我正在尝试构建一个基于语音识别的应用程序。它运行在Django上,有Django-channels和Daphne,Nginx作为web服务器,在AWS上的Ubuntu EC2示例上。它应该在浏览器中运行,所以我使用WebRTC来获取音频流--或者至少这是我的目标。我在这里将我的域命名为mysite.co。
日志显示Django在http://www.mysite.co:8000上正确地提供了页面,Daphne似乎也在运行
2022-10-17 13:05:02,950 INFO Starting server at fd:fileno=0, unix:/run/daphne/daphne0.sock
2022-10-17 13:05:02,951 INFO HTTP/2 support enabled
2022-10-17 13:05:02,951 INFO Configuring endpoint fd:fileno=0
2022-10-17 13:05:02,965 INFO Listening on TCP address [Private IPv4 address of my EC2 instance]:8000
2022-10-17 13:05:02,965 INFO Configuring endpoint unix:/run/daphne/daphne0.sock我用Daphne docs设置了Daphne和supervisor。在那里,他们使用端口8000。
我的第一个Nginx配置文件nginx.conf(我不应该使用这个文件,是吗?)看起来像这样:
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
types_hash_max_size 2048;
# server_tokens off;
server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
# Gzip Settings
gzip on;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
upstream channels-backend {
server mysite.co:80;
}
server {
location / {
try_files $uri @proxy_to_app;
}
location @proxy_to_app {
proxy_pass http://mysite.co;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}}
}
# and the mail settings, but I don't use them
目前,我的服务器的主页只提供我在第一个Nginx服务器块中设置的HTML(我在弄清楚如何在Nginx上获得TLS时设置了这个,我不需要这里的HTML):
server {
root /var/www/mysite/html;
index index.html index.htm index.nginx-debian.html;
server_name mysite.co www.mysite.co;
location / {
try_files $uri $uri/ =404;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/mysite.co/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/mysite.co/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.mysite.co) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = mysite.co) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name mysite.co www.mysite.co;
return 404; # managed by Certbot
}我需要WebRTC来访问应该通过Daphne运行的音频流,但为此,我需要HTTPS,因为你不能通过未加密的协议访问用户媒体。我用Let 's Encrypt for Nginx创建了一个TLS证书(参见上文),但当然这只在端口443上有效。我不能(也不应该能够?)通过HTTPS访问端口8000。
我现在有点迷茫,我的Nginx经验非常有限。我需要绑定端口8000到443吗?如果是的话,我需要如何处理我的Nginx配置,以获得目前在那里提供的HTML文件?我的思路是正确的吗?
如果我应该分享其他配置文件从Nginx或主管,请让我知道。
1条答案
按热度按时间tvz2xvvm1#
我走错了路,其实很简单,不用在8000端口上运行,在443上运行很方便。
你不需要在Nginx服务器块中配置SSL,而是在启动Daphne服务器的地方添加
-e ssl:443:privateKey=key.pem:certKey=crt.pem到你的daphne命令中。你必须事先生成一个SSL证书,当然,Let'sEncrypt在这里也能很好地工作。privateKey是privkey.pem,certKey是fullchain.pem。(This代码段本身不起作用,根据您的需要,您可能还需要添加其他标志,如
-u或--endpoint。)