsencrypt/live/air.my-server.com/privkey.pem:certKey=/etc/letsencrypt/live/air.my-server.com/fullchain.pem
air-channels | 2019-02-15 15:07:41,554 INFO Listening on TCP address 0.0.0.0:443
air-channels | 2019-02-15 15:07:41,555 INFO Configuring endpoint tcp:port=8005:interface=0.0.0.0
air-channels | 2019-02-15 15:07:41,555 INFO Listening on TCP address 0.0.0.0:8005
air-channels | 2019-02-15 15:07:41,556 INFO Configuring endpoint unix:/tmp/daphne.sock
air-auto | No changes detected
air-auto | Running migrations:
air-auto | No migrations to apply.
air-auto | [2019-02-15 15:07:43 +0000] [1] [INFO] Starting gunicorn 19.9.0
air-auto | [2019-02-15 15:07:43 +0000] [1] [INFO] Listening at: http://0.0.0.0:8112 (1)
air-auto | [2019-02-15 15:07:43 +0000] [1] [INFO] Using worker: sync
air-auto | [2019-02-15 15:07:43 +0000] [20] [INFO] Booting worker with pid: 20
我需要比项目的 django-channels aprt 和我的前端套接字进行握手。 正如我之前所说,在本地它工作正常。
欢迎提出任何建议!
我想通了。
问题出在使用 VPN 上。我将其关闭,我的 websockets 能够执行握手和 return 消息。
真的不知道为什么会这样,但希望这会对某人有所帮助。