I am experiencing an issue with my Django application where I am automatically logged out when trying to access my admin panel. I suspect that the problem may be related to session preservation. To further investigate, I have included my nginx configuration and my Django settings file below.
map $sent_http_content_type $expires {
default off;
text/html epoch;
text/css max;
application/javascript max;
~image/ max;
}
server {
listen 80;
listen [::]:80;
server_name www.khalimbetovulugbek.com khalimbetovulugbek.com;
return 301 https://khalimbetovulugbek.com;
}
server {
listen 443 ssl http2;
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
server_name khalimbetovulugbek.com www.khalimbetovulugbek.com;
location = /favicon.ico { access_log off; log_not_found off; }
location /static/ {
root /home/benku/portfolio/src;
}
location /media/ {
root /home/benku/portfolio/src;
}
location / {
include proxy_params;
proxy_pass http://unix:/run/gunicorn.sock;
}
expires $expires;
}```
and is it correct location for media file?
seems like my session is not preserved and that is why i am logging out
settings.py
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
]
Related
I'm setting up Oauth sign in on my django web app and am getting a redirect_uri error because my django app is using 'webhttps' instead of my domain. How can I change the redirect uri of my django app? I've got it working in my localhost but not the deployed app.
For slack authentication, expecting the passed URI to be http://[my domain]/accounts/slack/login/callback/ but instead am getting http://webhttps/accounts/slack/login/callback/
I think it has to do with nginx and my configuration file but I'm not too sure what to change.
Here's my mydjango.conf file:
upstream web {
ip_hash;
server web:8000;
}
server {
location /static/ {
autoindex on;
alias /src/static/;
}
location / {
proxy_pass http://web/;
proxy_set_header X-Forwarded-Host 'my-domain.com';
}
listen 8000;
server_name localhost;
client_max_body_size 1000M;
}
And here is my mydjango_https.conf file which sets up https for my app:
upstream webhttps {
ip_hash;
server web:8000;
}
server {
listen 80;
return 301 https://my-domain.com$request_uri;
}
server {
location /static/ {
autoindex on;
alias /src/static/;
}
location / {
proxy_pass http://webhttps/;
proxy_set_header X-Forwarded-Host 'my-domain.com';
}
listen 443 ssl;
server_name localhost;
ssl_certificate /etc/nginx/ssl/fullchain.pem;
ssl_certificate_key /etc/nginx/ssl/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
client_max_body_size 1000M;
}
family, Im having a little trouble to make nginx server load static file collected by django. here is my nginx sites-available
server {
listen 80;
server_name <my_ip_address>;
location / {
proxy_pass http://127.0.0.1:8000;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Real-IP $remote_addr;
}
location /asset/ {
autoindex on;
alias /var/www/html/dev2_assets/;
}
}
Down here is my Django STATIC_URL and STATIC_ROOT configurations
STATIC_URL = '/assets/'
STATICFILES_DIRS = (
os.path.join(BASE_DIR, "assets"),
)
STATIC_ROOT = '/var/www/html/dev2_assets/'
When i run the application with ./manage.py runserver its loads all the static files. Any help. Thanks
Your problem is your Location.
Your not specifying a root for it, also in your settings.py your declaring assets but in your location your declaring asset with a missing s. try changing it to something like this:
location /assets/ {
autoindex on;
root /var/www/html/dev2_assets;
}
Also for debugging purposes try added this above location:
error_log /var/log/nginx/error.log;
Then you will get a specific error message about it not being able to retrive your static files.
Lastly are you sure your utilyzing nginx, django, and gunicorn correct?
Here is a copy of my site file for comparison:
# This redirects all incoming traffic on port 80 to 443
server {
listen 80;
server_name domain.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443;
ssl on;
ssl_certificate /etc/ssl/domain.com.chained.crt;
ssl_certificate_key /etc/ssl/domain.com.key;
server_name helius.dk;
access_log /var/log/nginx/nginx.vhost.access.log;
error_log /var/log/nginx/nginx.vhost.error.log;
#location = /favicon.ico { access_log off; log_not_found off; }
location /static/ {
root /home/user/projectname/static;
}
location / {
include proxy_params;
proxy_pass http://unix:/home/user/projectname/gunicorn.sock;
}
}
I am developing a web application using AWS, and Django Rest Framework.(Django:v1.8, DRF:v3)
I have kept getting django.request: Forbidden (Referer checking failed - no Referer.) for POST multipart form request.
