0

I have a site which has a login page that I need to use https with. I am running the site using django on apache with an nginx front-end acting as a reverse proxy doing two things:

1) serving all the django static content 2) configured to support ssl

the ssl stuff is all setup and seems to be working correctly....i.e. i can go to both

http://www.mysite.com/login

and

https://www.mysite.com/login

with no problems, and the https asks me to verify the certificate etc.

my problem is i am trying to set nginx up so that its not possible to enter a password in a login page that is not https. i cannot get it to do this re-direct.

can someone please explain how this works

ssl is running on 443 and nginx is forwarding on port 80

thanks

Improve this question

2 Answers 2

Reset to default
1

These redirects are better suited for configuration in your web app, not Nginx, because while you might hardcode redirects in Nginx, it's just easier to set them up in Python where it's directly related to your views.

Just my opinion of course.

There are tons of SSL redirect middlewares on djangosnippets that will redirect a url to https.

Here's one with a decorator so you can just do @secure on your view. http://djangosnippets.org/snippets/1999/

I peresonally use this one modified slightly http://djangosnippets.org/snippets/880/ where I set certain url paths to be SSL in the settings.py file.

For example, in my conf I have: SSL_URLS = ( '/cart/', '/checkout/', '/accounts/' )

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

What about redirecting the url http://www.mysite.com/login to https://www.mysite.com/login at the nginx proxy level, this would avoid any django machinery to be loaded, making it much faster and responsive.

You could add to your nginx config 

  location /login {
    # redirect to secure page [permanent | redirect]
    rewrite ^/login(.*)  https://www.mysite.com/login permanent;
  }

basicly redirect any /login to its https conterpart.

hope it helps.

UPDATE

make sure you listen to port 443

server {
   listen yourIP:80;
   server_name yourdomain.com;

   # redirect /login to the https page
   location /login {
     # redirect to secure page [permanent | redirect]
     rewrite ^/login(.*)  https://www.mysite.com/login permanent;
   }
}


#the HTTPS section listening to port 443 
server {
   listen yourIP:443;
   server_name yourdomain.com;

   location / {
     #your proxy code or root setting 
   }
}
Improve this answer

2 Comments

for some reason this does not work. before i insert this configuration and restart nginx, going to "https:// works fine. after i insert this configuration and start the server, the redirect from http:// to "https:// works but i get a page "Unable to connect" error. any clue whats going on?
do you have the server directive listening to port 443 ?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.