• Flask、Tornado、Nginx搭建Https服务


    其实Flask可以直接用tornado部署就行:

    # coding=utf-8
    from tornado.wsgi import WSGIContainer
    from tornado.httpserver import HTTPServer
    from tornado.ioloop import IOLoop
    from app.app_main import app
    
    
    if __name__ == '__main__':
        http_server = HTTPServer(WSGIContainer(app))
        http_server.listen(9050)
        IOLoop.instance().start()

    以上就可以直接通过访问ip或者域名加9050端口就可以访问了。

    但是,如果要支持https呢?要直接访问域名(域名后面不叫端口号)呢?同时访问http直接跳转到https呢?

    接下来讲一下:

    首先,部署方式要修改一下代码:

    # coding=utf-8
    import os.path
    from tornado.httpserver import HTTPServer
    from tornado.wsgi import WSGIContainer
    from tornado import ioloop
    from app.app_main import app
    
    
    pl = os.getcwd().split('cover_app_platform')
    cert_path = pl[0] + r'cover_app_platform\app\https_cert\'
    
    
    def main():
        application = HTTPServer(WSGIContainer(app))
        # https证书地址
        https_cert_file = cert_path + 'covercert.pem'
        # https证书私钥地址
        https_key_file = cert_path + 'privatekey.pem'
        # https服务
        server = HTTPServer(application, ssl_options={"certfile": https_cert_file, "keyfile": https_key_file})
        # 9070启动端口
        server.listen(9070)
        ioloop.IOLoop.instance().start()
    
    
    if __name__ == "__main__":
        main()

    当然,怎么生成“covercert.pem”和'privatekey.pem'文件呢,你可以找你们运维给你生成,或者让运维给你根证书,自己生成:

    # 生成证书的申请文件和私钥文件
    openssl  req -nodes -newkey rsa:1024 -out coverreq.pem -keyout privatekey.pem
    # req:request的简写,代表发出一个申请数字证书的请求 # -nodes:不生成pin码,简化流程 # -newkey:生成新证书并指明加密算法和长度,也可以写成2048 # -out:输出一个请求文件,非密码文件 # -keyout:生成私钥 # 生成证书 :使用申请文件和私钥进行证书的申请,自己给自己颁发证书 openssl req -in coverreq.pem -x509 -key privatekey.pem -out covercert.pem -days 3650
    # -in:用之前的申请文件作为输入
    #
    -x509:证书格式
    #
    -key:私钥文件
    #
    -out:产出的证书文件
    #
    -days:证书有效期

    然后我们来配置nginx,怎么安装就不介绍了:

    在配置nginxconf ginx.conf 配置文件前,先copy保存一下,

    找到http{}段:

    http {
        include       mime.types;
        default_type  application/octet-stream;
    
        #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
        #                  '$status $body_bytes_sent "$http_referer" '
        #                  '"$http_user_agent" "$http_x_forwarded_for"';
    
        #access_log  logs/access.log  main;
    
        sendfile        on;
        #tcp_nopush     on;
    
        #keepalive_timeout  0;
        keepalive_timeout  65;
    
        #gzip  on;
    
        server {
            listen       80;
            server_name  xx.thecover.cn;
            rewrite ^(.*) https://$server_name$1 permanent;
    
            # charset utf-8;
    
            #access_log  logs/host.access.log  main;
    
            location / {
                proxy_pass https://localhost:9070;
            }
    
            #error_page  404              /404.html;
    
            # redirect server error pages to the static page /50x.html
            #
            error_page   500 502 503 504  /50x.html;
            location = /50x.html {
                root   html;
            }
    
            # proxy the PHP scripts to Apache listening on 127.0.0.1:80
            #
            #location ~ .php$ {
            #    proxy_pass   http://127.0.0.1;
            #}
    
            # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
            #
            #location ~ .php$ {
            #    root           html;
            #    fastcgi_pass   127.0.0.1:9000;
            #    fastcgi_index  index.php;
            #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
            #    include        fastcgi_params;
            #}
    
            # deny access to .htaccess files, if Apache's document root
            # concurs with nginx's one
            #
            #location ~ /.ht {
            #    deny  all;
            #}
        }

    server里我们配置运行的端口为80,域名为“xx.thecover.cn”,“rewrite ^(.*) https://$server_name$1 permanent;”  请求都转发到https,比如客服端访问http域名,也直接转为https。

    location 里直接配置我们flask启动的地址和端口“proxy_pass https://localhost:9070;”。

    接下来配置Https:

    配置https前,我们需要把证书和私钥文件放到nginx下的/conf/cert目录下,一般conf下没有cert文件夹的,需要直接建一个:

     然后找到# HTTPS server段:

    server{}这里一般都是注释了的,都打开:

     # HTTPS server
        #
        server {
            listen       443 ssl;
            server_name   localhost;
    
            ssl_certificate      cert/covercert.pem;
            ssl_certificate_key  cert/privatekey.pem;
    
            ssl_session_cache    shared:SSL:1m;
            ssl_session_timeout  5m;
    
            ssl_ciphers  HIGH:!aNULL:!MD5;
            ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
            ssl_prefer_server_ciphers  on;
    
            location / {
                #root   html;
                #index  index.html index.htm;
                proxy_pass   https://localhost:9070;
            }
    
        }

    如上配置就行,localtion里也需要配置flask访问的地址。

    ok,到此为止,我们就配置好了:

    直接访问域名:https://xx.thecover.cn,http:xx.thecover.cn, https:xx.thecover.cn:9070,都可以访问,妥妥的。

     另外,如果https证书是自己建立的话,浏览器访问会提示无效,或者不安全,还是要根证书来生成才行。

  • 相关阅读:
    网易云课堂Dubbo学习笔记
    Java的native方法
    java中三种for循环之间的对比
    java中的匿名内部类小结
    三重DEC加密在java中的实现
    CoreException: Could not get the value for parameter compilerId for plugin execution default-compile Maven项目pom文件报错,插件引用不到
    安装plsql developer
    Eclipse安装插件的“最好方法”:dropins文件夹的妙用
    linux项目部署常用命令
    Linux学习笔记
  • 原文地址:https://www.cnblogs.com/drewgg/p/14956274.html
Copyright © 2020-2023  润新知