It is slightly over 4 hours now, and I cannot get my nginx server to work with my SSL certificates for my Django application.
Here is my nginx.conf:
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
upstream app {
server django:5000;
}
server {
listen 80;
server_name www.example.com;
rewrite ^/(.*) https://www.example.com/$1 permanent;
}
server {
listen 443 ssl;
server_name www.example.com;
charset utf-8;
ssl on;
ssl_certificate /etc/nginx/ssl/1_www.example.com_bundle.crt;
ssl_certificate_key /etc/nginx/ssl/example_rsa.key;
location / {
try_files $uri @proxy_to_app;
}
location @proxy_to_app {
proxy_pass http://app;
proxy_redirect off;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
}
}
}
I did manage to redirect all http
traffic to https
, but when I visit https://www.example.com
I get a beautiful ERR_CONNECTION_REFUSED
.
The only related part I can think of in my Django application is:
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
but I do think that the problem is at nginx level. I am using Django Cookiecutter by pydanny . The unmodified nginx.conf file can be found here . I did edit the Dockerfile to ADD
my certificates.
Thanks!
This is a conf file I use for that case. You might want to compare or follow the same approach:
# nginx config file for example.com
upstream django {
server unix:/srv/www/app/run/app.sock;
}
server {
listen 80 default_server;
server_name example.com www.example.com;
return 301 https://example.com$request_uri;
}
server {
listen 443 ssl;
server_name www.example.com;
ssl_certificate /etc/nginx/ssl/app.crt;
ssl_certificate_key /etc/nginx/ssl/app.key;
return 301 https://example.com$request_uri;
}
server {
listen 443 ssl;
server_name example.com;
ssl_certificate /etc/nginx/ssl/app.crt;
ssl_certificate_key /etc/nginx/ssl/app.key;
proxy_set_header X-Forwarded-Protocol $scheme;
add_header Strict-Transport-Security "max-age=31536000";
charset utf-8;
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_min_length 256;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/vnd.ms-fontobject application/x-font-ttf font/opentype image/svg+xml image/x-icon;
location /media {
alias /srv/www/app/app/media;
}
location /static {
alias /srv/www/app/app/collected_static;
}
location / {
uwsgi_pass django;
include /srv/www/app/run/uwsgi_params;
}
location /api/v1/app/upload {
uwsgi_max_temp_file_size 1M;
}
location /favicon.ico {
alias /srv/www/app/app/collected_static/img/favicon.ico;
}
}
On django side, only for production environment, I do:
# SSL
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTOCOL', 'https')
SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True
That's it!
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.