Этот сайт не может обеспечить безопасное соединение
Сайт qrcp.kz отправил недействительный ответ.
Выполните диагностику сети в Windows.
ERR_SSL_PROTOCOL_ERROR
upstream gunicorn_app{
server web:8000;
}
server {
listen 80;
server_name qrcp.kz www.qrcp.kz;
location ^~ /.well-known/acme-challenge/ {
allow all;
root /var/www/certbot;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
server_name qrcp.kz www.qrcp.kz;
ssl_certificate /etc/letsencrypt/live/qrcp.kz/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/qrcp.kz/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
location / {
proxy_pass http://gunicorn_app;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /static/ {
alias /var/www/static/;
error_log /var/log/nginx/static_errors.log;
}
}
version: '3.10'
services:
web:
build: .
env_file:
- qrc/.env
volumes:
- static_data:/app/static
nginx:
image: nginx:latest
ports:
- "80:80"
- "443:443"
volumes:
- ./nginx/nginx.conf:/etc/nginx/conf.d/default.conf
- static_data:/var/www/static
- ./data/certbot/www:/var/www/certbot
- ./data/certbot/conf:/etc/letsencrypt
depends_on:
- web
certbot:
image: certbot/certbot
depends_on:
- nginx
volumes:
- ./data/certbot/conf:/etc/letsencrypt
- ./data/certbot/www:/var/www/certbot
command: certbot renew --quiet --no-self-upgrade
entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"
volumes:
static_data:
nginx_config:
letsencrypt_data
: root@SRV-I:/home/smokedev/python_project/qrc-django# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
72f4e94ea669 certbot/certbot "/bin/sh -c 'trap ex…" About an hour ago Up About an hour 80/tcp, 443/tcp qrc-django-certbot-1
27abe024f8ac nginx:latest "/docker-entrypoint.…" About an hour ago Up About an hour 0.0.0.0:80->80/tcp, :::80->80/tcp, 0.0.0.0:443->443/tcp, :::443->443/tcp qrc-django-nginx-1
778d619b6ab4 qrc-django-web "gunicorn qrc.wsgi:a…" About an hour ago Up About an hour 80/tcp, 443/tcp, 8000/tcp qrc-django-web-1
root@SRV-I:/home/smokedev/python_project/qrc-django# docker exec -it 27abe024f8ac ls -l /etc/letsencrypt/live/qrcp.kz/
total 4
-rw-r--r-- 1 root root 692 Sep 2 14:23 README
lrwxrwxrwx 1 root root 31 Sep 2 14:23 cert.pem -> ../../archive/qrcp.kz/cert1.pem
lrwxrwxrwx 1 root root 32 Sep 2 14:23 chain.pem -> ../../archive/qrcp.kz/chain1.pem
lrwxrwxrwx 1 root root 36 Sep 2 14:23 fullchain.pem -> ../../archive/qrcp.kz/fullchain1.pem
lrwxrwxrwx 1 root root 34 Sep 2 14:23 privkey.pem -> ../../archive/qrcp.kz/privkey1.pem
root@SRV-I:/home/smokedev/python_project/qrc-django# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
46639a158ff1 nginx:latest "/docker-entrypoint.…" About an hour ago Up About an hour 0.0.0.0:80->80/tcp, :::80->80/tcp, 0.0.0.0:443->443/tcp, :::443->443/tcp qrc-django-nginx-1
f759ce920116 qrc-django-web "gunicorn qrc.wsgi:a…" About an hour ago Up About an hour 80/tcp, 443/tcp, 8000/tcp qrc-django-web-1
185df9c961d0 certbot/certbot "/bin/sh -c 'trap ex…" About an hour ago Up About an hour 80/tcp, 443/tcp qrc-django-certbot-1
