我正在努力解决无法通过安全连接获取 Flask 应用程序的问题。每当我打开网站时,都会看到一个黄色感叹号,表示我的连接不安全。我看过所有教程,但似乎不明白为什么会发生这种情况。有人可以帮助我吗?下面是配置。
UWSGI命令
screen uwsgi --socket 0.0.0.0:5000 --ini /root/trujet/truejet.ini --protocol=http -w wsgi:app &
Nginx配置
server {
listen 80;
listen [::]:80;
server_name truejet.in www.truejet.in;
ssl_certificate /etc/letsencrypt/live/www.truejet.in/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.truejet.in/privkey.pem;
ssl_dhparam /etc/letsencrypt/live/www.truejet.in/dhparam.pem;
rewrite ^ https://$server_name$request_uri? permanent;
location / {
proxy_pass http://0.0.0.0:5000;
}
}
server {
listen 443 default_server ssl;
server_name www.truejet.in truejet.in;
ssl on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_certificate /etc/letsencrypt/live/www.truejet.in/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.truejet.in/privkey.pem;
ssl_dhparam /etc/letsencrypt/live/www.truejet.in/dhparam.pem;
client_max_body_size 5M;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
location / {
proxy_buffering off;
proxy_pass http://0.0.0.0:5000;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Referer "";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Forwarded-SSL on;
proxy_set_header Connection "upgrade";
proxy_http_version 1.1;
}
resolver 8.8.8.8 8.8.4.4 valid=300s;
}
是的,我的证书有效
我认为您遇到的问题可能与 Firefox 有关...
您能否确认您是否拥有 Lets Encrypt 的根 CA(https://letsencrypt.org/certificates/ https://letsencrypt.org/certificates/)
如果缺少“Let's Encrypt Authority X3”,请从上述网址下载根目录并将其添加到 Mozilla Firefox。
我的另一个建议是参考下面更新你的 nginx 配置...
注意:任何 http 请求都将被迫从下面获取 https,并且仅www。因此,如果您的应用程序支持不带 www 的功能,请进行更改
server {
server_name truejet.in www.truejet.in;
return 301 https://$server_name$request_uri;
}
server
{
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server ipv6only=on;
server_name www.truejet.in truejet.in;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_certificate /etc/letsencrypt/live/www.truejet.in/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.truejet.in/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/www.truejet.in/fullchain.pem;
ssl_dhparam /etc/letsencrypt/live/www.truejet.in/dhparam.pem;
client_max_body_size 5M;
location / {
proxy_buffering off;
proxy_pass http://0.0.0.0:5000;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Referer "";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Forwarded-SSL on;
proxy_set_header Connection "upgrade";
proxy_http_version 1.1;
}
location ~ /.well-known {
allow all;
# You can add the path to the Challenge
#root /usr/share/nginx/html;
}
resolver 8.8.8.8 8.8.4.4 valid=300s;
}
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系:hwhale#tublm.com(使用前将#替换为@)