django nginx ssl

用certbot一套操作贼简单，但是万一要自己调整nginx的conf时就不太会调了，但是经参考certbot的修改方式。实现了用let's Encrypt的脚本acme.sh生成的证书来搞django的ssl。

证书的生成见我的另一篇，这里就不多说了。

https://nothingishere.top/blog/read/OYZHEYLZ/5CXYDZFZU3TZJM7IV63Q%3D%3D%3D%3D/

用这个生成的证书来搞。

就是把原来conf中80端口的那些location都写到443的ssl中

如：

原来：

upstream django
{
    # server unix:///path/to/your/mysite/mysite.sock; # for a file socket
    server 127.0.0.1:8000; # for a web port socket (we'll use this first)
}
# configuration of the server

server
{
    # the port your site will be served on
    listen      80;
    # the domain name it will serve for
    server_name your_server_ip domain_name; # substitute your machine's IP address or FQDN
    charset     utf-8;

    # max upload size
    client_max_body_size 75M;   # adjust to taste

    location /static
    {
        alias /home/django_project/static; # 指向django的static目录
    }

    # Finally, send all non-media requests to the Django server.
    location /
    {
        uwsgi_pass  django;
        include     uwsgi_params; # the uwsgi_params file you installed
    }

}

现在：

upstream django
{
    # server unix:///path/to/your/mysite/mysite.sock; # for a file socket
    server 127.0.0.1:8000; # for a web port socket (we'll use this first)
}
# configuration of the server

server
{
 if ($host = nothingishere.top) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    listen      80;
    server_name your_server_ip domain_name;
    return 404; # managed by Certbot
}

server {
    listen 443 ssl http2;
    listen [::]:443 http2;
    ssl on;
    ssl_certificate       /usr/local/etc/v2ray/v2ray.crt;
    ssl_certificate_key   /usr/local/etc/v2ray/v2ray.key;
    ssl_protocols         TLSv1.3;
    ssl_ciphers           TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+ECDSA+AES128:EECDH+aRSA+AES128:RSA+AES128:EECDH+ECDSA+AES256:EECDH+aRSA+AES256:RSA+AES256:EECDH+ECDSA+3DES:EECDH+aRSA+3DES:RSA+3DES:!MD5;
    server_name your_server_ip domain_name; # substitute your 

    location /v2ray { # 与 V2Ray 配置中的 path 保持一致
        proxy_redirect off;
        proxy_pass http://127.0.0.1:1234;#假设WebSocket监听在环回地址的10000端口上
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $http_host;

        # Show realip in v2ray access.log
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }

    charset     utf-8;

    # max upload size
    client_max_body_size 30M;   # adjust to taste

    location /static
    {
        alias /home/django_project/static/; # 指向django的static目录
    }

    # Finally, send all non-media requests to the Django server.
    location /
    {
        uwsgi_pass  django;
        include     uwsgi_params; # the uwsgi_params file you installed
    }
}

这里故意多留了一些东西，你的明白的干活？