[英]How to use django-sslify to force https on my Django+nginx+gunicorn web app, and rely on Cloudflare's new free SSL?
Cloudflare's providing SSL for free now, and I would be a fool to not take advantage of this on my site, and a downright dickhead to break everything in the process of trying to. Cloudflare现在免费提供SSL ,如果我不能在我的网站上利用这一点,那将是一个愚蠢的行为,并且在尝试过程中打破一切的彻头彻尾的傻瓜。
I can code apps just fine, but when it comes to setting up or configuring https/nginx/gunicorn/etc/idon'tknowtheterminology, I know barely enough to follow Googled instructions. 我可以很好地编写应用程序代码,但是当涉及到设置或配置https / nginx / gunicorn / etc / idon'tknowtheminminology时,我几乎无法遵循Googled说明。
I would like to use django-sslify to force https on my Django web app. 我想使用django-sslify在我的Django网络应用程序上强制https。 How may I achieve this
without upsetting the balance in my life
, given the following known facts? 考虑到以下已知事实,如何
在不破坏生活平衡的情况下
实现这一目标?
location / {
proxy_pass http://127.0.0.1:8001; ... }
location / {
proxy_pass http://127.0.0.1:8001; ... }
proxy_pass http://127.0.0.1:8001; ... }
Also, my server is providing an Django Rest Framework api for a Phonegap app, does that need to be taken in to consideration? 此外,我的服务器为Phonegap应用程序提供Django Rest Framework api,需要考虑吗? If I need to provide addtional information do let me know and I'll get back to you.
如果我需要提供附加信息,请告诉我,我会回复您。 Thank you for taking a look at this!
谢谢你看看这个! :)
:)
CloudFlare allows you to enable specific page rules , one of which is to force SSL (by doing a hard redirect ). CloudFlare允许您启用特定页面规则 ,其中之一是强制SSL(通过执行硬重定向 )。 This is a great thing to use in addition to
django-sslify
or django-secure
除了
django-sslify
或django-secure
之外,这是一件很棒的事情
In addition to setting up your SSL redirect, you also need to tell Django to handle secure requests. 除了设置SSL重定向之外,您还需要告诉Django处理安全请求。 Luckily, Django provides a decent guide for doing this, but there are a few things that it doesn't mention but I've had to do with nginx.
幸运的是, Django为这样做提供了一个不错的指南 ,但有一些事情没有提及,但我与nginx有关。
In your Django settings, you need to tell Django how to detect a secure request 在Django设置中,您需要告诉Django如何检测安全请求
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTOCOL', 'https')
In your nginx configuration you need to set up the X-Forwarded-Protocol
header (and the X-Forwarded-For
/ X-Scheme
headers are also useful). 在您的nginx配置中,您需要设置
X-Forwarded-Protocol
标头(并且X-Forwarded-For
/ X-Scheme
标头也很有用)。
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
You also need to proxy the Host
header down, so Django is able to read the correct host and port, which is used in generating absolute urls and CSRF, among other things. 您还需要向下代理
Host
头,因此Django能够读取正确的主机和端口,用于生成绝对URL和CSRF等。
proxy_set_header Host $http_host;
Note that I used the $http_host
variable instead of $host
or $host:$server_port
. 请注意,我使用
$http_host
变量而不是$host
或$host:$server_port
。 This will ensure that Django will still respect CSRF requests on non-standard ports, while still giving you the correct absolute urls. 这将确保Django仍然会在非标准端口上遵守CSRF请求,同时仍然为您提供正确的绝对URL。
As with most things related to nginx and gunicorn, YMMV and it gets easier after you do it a few times. 与大多数与nginx和gunicorn相关的事情一样,YMMV在你做了几次之后会变得更容易。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.