i hope that u can help me.
I deployed my django application to an ubuntu 20.04 server with nginx and gunicorn.
This is my settings:
gunicorn.service
[Unit]
Description=gunicorn daemon
Requires=gunicorn.socket
After=network.target
[Service]
User=ubuntu
Group=www-data
WorkingDirectory=/var/www/PlugSell
ExecStart=/var/www/PlugSell/env/bin/gunicorn --access-logfile - --error-logfile - -k uvicorn.workers.UvicornWorker --workers 3 --bind unix:/run/gunicorn.sock minible.asgi:application
[Install]
WantedBy=multi-user.target
app nginx conf
server {
server_name 3.73.206.145 127.0.0.1 sell.plug-shop.com;
location = /favicon.ico {
access_log off; log_not_found off;
}
location /static/ {
root /var/www/PlugSell;
}
location / {
include proxy_params;
proxy_pass http://unix:/run/gunicorn.sock;
}
location /ws/ {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Url-Scheme $scheme;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_pass http://unix:/run/gunicorn.sock;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/sell.plug-shop.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/sell.plug-shop.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = sell.plug-shop.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name 3.73.206.145 127.0.0.1 sell.plug-shop.com;
return 404; # managed by Certbot
}
in settings.py i have
CHANNEL_LAYERS = {
"default": {
"BACKEND": "channels_redis.core.RedisChannelLayer",
"CONFIG": {
"hosts": [("127.0.0.1", 6379)],
},
},
}
and in my asgi.py
os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'minible.settings')
django.setup()
application = ProtocolTypeRouter({
"http": get_asgi_application(),
"websocket": AuthMiddlewareStack(
URLRouter(
[
path('ws/notification/',
consumer.NotificationConsumer.as_asgi())
]
)
)
})
Redis is installed and work perfectly (binding at 0.0.0.0)
Everything works perfectly but the websocket doesn't work.
I try to connect to the websocket via "wss://sell.plug-shop.com/ws/notification/" but the connection always fails. In the nginx log file it does not give me any information regarding some connection error to the websocket
Related
I have a Django server which uses websockets (Django channels). I have the following configurations of daphne and nginx.
What the right way to configure ngnix for wss websockets?
Here's what I have:
/etc/nginx/sites-available/trading-backend
server {
server_name trading-backend-test.myserver.com;
location = /favicon.ico { access_log off; log_not_found off; }
location /static/ {
alias /home/vagram/trading-backend/static_root/;
}
location /media/ {
alias /home/vagram/trading-backend/media_root/;
}
location /ws/ {
proxy_pass http://unix:/home/vagram/run/daphne.sock;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_redirect off;
}
location / {
include proxy_params;
proxy_pass http://unix:/home/vagram/trading-backend.sock;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/trading-backend-test.myserver.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/trading-backend-test.myserver.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = trading-backend-test.myserver.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name trading-backend-test.myserver.com;
return 404; # managed by Certbot
}
/etc/systemd/system/daphne.socket
[Unit]
Description=daphne socket
[Socket]
ListenStream=/run/daphne.sock
[Install]
WantedBy=sockets.target
/etc/systemd/system/daphne.service
Description=WebSocket Daphne Service
Requires=daphne.socket
After=network.target
[Service]
Type=simple
User=vagram
WorkingDirectory=/home/vagram/trading-backend/src
ExecStart=/home/vagram/trading-backend/env/bin/daphne -b 0.0.0.0 -p 8001 project.asgi:application
Restart=on-failure
[Install]
WantedBy=multi-user.target
I want to run three subdomains on the same server and the same service in a different folder all this are Django service.
bellow is the Nginx conf file
I am trying to run request-micro service on the same server with a different domains and different folders.
I am already running two test server domain on 2732 port in "home/user/test/" folder and its running fine,
Now I am trying to run dev server on 2742 port in different directory "/home/user/dev/" but some times the test server requests are coming on dev server ports.it should be on 2732.
test.buyer1.domain.co should redirect to 2732 and dev.buyer2.domain.co should redirect to 2742 port but sometimes test.buyer1.domain.co redirects to 2742.
how can I differentiate dev and test server?
server {
server_name test.buyer1.domain.co ;
location /request-micro {
allow all;
proxy_pass http://127.0.0.1:2732;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_cache_bypass $http_upgrade;
client_max_body_size 2000M;
alias /home/ubuntu/test/project/project;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/test.buyer1.domain.co/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/test.buyer1.domain.co/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
server_name test.buyer2.domain.co ;
location /request-micro {
allow all;
proxy_pass http://127.0.0.1:2732;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_cache_bypass $http_upgrade;
client_max_body_size 2000M;
alias /home/ubuntu/test/project/project;
}
listen 443 ssl; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/test.buyer2.domain.co/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/test.buyer2.domain.co/privkey.pem; # managed by Certbot
}
server {
server_name dev.buyer2.domain.co ;
location /request-micro {
allow all;
proxy_pass http://127.0.0.1:2742;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_cache_bypass $http_upgrade;
client_max_body_size 2000M;
alias /home/ubuntu/dev/project/project;
}
listen 443 ssl; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/dev.buyer2.domain.co/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/dev.buyer2.domain.co/privkey.pem; # managed by Certbot
}
server {
if ($host = test.buyer1.domain.co) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name test.buyer1.domain.co ;
listen 80;
return 404; # managed by Certbot
}
server {
if ($host = test.buyer2.domain.co) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name test.buyer2.domain.co ;
listen 80;
return 404; # managed by Certbot
}
server {
if ($host = dev.buyer2.domain.co) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name dev.buyer2.domain.co ;
listen 80;
return 404; # managed by Certbot
}
what should I do?
