使用cloudflare代理flask启用https服务

原文来自:使用cloudflare代理flask启用https服务 | 夜空中最亮的星

欢迎大家留言讨论

问题1:使用cloudflare的dns回源服务器的时候,出现了http和https不断反复重定向

问题2:  flask只能启用http服务,需要启用https

步骤

  1. 服务器:
    1. 使用lnmp vhost add 添加域名,配置ssl证书
    2. pip install gunicorn
    3. 新建文件 gunicorn_start.sh(解决问题2)
      1. #!/bin/bash
        
        # 定义Flask应用程序的名称和入口文件名
        APP_NAME=app
        APP_ENTRYPOINT=app:app
        
        # 定义SSL证书和私钥文件的路径
        CERT_FILE=/path/to/cert.pem
        KEY_FILE=/path/to/key.pem
        
        # 启动Gunicorn
        gunicorn $APP_ENTRYPOINT \
          --bind 0.0.0.0:443 \
          --certfile $CERT_FILE \
          --keyfile $KEY_FILE \
          --workers 4 \
          --worker-class gthread \
          --threads 2 \
          --timeout 120 \
          --log-level=info \
          --access-logfile=- \
          --error-logfile=-
        
      2. sh gunicorn_start.sh

    4.  nginx  配置

      1. server
            {
                listen 443 ssl http2;
                #listen [::]:443 ssl http2;
                server_name your-site ;
                index index.html index.htm index.php default.html default.htm default.php;
                root  /home/wwwroot/your-site;
        
                ssl_certificate /usr/local/nginx/conf/ssl/your-site/fullchain.cer;
                ssl_certificate_key /usr/local/nginx/conf/ssl/your-site/your-site.key;
                ssl_session_timeout 5m;
                ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
                ssl_prefer_server_ciphers on;
                ssl_ciphers "TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5";
                ssl_session_cache builtin:1000 shared:SSL:10m;
                # openssl dhparam -out /usr/local/nginx/conf/ssl/dhparam.pem 2048
                ssl_dhparam /usr/local/nginx/conf/ssl/dhparam.pem;
        
        
                # Deny access to PHP files in specific directory
                #location ~ /(wp-content|uploads|wp-includes|images)/.*\.php$ { deny all; }
        
                location / {
                        proxy_pass https://127.0.0.1:5000;
                        proxy_set_header Host $host;
                        proxy_set_header X-Real-IP $remote_addr;
                        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                }
                access_log  /home/wwwlogs/your-site.log;
        
            }
    5. cloudflare找到对应的域名,点击左侧的 "SSL/TLS"。 将“Your SSL/TLS encryption mode ” 配置成FULL或者FULL(Strict) (否则不支持https,解决问题1)

      原文来自:使用cloudflare代理flask启用https服务 | 夜空中最亮的星icon-default.png?t=N2N8https://shanxing.top/archives/304

      欢迎大家留言讨论

你可能感兴趣的:(flask,https,python)