我通过nginx和后端子域解决了这个问题.
对于特写阅读器:
# Number of simultaneously processed connections
events {
worker_connections 1024;
}
http {
# for example configuration for your python application
# port means where future requests
# from the below specified block will be forwarded
upstream web {
server <your_host>:<application_port>;
}
server {
listen 80;
server_name <your_host>;
location / {
proxy_pass http://web;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto http;
}
}
# This is a server configuration block in Nginx that determines how
# to handle requests for a specific domain or IP address and port.
# In this case, the server listens for requests on port 443
# using an SSL certificate to secure the connection and passes them
# to the backend server named "back" via HTTP using the proxy_pass directive.
server {
listen 443 ssl;
server_name <your_host>;
# your cert files (for example, generated by certbot)
ssl_certificate /etc/letsencrypt/live/<your_host>/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/<your_host>/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/<your_host>/chain.pem;
location / {
proxy_pass http://web;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
}
}
我的nginx.conf:
events {
worker_connections 1024;
}
http {
# backend
upstream back {
server back.mysite.ru:8000;
}
server {
listen 80;
server_name back.mysite.ru;
location / {
proxy_pass http://back;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto http;
}
}
server {
listen 443 ssl;
server_name back.mysite.ru;
ssl_certificate /etc/letsencrypt/live/back.mysite.ru/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/back.mysite.ru/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/back.mysite.ru/chain.pem;
location / {
proxy_pass http://back;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
}
}
# frontend
upstream front {
server mysite.ru:80;
}
server {
listen 80;
server_name mysite.ru;
location / {
proxy_pass http://front;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto http;
}
}
server {
listen 443 ssl;
server_name mysite.ru;
ssl_certificate /etc/letsencrypt/live/mysite.ru/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mysite.ru/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/mysite.ru/chain.pem;
location / {
proxy_pass http://front;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
}
}
}
我在 docker 集装箱里的nginx:
nginx:
build: ./nginx
ports:
- "443:443"
volumes:
- /etc/letsencrypt:/etc/letsencrypt
depends_on:
- frontend
- backend
这个docker容器在容器内部运行Nginx,并将其配置为侦听端口443.容器还在容器内部挂载了一个本地/etc/letsencrypt目录,以便Nginx可以使用存储在此目录中的SSL证书.
我的nginx文档文件:
FROM nginx
COPY nginx.conf /etc/nginx/nginx.conf