I have been following several different tutorials about how to set up gunicorn and daphne in parallel so that gunicorn can serve http to my django apps and daphne to my django channels app. However, I am now stuck on the welcome to nginx homepage and I cannot figure out what the problem is.
supervisor.conf
[program:example]
directory=/home/user/example/example
command=/home/user/envs/example/bin/gunicorn example.wsgi:application
user=user
autostart=true
autorestart=true
redirect_stderr=true
stdout_logfile=/home/user/envs/example/bin/gunicorn-error.log
[program:serverinterface]
directory=/home/user/example/example
command=/home/user/envs/example/bin/daphne -b 0.0.0.0 -p 8001 example.asgi:application
autostart=true
autorestart=true
stopasgroup=true
user=user
stdout_logfile = /home/user/example/bin/gunicorn-error.log
nginx/sites-availible/example.com
upstream app_server {
server http://unix:/run/gunicorn.sock fail_timeout=0;
}
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
return 301 https://example.com$request_uri;
}
server {
listen [::]:443 ssl ipv6only=on;
listen 443 ssl;
server_name example.com www.example.com;
# Let's Encrypt parameters
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
location = /favicon.ico { access_log off; log_not_found off; }
location / {
try_files $uri #proxy_to_app;
}
location /ws/ {
try_files $uri #proxy_to_ws;
}
location #proxy_to_app {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
}
location #proxy_to_ws {
proxy_pass http://0.0.0.0:8001;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
}
I was under the assumption that I could run a Django Channels app using only Daphne (ASGI) and Nginx as a proxy for my Django app to begin with.
The application would be running with Daphne on 127.0.0.1:8001
However, I am running into a 403 Forbidden error.
2019/03/06 17:45:40 [error] *1 directory index of "/home/user1/app/src/app/" is forbidden
And when I posted about that, another user mentioned
There is no directive to pass http request to django app in your
nginx config
And suggested to look into fastcgi_pass or uwsgi_pass or Gunicorn.
Obviously Django Channels runs on ASGI and I am passing all requests through that right now (not to uWSGI then on to ASGI depending on the request.)
Can I serve my Django app with only Nginx and Daphne? The Django Channels docs seem to think so as they don't mention needing Gunicorn or something similar.
my nginx config
upstream socket {
ip_hash;
server 127.0.0.1:8001 fail_timeout=0;
}
server {
listen 80;
#listen [::]:80 ipv6only=on;
server_name your.server.com;
access_log /etc/nginx/access.log;
root /var/www/html/someroot;
location / {
#autoindex on;
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
# try_files $uri =404;
#proxy_set_header X-Real-IP $remote_addr;
#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#proxy_set_header Host $http_host;
#proxy_set_header X-NginX-Proxy true;
#proxy_pass http://socket;
#proxy_redirect off;
#proxy_http_version 1.1;
#proxy_set_header Upgrade $http_upgrade;
#proxy_set_header Connection "upgrade";
#proxy_redirect off;
#proxy_set_header X-Forwarded-Proto $scheme;
#proxy_cache one;
#proxy_cache_key sfs$request_uri$scheme;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/some/fullchain.pem;
# managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/some/privkey.pem;
# managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
if ($scheme != "https") {
return 301 https://$host$request_uri;
}
}
Yes, it's possible. Try this config:
upstream socket {
ip_hash;
server $DAPHNE_IP_ADDRESS$ fail_timeout=0;
}
server {
...
location / {
proxy_pass http://socket;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
...
}
Where $DAPHNE_IP_ADDRESS$ - your daphne IP and port without schema(127.0.0.1:8001).
I am using Nginx and gunicorn to serve my Django project. I currently have it working for ssl (https), but do not quite understand the correct settings for the settings file and nginx. Could someone have a look at my setup and tell me if anything blatantly looks wrong, or horribly executed?
My Nginx File, Please Note that some lines are commented out. When I uncomment them, the site stops working. Edit: When I uncomment them all at the same time/
server {
server_name example.com;
listen 443 ssl;
ssl on;
ssl_certificate /etc/ssl/mycrt.crt;
ssl_certificate_key /etc/ssl/mykey.key;
location = /favicon.ico {access_log off; log_not_found off;}
location /static/ {
gzip on;
gzip_types text/css;
alias /home/project/static/;
}
location / {
include proxy_params;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
# proxy_set_header Host $http_host;
# proxy_redirect off;
proxy_pass http://unix:/home/project/myproject/project.sock;
}
}
server {
listen 80;
server_name example.com www.example.com;
return 301 https://example.com$request_uri;
}
My Gunicorn File
[Unit]
Description=gunicorn daemon
After= network.target
[Service]
User=tyler
Group=www-data
Environment="Production=production"
WorkingDirectory=/home/project/myproject
ExecStart=/home/project/projectenv/bin/gunicorn --access-logfile - --workers 3 --bind unix:/home/projecty/myproject_a$
[Install]
WantedBy=multi-user.target
And lastly, the dajngo settings
SECURE_SSL_REDIRECT = True
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True
Are there any issues with this setup? I am very confused about the Nginx settings that I had to comment out in order for https to start working. Also, I know Django is very cautious on using the SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https') setting. Does all look well?
Thanks!
It works for me. I don't sure it will work for you, but you can try.
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://unix:/home/project/myproject/project.sock;
}