使用cloudflare代理flask启用https服务

问题1:使用cloudflare的dns回源服务器的时候,出现了http和https不断反复重定向

问题2:  flask只能启用http服务,需要启用https

  • 使用lnmp vhost add 添加域名,配置ssl证书
  • pip install gunicorn
  • 新建文件 gunicorn_start.sh(解决问题2),运行sh gunicorn_start.sh
#!/bin/bash
 
# 定义Flask应用程序的名称和入口文件名
APP_NAME=app
APP_ENTRYPOINT=app:app
 
# 定义SSL证书和私钥文件的路径
CERT_FILE=/path/to/cert.pem
KEY_FILE=/path/to/key.pem
 
# 启动Gunicorn
gunicorn $APP_ENTRYPOINT \
  --bind 0.0.0.0:443 \
  --certfile $CERT_FILE \
  --keyfile $KEY_FILE \
  --workers 4 \
  --worker-class gthread \
  --threads 2 \
  --timeout 120 \
  --log-level=info \
  --access-logfile=- \
  --error-logfile=-
  •  nginx  配置
server
    {
        listen 443 ssl http2;
        #listen [::]:443 ssl http2;
        server_name your-site ;
        index index.html index.htm index.php default.html default.htm default.php;
        root  /home/wwwroot/your-site;
 
        ssl_certificate /usr/local/nginx/conf/ssl/your-site/fullchain.cer;
        ssl_certificate_key /usr/local/nginx/conf/ssl/your-site/your-site.key;
        ssl_session_timeout 5m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
        ssl_prefer_server_ciphers on;
        ssl_ciphers "TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5";
        ssl_session_cache builtin:1000 shared:SSL:10m;
        # openssl dhparam -out /usr/local/nginx/conf/ssl/dhparam.pem 2048
        ssl_dhparam /usr/local/nginx/conf/ssl/dhparam.pem;
 
 
        # Deny access to PHP files in specific directory
        #location ~ /(wp-content|uploads|wp-includes|images)/.*\.php$ { deny all; }
 
        location / {
                proxy_pass https://127.0.0.1:5000;
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }
        access_log  /home/wwwlogs/your-site.log;
 
    }
  • cloudflare找到对应的域名,点击左侧的 “SSL/TLS”。 将“Your SSL/TLS encryption mode ” 配置成FULL或者FULL(Strict) (否则不支持https,解决问题1)

发表回复

您的电子邮箱地址不会被公开。 必填项已用 * 标注