Reputation: 631
setup ssl on nginx for a django project
I want to setup ssl for nginx, my project is a django and i also use gunicorn as wsgi http server. I add following lines in my settings.py code :
CSRF_COOKIE_SECURE = True
SESSION_COOKIE_SECURE = True
I don't know if it's necessary to do this, then i configure my nginx in the following form:
upstream app_server {
server 127.0.0.1:6000; // your gunicorn server
}
server {
listen 80;
server_name <name>;
return 301 https://$host$request_uri;
}
server {
#listen 80;
listen 443 default ssl;
client_max_body_size 4G;
server_name <name>;
#ssl on;
ssl_certificate /etc/nginx/ssl/ssl.crt;
ssl_certificate_key /etc/nginx/ssl/ssl.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
keepalive_timeout 5;
# path for static files
root /home/deploy/;
location /static/ {
}
location /media/ {
}
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#proxy_set_header Host $http_host;
proxy_redirect off;
proxy_set_header Host $host;
proxy_pass http://app_server;
}
error_page 500 502 503 504 /500.html;
location = /500.html {
root /home/deploy/static;
}
}
nginx configure is correct i think because its redirect 80 to 443,but nothing happens, 80 request sent, then nginx redirect it to 443, but nothing happend, it can't connect to gunicorn or project.
what is the problem of my nginx? my nginx version nginx/1.0.15. i almost see al related topics and according to them my configuration is correct. can any one help me? should i do something with gunicorn? my certificate is self-signed, or what should i do?
regards :)
Upvotes: 1
Views: 4382
Answers (1)
Reputation: 1361
This is the configuration I use for nginx with gunicorn and it works. Try it out, see what you get.
server {
listen 80;
server_name something.com;
access_log off;
return 301 https://$server_name$request_uri;
}
server{
server_name something.com;
listen 443 ssl;
ssl_certificate /path/to/file.crt;
ssl_certificate_key /path/to/privatekey.pem;
location /static/ {
alias /opt/myenv/static/;
}
location / {
proxy_pass http://127.0.0.1:8001;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Real-IP $remote_addr;
add_header P3P 'CP="ALL DSP COR PSAa PSDa OUR NOR ONL UNI COM NAV"';
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
add_header Front-End-Https on;
proxy_redirect off;
}
I think the key ingredient is:
proxy_pass http://127.0.0.1:8001;
That redirects the request to gunicorn, assuming you are running it on port 8001. My guess is that thats what you need to add.
Upvotes: 2
Related Questions
- Deploying Django project with Gunicorn and nginx
- Gunicorn not able to run server
- ssl with django gunicorn and nginx
- Nginx how to get an SSL certificate for a Django app
- using SSL with nginx in a django app
- Is it necessary to tweak settings.py in Django app in order to correctly set up SSL protection (with nginx reverse proxy + gunicorn)
- Django deployment https + gunicorn and nginx
- Django, Gunicorn Setup
- Using nginx and gunicorn to serve django
- SSL Using Gunicorn for Django