如何解决otree/django 的 Apache 反向代理问题
我正在尝试使用 SSL 设置 apache 作为 oTree 应用程序的反向代理。 oTree 是一个基于 django 的社会科学实验框架,也使用 django 频道。反向代理通常有效,但我在使用 websockets 时遇到问题。
我的 apache 配置是
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster@localhost
ServerName myurl.net
ProxyRequests Off
ServerAdmin webmaster@localhost
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:8000/
ProxyPassReverse / http://127.0.0.1:8000/
SSLEngine on
SSLProxyEngine on
RewriteEngine On
RewriteCond %{HTTP:Connection} upgrade [NC]
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteRule /(.*) wss://127.0.0.1:8000/$1 [P,L]
ServerName myurl.net
SSLCertificateFile /etc/letsencrypt/live/myurl.net/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/myurl.net/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
我在apache中收到以下错误
[Wed Jan 06 15:42:51.137016 2021] [proxy:error] [pid 5573:tid 140468195309312] [client myip] AH00898: Error during SSL Handshake with Remote Server returned by /no_op/
[Wed Jan 06 15:42:59.029500 2021] [proxy:error] [pid 5574:tid 140468096587520] (20014)Internal error (specific information not available): [client myip] AH01084: pass request body Failed to 127.0.0.1:8000 (127.0.0.1)
在我的浏览器中,我收到以下错误。
(index):94 WebSocket connection to 'wss://myurl.net/create_demo_session/' Failed: Error during WebSocket handshake: Unexpected response code: 500
有人知道我缺少什么吗?
编辑:作为参考,以下 Nginx 配置有效:
server {
listen 443 ssl;
server_name _;
ssl on;
ssl_certificate "mycertificate";
ssl_certificate_key "mycertificate";
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
location / {
proxy_pass http://localhost:8000;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_http_version 1.1;
proxy_set_header Connection $http_connection;
}
}
解决方法
如果您想在主机的子域上运行 oTree,以便与同一台机器上托管的其他站点共享端口 80,您可以尝试以下配置。下面的示例假设 oTree 服务器在端口 8000 上运行。对于 HTTPS,将 80 到 443 ws 前缀更改为 wss:
<VirtualHost *:80>
ServerName otree.domain.com
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
RewriteEngine On
RewriteCond %{HTTP:Connection} Upgrade [NC]
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteRule /(.*) ws://127.0.0.1:8000/$1 [P,L]
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
