Hi Team,
I need help with deploying SSL for python application running on uWSGI using Python Manager Plugin.
Current configuration - Nginx as a webserver
I'm unable to change/activate SSL on custom port 8080 instead of 443. I tried replacing the 443 with 8080 wherever necessary, however it didn't work. Please advise necessary changes to the configurations below
1) Below is the Website Config
server
{
listen 80;
listen 443 ssl http2;
server_name dev.example.com;
index index.php index.html index.htm default.php default.htm default.html;
root /www/wwwroot/dev.example.com;
#SSL-START SSL related configuration, do NOT delete or modify the next line of commented-out 404 rules
#error_page 404/404.html;
#HTTP_TO_HTTPS_START
if ($server_port !~ 443){
rewrite /.*$ https://$host$1 permanent;
}
#HTTP_TO_HTTPS_END
ssl_certificate /www/server/panel/vhost/cert/dev.example.com/fullchain.pem;
ssl_certificate_key /www/server/panel/vhost/cert/dev.example.com/privkey.pem;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
add_header Strict-Transport-Security "max-age=31536000";
error_page 497 https://$host$request_uri;
#SSL-END
#ERROR-PAGE-START Error page configuration, allowed to be commented, deleted or modified
#error_page 404 /404.html;
#error_page 502 /502.html;
#ERROR-PAGE-END
#PHP-INFO-START PHP reference configuration, allowed to be commented, deleted or modified
#Clear cache
location ~ /purge(/.*) {
proxy_cache_purge cache_one $host$1$is_args$args;
#access_log /www/wwwlogs/dev.example.com_purge_cache.log;
}
#Referenced reverse proxy rule, if commented, the configured reverse proxy will be invalid
include /www/server/panel/vhost/nginx/proxy/dev.example.com/*.conf; include enable-php-00.conf;
#PHP-INFO-END
#REWRITE-START URL rewrite rule reference, any modification will invalidate the rewrite rules set by the panel
include /www/server/panel/vhost/rewrite/dev.example.com.conf;
#REWRITE-END
# Forbidden files or directories
location ~ ^/(\.user.ini|\.htaccess|\.git|\.svn|\.project|LICENSE|README.md)
{
return 404;
}
# Directory verification related settings for one-click application for SSL certificate
location ~ \.well-known{
allow all;
}
access_log /www/wwwlogs/dev.example.com.log;
error_log /www/wwwlogs/dev.example.com.error.log;
}
2) REVERSE_PROXY config
#PROXY-START/
location ~* .(php|jsp|cgi|asp|aspx)$
{
proxy_pass https://127.0.0.1:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header REMOTE-HOST $remote_addr;
}
location /
{
proxy_pass https://127.0.0.1:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header REMOTE-HOST $remote_addr;
#Persistent connection related configuration
add_header X-Cache $upstream_cache_status;
#Set Nginx Cache
add_header Cache-Control no-cache;
expires 12h;
}
#PROXY-END/
3) Nginx Server Config
user www www;
worker_processes auto;
error_log /www/wwwlogs/nginx_error.log crit;
pid /www/server/nginx/logs/nginx.pid;
worker_rlimit_nofile 51200;
events
{
use epoll;
worker_connections 51200;
multi_accept on;
}
http
{
#LOG_FORMAT_BEGIN_Test
log_format Test '$http_x_forwarded_for $remote_addr - [$time_local] "$request" $status $body_bytes_sent $http_referer "$http_user_agent";'
#LOG_FORMAT_END_Test
include mime.types;
#include luawaf.conf;
include proxy.conf;
default_type application/octet-stream;
server_names_hash_bucket_size 512;
client_header_buffer_size 32k;
large_client_header_buffers 4 32k;
client_max_body_size 95m;
sendfile on;
tcp_nopush on;
keepalive_timeout 600;
tcp_nodelay on;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 64k;
fastcgi_buffers 4 64k;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 256k;
fastcgi_intercept_errors on;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.1;
gzip_comp_level 2;
gzip_types text/plain application/javascript application/x-javascript text/javascript text/css application/xml;
gzip_vary on;
gzip_proxied expired no-cache no-store private auth;
gzip_disable "MSIE [1-6]\.";
limit_conn_zone $binary_remote_addr zone=perip:10m;
limit_conn_zone $server_name zone=perserver:10m;
server_tokens off;
access_log off;
server
{
listen 888;
server_name phpmyadmin;
index index.html index.htm index.php;
root /www/server/phpmyadmin;
location ~ /tmp/ {
return 403;
}
#error_page 404 /404.html;
include enable-php.conf;
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
}
location ~ .*\.(js|css)?$
{
expires 12h;
}
location ~ /\.
{
deny all;
}
access_log /www/wwwlogs/access.log;
}
include /www/server/panel/vhost/nginx/*.conf;
}
4) uWSGI Config
[uwsgi]
master = true
processes = 1
threads = 2
chdir = /www/wwwroot/dev.example.com
wsgi-file= /www/wwwroot/dev.example.com/core/wsgi.py
http = 0.0.0.0:8080
logto = /www/wwwroot/dev.example.com/logs/error.log
chmod-socket = 660
vacuum = true
master = true
max-requests = 1000
env = HTTPS=on
