<p>我建议使用nginx终止对应用程序的SSL(https)连接和代理请求。下面是简单的nginx配置</p>
<pre><code>user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
access_log /var/log/nginx/access.log main;
upstream app_server {
server 127.0.0.1:5001 fail_timeout=0;
}
server {
listen <OPENSHIFT_PYTHON_IP>:<OPENSHIFT_PYTHON_PORT>;
server_name <DOMAIN_NAME>;
ssl on;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:RC4-MD5;
ssl_certificate /etc/nginx/cert.crt;
ssl_certificate_key /etc/nginx/cert.key;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect off;
proxy_pass http://app_server;
}
}
}
</code></pre>
<p>这是我的一个服务器的分条版本(希望我没有删除任何必要的东西)。在</p>
<p>代理服务器的主要问题是错误的头,如<code>HOST</code>,<code>REMOTE_ADDR</code>等等。但是这种配置,尤其是<code>proxy_set_header</code>命令可以帮助大多数web框架确定谁是真正的发送者。在</p>