原文来自:使用cloudflare代理flask启用https服务 | 夜空中最亮的星
欢迎大家留言讨论
问题1:使用cloudflare的dns回源服务器的时候,出现了http和https不断反复重定向
问题2: flask只能启用http服务,需要启用https
步骤
- 服务器:
- 使用lnmp vhost add 添加域名,配置ssl证书
- pip install gunicorn
- 新建文件 gunicorn_start.sh(解决问题2)
-
#!/bin/bash # 定义Flask应用程序的名称和入口文件名 APP_NAME=app APP_ENTRYPOINT=app:app # 定义SSL证书和私钥文件的路径 CERT_FILE=/path/to/cert.pem KEY_FILE=/path/to/key.pem # 启动Gunicorn gunicorn $APP_ENTRYPOINT \ --bind 0.0.0.0:443 \ --certfile $CERT_FILE \ --keyfile $KEY_FILE \ --workers 4 \ --worker-class gthread \ --threads 2 \ --timeout 120 \ --log-level=info \ --access-logfile=- \ --error-logfile=-
-
sh gunicorn_start.sh
-
-
nginx 配置
-
server { listen 443 ssl http2; #listen [::]:443 ssl http2; server_name your-site ; index index.html index.htm index.php default.html default.htm default.php; root /home/wwwroot/your-site; ssl_certificate /usr/local/nginx/conf/ssl/your-site/fullchain.cer; ssl_certificate_key /usr/local/nginx/conf/ssl/your-site/your-site.key; ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers on; ssl_ciphers "TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5"; ssl_session_cache builtin:1000 shared:SSL:10m; # openssl dhparam -out /usr/local/nginx/conf/ssl/dhparam.pem 2048 ssl_dhparam /usr/local/nginx/conf/ssl/dhparam.pem; # Deny access to PHP files in specific directory #location ~ /(wp-content|uploads|wp-includes|images)/.*\.php$ { deny all; } location / { proxy_pass https://127.0.0.1:5000; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } access_log /home/wwwlogs/your-site.log; }
-
- cloudflare找到对应的域名,点击左侧的 "SSL/TLS"。 将“Your SSL/TLS encryption mode ” 配置成FULL或者FULL(Strict) (否则不支持https,解决问题1)
原文来自:使用cloudflare代理flask启用https服务 | 夜空中最亮的星https://shanxing.top/archives/304
欢迎大家留言讨论