root@SRV-I:/home/smokedev/python_project/qrc-django# docker exec -it 46639a158ff1 cat /var/log/nginx/error.log
root@SRV-I:/home/smokedev/python_project/qrc-django# docker exec -i nginx cat /var/log/nginx/error.log
Error response from daemon: No such container: nginx
root@SRV-I:/home/smokedev/python_project/qrc-django# docker exec 46639a158ff1 cat /var/log/nginx/error.log
^C
root@SRV-I:/home/smokedev/python_project/qrc-django#
root@SRV-I:/home/smokedev/python_project/qrc-django# docker exec 46639a158ff1 /bin/bash
root@SRV-I:/home/smokedev/python_project/qrc-django# docker exec -it 46639a158ff1 /bin/bash
root@46639a158ff1:/# cat /var/log/nginx/error.log
root@46639a158ff1:/# ls /var/log/nginx/
access.log app_errors.log error.log static_errors.log
root@46639a158ff1:/#
root@SRV-I:/home/smokedev/python_project/qrc-django# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c284c0d7b73e nginx:latest "/docker-entrypoint.…" 5 minutes ago Up 5 minutes 0.0.0.0:80->80/tcp, :::80->80/tcp, 0.0.0.0:443->443/tcp, :::443->443/tcp qrc-django-nginx-1
519576f629e4 qrc-django-web "gunicorn qrc.wsgi:a…" 5 minutes ago Up 5 minutes 80/tcp, 443/tcp, 8000/tcp qrc-django-web-1
69c97cad6601 certbot/certbot "/bin/sh -c 'trap ex…" 5 minutes ago Up 5 minutes 80/tcp, 443/tcp qrc-django-certbot-1
root@SRV-I:/home/smokedev/python_project/qrc-django# docker restart c284c0d7b73e
c284c0d7b73e
root@SRV-I:/home/smokedev/python_project/qrc-django# docker exec -it c284c0d7b73e /bin/bash
root@c284c0d7b73e:/# cat /var/log/nginx/error.log
qrc-django-nginx-1 exited with code 0
qrc-django-nginx-1 exited with code 0
qrc-django-nginx-1 | 84.54.51.12 - - [03/Sep/2023:10:52:30 +0000] "CONNECT google.com:443 HTTP/1.1" 400 157 "-" "-" "-"
qrc-django-nginx-1 | 178.89.93.228 - - [03/Sep/2023:10:52:47 +0000] "\x16\x03\x01\x02\x00\x01\x00\x01\xFC\x03\x03\x16\xD4K\x9C$\xE7Q^\xD6t 0\xC5\xF2\x1C\x09\xB2\xDB\xDF\x85\xB1,\x826\x15\xD4\x9A\xBF\x96\x8BM1 \x85\x18\x1EzB\x99\x99\xE3$QVH\xEF\x7F\x84\x00\xC7\x94\x1E\xD8" 400 157 "-" "-" "-"
qrc-django-nginx-1 | 178.89.93.228 - - [03/Sep/2023:10:52:47 +0000] "\x16\x03\x01\x02\x00\x01\x00\x01\xFC\x03\x03J@SG#J~|&x\x88\xEF\xCA\x99h\xDC\xBA\x8Bw9'\xBDh\x95#\xFC\x139+\xD1m\x05 :\xB3\x81X\xF6)\x87\x08j\xD1q\x0E\xAC\xAF\x87\x22r\x01\x84j\x0Fb\x89\xAC\xD1\xC8\x8E\xAC`\xDA\xD0\xF5\x00 JJ\x13\x01\x13\x02\x13\x03\xC0+\xC0/\xC0,\xC00\xCC\xA9\xCC\xA8\xC0\x13\xC0\x14\x00\x9C\x00\x9D\x00/\x005\x01\x00\x01\x93\xCA\xCA\x00\x00\x00#\x00\x00\x00" 400 157 "-" "-" "-"
qrc-django-nginx-1 | 178.89.93.228 - - [03/Sep/2023:10:52:47 +0000] "\x16\x03\x01\x02\x00\x01\x00\x01\xFC\x03\x03%r\xB9" 400 157 "-" "-" "-"
qrc-django-nginx-1 | 178.89.93.228 - - [03/Sep/2023:10:52:47 +0000] "\x16\x03\x01\x02\x00\x01\x00\x01\xFC\x03\x03\x83\xEFk@" 400 157 "-" "-" "-"
