Servere virtuale de web cu python si nginx, protocol http si https

Categorii: Programare, Unix, Internet

22-Jun-2016 14:27 - 3175 vizionari

Dupa mutarea serverului de web pe Rasberry Pi, am adaugat suport SSL, configurand doua sit-uri demo: https://demo1.rainbowheart.ro/ si https://demo2.rainbowheart.ro/.

8 aprilie 2017: Am dezactivat serverele demo1 si demo2, dar am adaugat https://iot.rainbowheart.ro redirectat din http://iot.rainbowheart.ro, mai multe detalii aici.

Desi toate adresele de web indica spre acelasi IP, nginx serveste continutul potrivit pentru fiecare nume de server apelat.

Serverul python livreaza informatia prin protocol fastcgi cu nginx (port 8080 pentru blog, port 9001 si port 9002) si nginx face selectia potrivita conform numelui din dns cu care este apelat serverul.

Configuratiile nginx sunt salvate in folderul /etc/nginx/conf.d/

Fisierul /etc/nginx/conf.d/blog.conf (serveste continut web neincriptat):



server {
        listen          80;
        server_name     rainbowheart.ro;
        #charset koi8-r;
        #access_log  logs/blog.access.log  main;
        location / {
            # host and port to fastcgi server
            fastcgi_pass 127.0.0.1:8080;
            fastcgi_param SERVER_NAME $server_name;
            fastcgi_param SERVER_PORT $server_port;
            fastcgi_param SERVER_PROTOCOL $server_protocol;
            fastcgi_param PATH_INFO $fastcgi_script_name;
            fastcgi_param REQUEST_METHOD $request_method;
            fastcgi_param QUERY_STRING $query_string;
            fastcgi_param CONTENT_TYPE $content_type;
            fastcgi_param CONTENT_LENGTH $content_length;
            fastcgi_pass_header Authorization;
            fastcgi_intercept_errors off;
            }
}

Fisierul /etc/nginx/conf.d/demo1.conf (serveste continut web criptat ssl cu cheia demo1.key):



server {
        listen          443 ssl;
        server_name     demo1.rainbowheart.ro;
        ssl_certificate     /etc/nginx/ssl/demo1.crt;
        ssl_certificate_key /etc/nginx/ssl/demo1.key;
        ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers         HIGH:!aNULL:!MD5;
        #charset koi8-r;
        #access_log  logs/blog.access.log  main;
        location / {
            # host and port to fastcgi server
            fastcgi_pass 127.0.0.1:9001;
            fastcgi_param SERVER_NAME $server_name;
            fastcgi_param SERVER_PORT $server_port;
            fastcgi_param SERVER_PROTOCOL $server_protocol;
            fastcgi_param PATH_INFO $fastcgi_script_name;
            fastcgi_param REQUEST_METHOD $request_method;
            fastcgi_param QUERY_STRING $query_string;
            fastcgi_param CONTENT_TYPE $content_type;
            fastcgi_param CONTENT_LENGTH $content_length;
            fastcgi_pass_header Authorization;
            fastcgi_intercept_errors off;
            }
}

Fisierul /etc/nginx/conf.d/demo2.conf (serveste continut web criptat ssl cu cheia demo2.key):



server {
        listen          443 ssl;
        server_name     demo2.rainbowheart.ro;
        ssl_certificate     /etc/nginx/ssl/demo2.crt;
        ssl_certificate_key /etc/nginx/ssl/demo2.key;
        ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers         HIGH:!aNULL:!MD5;
        #charset koi8-r;
        #access_log  logs/blog.access.log  main;
        location / {
            # host and port to fastcgi server
            fastcgi_pass 127.0.0.1:9002;
            fastcgi_param SERVER_NAME $server_name;
            fastcgi_param SERVER_PORT $server_port;
            fastcgi_param SERVER_PROTOCOL $server_protocol;
            fastcgi_param PATH_INFO $fastcgi_script_name;
            fastcgi_param REQUEST_METHOD $request_method;
            fastcgi_param QUERY_STRING $query_string;
            fastcgi_param CONTENT_TYPE $content_type;
            fastcgi_param CONTENT_LENGTH $content_length;
            fastcgi_pass_header Authorization;
            fastcgi_intercept_errors off;
            }
}

Serverul de web scris in python si bottle este foarte simplu:

Fisierul demo1.py:


#!/usr/bin/env python

from bottle import route, run, template, FlupFCGIServer

@route('/')
def index():
    return template('<b>Index {{name}}</b>! <a href="/hello/ioan">Ioan</a> - <a href="/hello/dan">Dan</a>', name=1)


@route('/hello/<name>')
def hello(name):
    return template('<b>Hello1 {{name}}</b>! - <a href="/">Home</a>', name=name)

PORT = 9001
run(host='0.0.0.0', port=PORT, debug=False, reloader=False, server=FlupFCGIServer)

Fisierul demo2.py:


#!/usr/bin/env python

from bottle import route, run, template, FlupFCGIServer

@route('/')
def index():
    return template('<b>Index {{name}}</b>! <a href="/hello/ioan">Ioan</a> - <a href="/hello/dan">Dan</a>', name=2)


@route('/hello/<name>')
def hello(name):
    return template('<b>Hello2 {{name}}</b>! - <a href="/">Home</a>', name=name)

PORT = 9002
run(host='0.0.0.0', port=PORT, debug=False, reloader=False, server=FlupFCGIServer)

Cele doua sit-uri https (ssl) au chei diferite, expira peste o mie de ani si au fost facute cu scriptul:


#!/bin/sh

FILENAME=server

openssl genrsa -out ${FILENAME}.key 1024 -config ./openssl.cnf
openssl req -new -key ${FILENAME}.key -x509 -days 365300 -out ${FILENAME}.crt -config ./openssl.cnf

Ultimele pagini: RSS

Alte adrese de Internet

Categorii

Istoric


Atentie: Continutul acestui server reprezinta ideile mele si acestea pot fi gresite.