[BangPypers] Multiple Django app with nginx
Sathishkumar Duraisamy
bewithsathish at gmail.com
Wed May 18 23:31:51 EDT 2016
On Thu, May 19, 2016 at 1:31 AM, Gora Mohanty <gora at mimirtech.com> wrote:
> On 19 May 2016 at 00:41, Sathishkumar Duraisamy <bewithsathish at gmail.com>
> wrote:
> > Hi All,
> >
> > In Apache with help of modwsgi module we can mount may application like
> >
> > WSGIScriptAlias /app1 /usr/local/www/wsgi-scripts/myapp1.wsgi
> > WSGIScriptAlias /app2 /usr/local/www/wsgi-scripts/myapp2.wsgi
> >
> > What is the similar approch for NGINX web server? Any idea?
>
> First of all, this is really off-topic here, and you are probably
> better off asking
> on a nginx list.
May be you are right. I am really sorry, with many django developers here
in our local python list, I hoped to get solution.
Having said that, we regularly use nginx with
> gunicorn, and what
> you need to do is
> * Set up an upstream server that defines the TCP/Unix domain socket that
> gunicorn is listening on. Something like:
> upstream app_server {
> server 127.0.0.1:80 fail_timeout=0;
> }
> * Then, proxy to the app_server, e.g.,
> location @proxy_to_app {
> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
> proxy_set_header Host $http_host;
> proxy_set_header X-Forwarded-Protocol https;
> proxy_redirect off;
> proxy_buffering off;
> proxy_pass http://app_server;
> }
>
> There are many detailed write-ups available by searching Google: See, e.g.,
>
> http://michal.karzynski.pl/blog/2013/06/09/django-nginx-gunicorn-virtualenv-supervisor/
>
> > I have been trying with reverse proxy along with gunicorn, but not able
> to
> > achieve.
> >
> > I am trying to get mount as follows:
> >
> > http://exmaple.com/app1 --> 127.0.0.1:8000/
> > http://exmaple.com/app1/home/ --> 127.0.0.1:8000/home/
> [...]
>
> Please show actual nginx configuration on the nginx mailing list rather
> than
> pseudo-examples like this. Nobody can tell what you are actually trying.
>
Below is my nginx configuration, with domain name changed to example.com.
Here I two application one is Taiga which is basically django application
and second one is green, which is again, home grown django application.This
one is on second server( with different architecture with docker). I have
checked with browser with address 10.135.48.188:8000 and is working good.
I could see the home page of green project:
https://example.com/green/
When I try to login with links in the home page of green, it is pointing to
https://example.com/login instead of https://example.com/green/login. May
be it is correct from nginx reverse proxy.
In apache , WSGIScriptAlias takes care of this. How we achieve the same
thing here. Am I missing anything in configuration? And my ssl certificate
will not support sub-domain. So i cannot go with https://green.example.com/
------------------------------8<----------------------------------8<------------------------------8<----------------------------------8<------------------------------8<----------------------------------
server {
listen 443;
server_name www.example.com;
return 301 https://example.com$request_uri ;
}
server {
listen 80 default_server;
server_name example.com;
return 301 https://$server_name$request_uri;
}
upstream green_servers {
server 10.135.48.188:8000;
}
server {
listen 443 ssl default_server;
server_name example.com;
large_client_header_buffers 4 32k;
client_max_body_size 50M;
charset utf-8;
access_log /home/webhost/taiga/logs/nginx.access.log;
error_log /home/webhost/taiga/logs/nginx.error.log;
# Frontend
location / {
root /home/webhost/taiga/taiga-front-dist/dist/;
try_files $uri $uri/ /index.html;
}
# Backend
location /api {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:8001/api;
proxy_redirect off;
}
# Backend
location /green {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://green_servers/;
proxy_redirect off;
}
# Static files
location /static {
alias /home/webhost/taiga/taiga-back/static;
}
# Media files
location /media {
alias /home/webhost/taiga/taiga-back/media;
}
add_header Strict-Transport-Security "max-age=63072000;
includeSubdomains; preload";
add_header Public-Key-Pins 'pin-sha256="0RiuGnj7hjey+lDP29tjAhA=";
max-age=2592000; includeSubDomains';
ssl on;
ssl_certificate /etc/nginx/ssl/example.com/example.com.pem;
ssl_certificate_key /etc/nginx/ssl/example.com/example.com.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers
'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
ssl_session_cache shared:SSL:10m;
ssl_dhparam /etc/nginx/ssl/example.com/dhparam_2_4096.pem;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/nginx/ssl/example.com/example.com.pem;
}
------------------------------8<----------------------------------8<------------------------------8<----------------------------------8<------------------------------8<----------------------------------
>
> Regards,
> Gora
> _______________________________________________
> BangPypers mailing list
> BangPypers at python.org
> https://mail.python.org/mailman/listinfo/bangpypers
>
--
Regards,
Sathishkumar D
More information about the BangPypers
mailing list