0

I've followed a couple of examples for Django + nginx + wsgi + ssl, but I can't get them to work. I simply get an error in my browser than I can't connect.

I'm running two websites off the host. The config files are identical except for the ip addresses, server names, and directories.

When neither use SSL, they work fine. When I try to listen on 443 with one of them, I can't connect to either.

My config files are below, and any suggestions would be appreciated.

server{
listen xxx.xxx.xxx.xxx:80;
server_name sub.domain.com;

access_log /home/django/logs/nginx_customerdb_http_access.log;
error_log /home/django/logs/nginx_customerdb_http_error.log;

location / { 
    proxy_pass  http://127.0.0.1:8080; 
    proxy_redirect          off;
    proxy_set_header        Host            $host;
    proxy_set_header        X-Real-IP       $remote_addr;
    proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
    client_max_body_size    10m;
    client_body_buffer_size 128k;
    proxy_connect_timeout   90; 
    proxy_send_timeout      90; 
    proxy_read_timeout      90; 
    proxy_buffers           32 4k; 
}   

location /site_media/ {
    alias /home/django/customerdb_site_media/;
}   

location /admin-media/ {
    alias /home/django/django_admin_media/;
}   
}

server{
listen xxx.xxx.xxx.xxx:443;
server_name sub.domain.com;

access_log /home/django/logs/nginx_customerdb_http_access.log;
error_log /home/django/logs/nginx_customerdb_http_error.log;

ssl on; 
ssl_certificate sub.domain.com.crt;
ssl_certificate_key sub.domain.com.key;
ssl_prefer_server_ciphers   on; 


location / { 
    proxy_pass              http://127.0.0.1:8080; 
    proxy_redirect          off;
    proxy_set_header        Host            $host;
    proxy_set_header        X-Real-IP       $remote_addr;
    proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header        X-Forwarded-Protocol    https;
    client_max_body_size    10m;
    client_body_buffer_size 128k;
    proxy_connect_timeout   90;
    proxy_send_timeout      90;
    proxy_read_timeout      90;
    proxy_buffers           32 4k;
}

location /site_media/ {
    alias /home/django/customerdb_site_media/;
}

location /admin-media/ {
    alias /home/django/django_admin_media/;
}
}


<VirtualHost *:8080>
ServerName xxx.xxx.xxx.xxx
ServerAlias xxx.xxx.xxx.xxx

LogLevel warn
ErrorLog /home/django/logs/apache_customerdb_error.log
CustomLog /home/django/logs/apache_customerdb_access.log combined

WSGIScriptAlias / /home/django/customerdb/apache/django.wsgi
WSGIDaemonProcess customerdb_wsgi processes=4 threads=5
WSGIProcessGroup customerdb_wsgi

SetEnvIf X-Forwarded-Protocol "^https$" HTTPS=on

</VirtualHost>

UDPATE: the existence of two sites (on separate IPs) on the host is the issue. if i delete the other site, the setting above mostly work. doing so also brings up another issue: chrome doesn't accept the site as secure saying that some content is not encrypted.

Improve this question

2 Answers 2

Reset to default
2

[This should actually be a comment ...]

You should also set

proxy_set_header X-Forwarded-Protocol $scheme

To indicate to Django when connections are secure, otherwise your https links will get redirected to http, which is bad.

This will set http when it actually is http, and https when it's https.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

See docs.djangoproject.com/en/dev/ref/settings/… for the matching setting on Django 1.4+.
0

I changed the server that listens on 80 to rewrite to https removed all the other directives.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.