[系统运维]nginx + uwsgi + flask 使用https协议

软件安装和证书下载我就不啰嗦了，网上教程很多

#nginx默认访问80端口，一访问就重定向到https://www.xxx.com
server {
	listen 80;
	server_name www.xxx.com;
	rewrite ^(.*)$ https://${server_name}$1 permanent;
    }

    server {
    	listen 443 ssl;
        server_name www.xxx.com;
		root /xxxx/index;
		index index.html;
  		client_max_body_size 30M;
   		client_body_buffer_size 30M;
		ssl_certificate  "/usr/local/nginx/conf/cert/xxx.crt"; # 存放的位置
    	ssl_certificate_key "/usr/local/nginx/conf/cert/xxx.key"; # 存放的位置
    	ssl_session_timeout 20m;
    	ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4!DHE;
    	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    	ssl_prefer_server_ciphers on;
        location / {
           try_files $uri @app;
        }
		# 将请求转发给uwsgi，roxy_pass下面的是一些请求头信息，用户实际ip在X-Forwarded-For中
        location @app {
			proxy_pass http://172.18.0.1:8080$request_uri; # 这里配https也行，uwsgi那边改一下就好
			https://172.18.0.1:8080$request_uri;
			proxy_set_header Host $host;
			proxy_set_header X-Real-IP $remote_addr;
			proxy_set_header REMOTE-HOST $remote_addr;
			proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }
        location /static {
            alias /static;
        }
    }

[uwsgi]
#module = app.main
# https 后面得加证书位置，这里有个坑 ip只能写本机的ip，不能写服务器对外开放的ip
#https = 172.18.0.1:8080,/usr/local/nginx/conf/cert/quark-ai.com_bundle.crt,/usr/local/nginx/conf/cert/quark-ai.com.key 
http = 172.18.0.1:8080
chdir = /xxx/xxx/app/app/
wsgi-file = main.py
#module=/xxx/xxx/xxx/xxx/main.py
callable = app
chmod-socket = 777
#master = true
disable-logging = false
daemonize = /tmp/mylog.log

东西不多，但是坑还是有几个地方的。
**1.**配置完https后访问域名还是提示不安全，仔细一看原来还是http://www.xxx.com，然后我在上面写了一个重定向
**2.**就是nginx配置了https后，uwsgi该怎么配置才能让nginx代理，我自己只用了http和https，我用sock失败了
**3.**uwsgi配置http和https的时候用ifconfig查看本机ip，不能用127.0.0.1