qrc-django-nginx-1 | 178.89.93.228 - - [03/Sep/2023:10:52:47 +0000] "\x16\x03\x01\x02\x00\x01\x00\x01\xFC\x03\x03\xEA1mINz*\x86H\x0E\xB0\xAA\x19\x1B:'SM\xCF\x9C\x87\x12\xBF\xA5F\x22 \xD0{] A \x84\x1F\xF4\xEFFX\xEB\xF2B]\x8D\xC2\x0BK\x81\x7Fp\xAC\x09j45Wb6\xBE\x9C&\xC6\xFCF\x06\x00 zz\x13\x01\x13\x02\x13\x03\xC0+\xC0/\xC0,\xC00\xCC\xA9\xCC\xA8\xC0\x13\xC0\x14\x00\x9C\x00\x9D\x00/\x005\x01\x00\x01\x93\x8A\x8A\x00\x00\x00\x00\x00\x0C\x00" 400 157 "-" "-" "-"
qrc-django-nginx-1 | 178.89.93.228 - - [03/Sep/2023:10:52:47 +0000] "\x16\x03\x01\x02\x00\x01\x00\x01\xFC\x03\x03x\xB3H\x83\x85\xA3\x1D" 400 157 "-" "-" "-"
root@SRV-I:/home/smokedev/python_project/qrc-django# docker exec -it c284c0d7b73e ls /etc/letsencrypt/live/qrcp.kz/
README cert.pem chain.pem fullchain.pem privkey.pem
root@SRV-I:/home/smokedev/python_project/qrc-django# docker exec -it c284c0d7b73e ls -l /etc/letsencrypt/live/qrcp.kz/
total 4
-rw-r--r-- 1 www-data www-data 692 Sep 2 14:23 README
lrwxrwxrwx 1 www-data www-data 31 Sep 2 14:23 cert.pem -> ../../archive/qrcp.kz/cert1.pem
lrwxrwxrwx 1 www-data www-data 32 Sep 2 14:23 chain.pem -> ../../archive/qrcp.kz/chain1.pem
lrwxrwxrwx 1 www-data www-data 36 Sep 2 14:23 fullchain.pem -> ../../archive/qrcp.kz/fullchain1.pem
lrwxrwxrwx 1 www-data www-data 34 Sep 2 14:23 privkey.pem -> ../../archive/qrcp.kz/privkey1.pem
upstream gunicorn_app{
server web:8000;
}
server {
listen 80;
server_name localhost 127.0.0.1 [::1] 194.0.124.154 qrcp.kz www.qrcp.kz web srv-i;
location ^~ /.well-known/acme-challenge/ {
allow all;
root /var/www/certbot;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
server_name localhost 127.0.0.1 [::1] 194.0.124.154 qrcp.kz www.qrcp.kz web srv-i;
# Добавить логирование ошибок
error_log /var/log/nginx/ssl_errors.log;
access_log /var/log/nginx/ssl_access.log;
ssl_certificate /etc/letsencrypt/live/qrcp.kz/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/qrcp.kz/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
location / {
proxy_pass http://gunicorn_app;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
error_log /var/log/nginx/app_errors.log;
}
location /static/ {
alias /var/www/static/;
error_log /var/log/nginx/static_errors.log;
}
}
root@SRV-I:/home/smokedev/python_project/qrc-django# docker exec -it c284c0d7b73e chown -R nginx:nginx /etc/letsencrypt/live/qrcp.kz/
root@SRV-I:/home/smokedev/python_project/qrc-django# docker exec -it c284c0d7b73e chown -R www-data:www-data /etc/letsencrypt/live/qrcp.kz/
root@SRV-I:/home/smokedev/python_project/qrc-django#
root@c284c0d7b73e:/# nslookup google.com
Server: 127.0.0.11
Address: 127.0.0.11#53
Non-authoritative answer:
Name: google.com
Address: 64.233.165.102
Name: google.com
Address: 64.233.165.113
Name: google.com
Address: 64.233.165.100
Name: google.com
Address: 64.233.165.139
Name: google.com
Address: 64.233.165.101
Name: google.com
Address: 64.233.165.138
Name: google.com
Address: 2a00:1450:4010:c09::71
Name: google.com
Address: 2a00:1450:4010:c09::66
Name: google.com
Address: 2a00:1450:4010:c09::65
Name: google.com
Address: 2a00:1450:4010:c09::8b
root@c284c0d7b73e:/#
exit
