nginx 在反向代理后使用HTTPS的build_absolute_uri

9q78igpj  于 2023-10-17  发布在  Nginx
关注(0)|答案(3)|浏览(141)

我在一个反向代理服务器后面提供我的Django应用程序
互联网-> Nginx -> Gunicorn socket -> Django app
在nginx配置中:

upstream my_server {
  server unix:/webapps/my_app/run/gunicorn.sock fail_timeout=0;
}

SSL是在nginx级别使用certbot设置的。
views.py中的request.build_absolute_uri生成http链接。如何强制生成https链接?

oknwwptz

oknwwptz1#

默认情况下,Django会忽略所有X-Forwarded头文件,基于Django文档。
通过设置USE_X_FORWARDED_HOST = TrueSECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')强制读取X-Forwarded-Host标头。在settings.py中:

USE_X_FORWARDED_HOST = True
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
oug3syen

oug3syen2#

我在apache2后面使用django,所以我的解决方案是把它放在apache2上。

<VirtualHost *:443>
  RequestHeader set X-Forwarded-Proto 'https' env=HTTPS

添加标头模式后:

a2enmod headers

在django setting.py上:

USE_X_FORWARDED_HOST = True
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')

有了这个,我的build_absolute_uri都是从https开始的

des4xlb0

des4xlb03#

在django文档中有一个注解https://docs.djangoproject.com/en/3.0/ref/request-response/#django.http.HttpRequest.build_absolute_uri:
Mixing HTTP and HTTPS on the same site is discouraged, therefore build_absolute_uri() will always generate an absolute URI with the same scheme the current request has. If you need to redirect users to HTTPS, it’s best to let your Web server redirect all HTTP traffic to HTTPS.

相关问题