ssl - NGINX - SSL 握手时关闭连接，同时 SSL 握手到上游

Question

堆栈 : react ，NGINX 1.14.0，GUnicorn，Django 2.2.8，Python 3.6.9
错误 :

在浏览器:当 React 调用 Django API(当然是在请求头中使用 Origin)时，大约 30 秒后浏览器控制台会出现 CORS 错误。在浏览器控制台中:CORS 策略已阻止从源“https://mydomain”访问“https://mydomain:8000/something/”处的 XMLHttpRequest:不存在“Access-Control-Allow-Origin” header 请求的资源。此外，HTTP 状态码是 502 Bad Gateway。

在 NGINX:SSL 握手中的对等关闭连接，同时 SSL 与上游握手，客户端:某物，服务器:mydomain，请求:“GET/something/HTTP/1.1”，上游:“https://unix:/home/ubuntu/django_path/gunicorn.sock:/something/"，主机:"mydomain:8000"，引用者:"https://mydomain/something"。等待请求时客户端超时(110:连接超时)，客户端:某事，服务器:0.0.0.0:443

在 GUnicorn:[关键] worker 超时

在 Django :我编写了日志以查看，但未打印日志。

session :

NGINX :

server {
    listen 80;
    server_name mydomain;

    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl;
    server_name mydomain;

    error_log /var/log/nginx/error.log debug;

    ssl_certificate /etc/letsencrypt/live/mydomain/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/mydomain/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    location / {
        root /home/ubuntu/react_path/build;
        index index.html index.htm;
        try_files $uri $uri/ /index.html;
    }
}

server {
    listen 8000 ssl;
    server_name mydomain;

    ssl_certificate /etc/letsencrypt/live/mydomain/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/mydomain/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    charset utf-8;

    location / {
        include proxy_params;
        proxy_pass https://unix:/home/ubuntu/django_path/gunicorn.sock;
    }

    location /static/ {
        alias /home/ubuntu/django_path/static/;
    }

    location /media/ {
        alias /home/ubuntu/django_path/media/;
    }
}

G unicorn :

[Unit]
Description=gunicorn daemon
After=network.target

[Service]
User=ubuntu
Group=www-data
WorkingDirectory=/home/ubuntu/django_path
ExecStart=/home/ubuntu/VENV/bin/gunicorn --workers 3 --bind unix:/home/ubuntu/django_path/gunicorn.sock api.wsgi:application

[Install]
WantedBy=multi-user.target

Django :

CORS_ALLOWED_ORIGINS = [
    'https://mydomain',
]

有一些问题，但我认为发生 CORS 错误是因为流量没有到达 Django，甚至 GUnicorn。
所以也许我改变了NGINX conf。你怎么看？我该如何解决？

Answer 1

继续之后，我找到了解决办法。
https://serverfault.com/questions/746297/how-to-run-gunicorn-upstream-with-an-nginx-ssl-configuration很有帮助。
下面是 NGINX 的配置文件。

upstream gunicorn {
    server 127.0.0.1:8080;
}

server {
    listen 80;
    server_name mydomain;

    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl;
    server_name mydomain;

    ...
}

server {
    listen 8000 ssl;
    server_name mydomain;

    ...

    location / {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $host;
        proxy_pass http://gunicorn;
    }
    ...
}

下面是 GUnicorn 的 conf。

...
ExecStart=/home/ubuntu/VENV/bin/gunicorn --workers 3 --bind 127.0.0.1:8080:/home/ubuntu/django_path/gunicorn.sock api.wsgi:application
...