root@SRV-I:/home/smokedev/python_project/qrc-django# docker restart c284c0d7b73e
c284c0d7b73e
root@SRV-I:/home/smokedev/python_project/qrc-django# docker exec -it c284c0d7b73e /bin/bash
root@c284c0d7b73e:/# nslookup qrcp.kz
Server: 127.0.0.11
Address: 127.0.0.11#53
Non-authoritative answer:
Name: qrcp.kz
Address: 194.0.124.154
root@c284c0d7b73e:/#
root@c284c0d7b73e:/# ps aux
bash: ps: command not found
root@c284c0d7b73e:/# apt install ps
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
E: Unable to locate package ps
root@c284c0d7b73e:/# apt install aux
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
E: Unable to locate package aux
root@c284c0d7b73e:/# apt install ps aux
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
E: Unable to locate package ps
E: Unable to locate package aux
root@c284c0d7b73e:/# ps aux
bash: ps: command not found
root@c284c0d7b73e:/#
root@c284c0d7b73e:/# ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.0 2572 948 ? Ss 11:21 0:00 /bin/sh -c while :; do sleep 6h & wait ${!}; nginx -s reload; done & nginx -g "daemon off;"
root 7 0.0 0.0 2572 100 ? S 11:21 0:00 /bin/sh -c while :; do sleep 6h & wait ${!}; nginx -s reload; done & nginx -g "daemon off;"
root 8 0.0 0.1 21876 8380 ? S 11:21 0:00 nginx: master process nginx -g daemon off;
root 9 0.0 0.0 2480 904 ? S 11:21 0:00 sleep 6h
nginx 10 0.0 0.0 22328 3032 ? S 11:21 0:00 nginx: worker process
nginx 11 0.0 0.0 22328 3032 ? S 11:21 0:00 nginx: worker process
nginx 12 0.0 0.0 22328 3032 ? S 11:21 0:00 nginx: worker process
nginx 13 0.0 0.0 22328 3032 ? S 11:21 0:00 nginx: worker process
root 45 0.0 0.0 4184 3468 pts/0 Ss 11:40 0:00 /bin/bash
root 157 0.0 0.0 8100 4072 pts/0 R+ 13:43 0:00 ps aux
root@c284c0d7b73e:/#
server {
listen 80;
server_name qrcp.kz www.qrcp.kz;
location / {
proxy_pass http://web:8000;
error_log /var/log/nginx/app_errors.log;
}
location /static/ {
alias /var/www/static/;
error_log /var/log/nginx/static_errors.log;
}
}
# server {
# listen 443;
# server_name qrcp.kz www.qrcp.kz;
# ssl_certificate /etc/letsencrypt/live/qrcp.kz/fullchain.pem;
# ssl_certificate_key /etc/letsencrypt/live/qrcp.kz/privkey.pem;
# include /etc/letsencrypt/options-ssl-nginx.conf;
# ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
# location / {
# proxy_pass http://web:8000;
# error_log /var/log/nginx/app_errors.log;
# }
# location /static/ {
# alias /var/www/static/;
# error_log /var/log/nginx/static_errors.log;
# }
# }
docker exec -it id_контейнера chown -R nginx:nginx /etc/letsencrypt
nginx:
image: nginx:latest
ports:
- "80:80"
- "443:443"
volumes:
- ./nginx/nginx.conf:/etc/nginx/conf.d/default.conf
- static_data:/var/www/static
- ./data/certbot/www:/var/www/certbot
- ./data/certbot/conf:/etc/letsencrypt
command: /bin/sh -c 'chown -R nginx:nginx /etc/letsencrypt && while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g "daemon off;"'
depends_on:
- web
Ошибка доступа (403)
Ошибка проверки CSRF. Запрос отклонён.
