python – 在使用nginx,letsencrypt和uwsgi配置它时无法获得安全连接

我正在努力解决一个我无法通过安全连接获取Flask应用程序的问题.每当我打开我的网站时,我都会收到一个黄色感叹号,表示我的连接不安全.我已经看过每个教程,但似乎没有得到为什么会发生这种情况.有谁可以帮助我.以下是配置.

UWSGI命令

screen uwsgi --socket 0.0.0.0:5000 --ini /root/trujet/truejet.ini --protocol=http -w wsgi:app &

Nginx配置

server {
        listen 80;
        listen [::]:80;
        server_name truejet.in www.truejet.in;
        ssl_certificate /etc/letsencrypt/live/www.truejet.in/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/www.truejet.in/privkey.pem;
        ssl_dhparam /etc/letsencrypt/live/www.truejet.in/dhparam.pem;
        rewrite     ^   https://$server_name$request_uri? permanent;
        location / {
                proxy_pass http://0.0.0.0:5000;
        }

}


server {
        listen 443 default_server ssl;
        server_name www.truejet.in truejet.in;
        ssl on;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_certificate /etc/letsencrypt/live/www.truejet.in/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/www.truejet.in/privkey.pem;
        ssl_dhparam /etc/letsencrypt/live/www.truejet.in/dhparam.pem;
        client_max_body_size 5M;
        access_log /var/log/nginx/access.log;
        error_log /var/log/nginx/error.log;

        location / {
        proxy_buffering off;
        proxy_pass http://0.0.0.0:5000;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Referer "";
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header X-Forwarded-SSL on;
        proxy_set_header Connection "upgrade";
        proxy_http_version 1.1;
    }

        resolver 8.8.8.8 8.8.4.4 valid=300s;

}

是的,我的证书是有效的

解决方法:

我认为您面临的问题可能与Firefox有关…

你能否确认你是否拥有Lets Encrypt的根CA(https://letsencrypt.org/certificates/)

如果缺少“Let’s Encrypt Authority X3”,请从上面的url下载root并将其添加到Mozilla Firefox.

我的另一个建议是在下面提到更新你的nginx conf …
注意：任何http请求都将被强制从下方获取https,仅限于www.如果您的应用支持不带www,请进行更改

server {
    server_name truejet.in www.truejet.in;
    return 301 https://$server_name$request_uri;
}

server 
{
    listen 443 ssl http2 default_server;
    listen [::]:443 ssl http2 default_server ipv6only=on;

    server_name www.truejet.in truejet.in;

    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_certificate /etc/letsencrypt/live/www.truejet.in/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/www.truejet.in/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/www.truejet.in/fullchain.pem;
    ssl_dhparam /etc/letsencrypt/live/www.truejet.in/dhparam.pem;

    client_max_body_size 5M;

    location / {
        proxy_buffering off;
        proxy_pass http://0.0.0.0:5000;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Referer "";
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header X-Forwarded-SSL on;
        proxy_set_header Connection "upgrade";
        proxy_http_version 1.1;
    }

    location ~ /.well-known {
        allow all;
        # You can add the path to the Challenge
        #root /usr/share/nginx/html;
    }

    resolver 8.8.8.8 8.8.4.4 valid=300s;
}

标签：lets-encrypt,python,nginx,uwsgi
来源： https://codeday.me/bug/20190929/1833520.html