Help
Reason given for failure:
Origin checking failed - qrcp.kz does not match any trusted origins.
In general, this can occur when there is a genuine Cross Site Request Forgery, or when Django’s CSRF mechanism (https://docs.djangoproject.com/en/4.2/ref/csrf/) has not been used correctly. For POST forms, you need to ensure:
Your browser is accepting cookies.
The view function passes a request to the template’s render (https://docs.djangoproject.com/en/dev/topics/templ...) method.
In the template, there is a {% csrf_token %} template tag inside each POST form that targets an internal URL.
If you are not using CsrfViewMiddleware, then you must use csrf_protect on any views that use the csrf_token template tag, as well as those that accept the POST data.
The form has a valid CSRF token. After logging in in another browser tab or hitting the back button after a login, you may need to reload the page with the form, because the token is rotated after a login.
You’re seeing the help section of this page because you have DEBUG = True in your Django settings file. Change that to False, and only the initial error message will be displayed.
You can customize this page using the CSRF_FAILURE_VIEW setting
root@SRV-I:/home/smokedev/python_project/qrc-django# curl -v -k --tlsv1.2 https://localhost:443/admin/
* Trying ::1...
* TCP_NODELAY set
* Expire in 150000 ms for 3 (transfer 0x55fd884db030)
* Expire in 200 ms for 4 (transfer 0x55fd884db030)
* Connected to localhost (::1) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
* subject: CN=qrcp.kz
* start date: Sep 6 03:56:31 2023 GMT
* expire date: Dec 5 03:56:30 2023 GMT
* issuer: C=US; O=(STAGING) Let's Encrypt; CN=(STAGING) Ersatz Edamame E1
* SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
> GET /admin/ HTTP/1.1
> Host: localhost
> User-Agent: curl/7.64.0
> Accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
< HTTP/1.1 302 Found
< Server: nginx/1.25.2
< Date: Wed, 06 Sep 2023 06:24:12 GMT
< Content-Type: text/html; charset=utf-8
< Content-Length: 0
< Connection: keep-alive
< Location: /admin/login/?next=/admin/
< Expires: Wed, 06 Sep 2023 06:24:12 GMT
< Cache-Control: max-age=0, no-cache, no-store, must-revalidate, private
< X-Frame-Options: DENY
< Vary: Cookie
< X-Content-Type-Options: nosniff
< Referrer-Policy: same-origin
< Cross-Origin-Opener-Policy: same-origin
<
* Connection #0 to host localhost left intact
location / {
# CORS configuration
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization';
add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization';
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Type' 'text/plain charset=UTF-8';
add_header 'Content-Length' 0;
return 204;
}
}
server {
listen 80;
server_name qrcp.kz www.qrcp.kz;
location / {
return 301 https://$host$request_uri;
}
location ^~ /.well-known/acme-challenge/ {
allow all;
root /var/www/certbot;
}
}
server {
listen 443 ssl;
server_name qrcp.kz www.qrcp.kz;
ssl_certificate /etc/letsencrypt/live/qrcp.kz/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/qrcp.kz/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/qrcp.kz/chain.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
location / {
proxy_pass http://web:8000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
error_log /var/log/nginx/app_errors.log;
# CORS configuration
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization';
add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization';
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Type' 'text/plain charset=UTF-8';
add_header 'Content-Length' 0;
return 204;
}
}
location /static/ {
alias /var/www/static/;
error_log /var/log/nginx/static_errors.log;
}
}