I am using AWS ELB(Elastic load balancer), NGINX on my ec2(in autoscailing group) and Gunicorn.
AWS ELB listener setting is like below(HTTPS only):
elb https only listener setting
NGINX setting is like below:
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/conf.d/*.conf;
index index.html index.htm;
upstream my_server {
server localhost:8000;
}
server {
listen 80;
server_name <server name>;
access_log /etc/nginx/log/local-wc.access.log;
error_log /etc/nginx/log/local-wc.error.log;
root /usr/share/nginx/html;
location /api/v1 {
proxy_pass http://my_server/api/v1;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Protocol $scheme;
}
}
}
<server name> is the CNAME which point to elb DNS name.
In other words, <server name> => xxxx-123456789.us-west-2.elb.amazonaws.com (A Record).
Every API call is made by https://<server name>/api/v1/*
Finally Gunicorn is running by:
gunicorn my_django_app.wsgi:application -w 1 -b 127.0.0.1:8000 -t 300 --max-requests=100
and Django Setting is:
ALLOWED_HOSTS = ['*']
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
MIDDLEWARE_CLASSES = (
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.security.SecurityMiddleware',
)
View function is like below(with CSRF exempt):
class UserViewSet(CsrfExemptMixin, mixins.CreateModelMixin,
mixins.ListModelMixin,
mixins.RetrieveModelMixin,
mixins.UpdateModelMixin,
viewsets.GenericViewSet):
# already tried #csrf_exempt
def create(self, request, *args, **kwargs):
self.parser_classes = (FormParser, MultiPartParser, )
.........
Problem again:
When I send
curl -i -k -X POST -H "Accept: application/json" \
-F "email=myemail#email.com" \
-F "profile_img=#profile.jpg" \
https://<server name>/api/v1/users/
and in my Django log:
[WARNING] django.request: Forbidden (Referer checking failed - no Referer.): /api/v1/users/
It worked with POST on HTTP or GET method on HTTPS.
I wonder whether ELB configuration is wrong or Nginx Configuration is wrong with referer...
I would appreciate if some one help me to solve this problem..
I think DRF ignores csrf_exempt decorator and I am not sure where the CsrfExemptMixin is defined. The easiest thing you can do is add Referrer: yourhost to your curl headers.
I'm using django with nginx and gunicorn. nginx is supposed to serve the static content, but css, images and js files are not loaded in the browser. Why is that?
I've substituted my Django project's name with domain.
/etc/nginx/sites-enabled/domain.tld
server {
listen 80;
server_name 127.0.0.1;
access_log /srv/domain/access.log;
error_log /srv/domain/error.log;
location /static {
alias /srv/domain/collected_static;
}
location / {
proxy_pass http://127.0.0.1:8888;
}
}
/etc/nginx/conf/nginx.conf
user http;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
server {
listen 80;
server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
root html;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# location / {
# root html;
# index index.html index.htm;
# }
#}
# HTTPS server
#
#server {
# listen 443;
# server_name localhost;
# ssl on;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_timeout 5m;
# ssl_protocols SSLv2 SSLv3 TLSv1;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# location / {
# root html;
# index index.html index.htm;
# }
#}
include /etc/nginx/sites-enabled/*;
}
gunicorn.conf.py
bind = "127.0.0.1:8888"
logļ¬le = "/srv/domain/gunicorn.log"
loglevel = "info"
workers = 3
Excerpt from Django settings
DEPLOY_PATH = os.path.dirname(os.path.realpath(__file__))
STATIC_ROOT = os.path.join(DEPLOY_PATH, 'collected_static')
STATIC_URL = '/static/'
EDIT:
Output from the machine (links to pastebin):
ps aux | grep nginx
ls -l *.log
Your configuration looks correct. As long as the files are really collected, the Django and Gunicorn configurations have nothing to do with the static files serving. The following possibilities come to my mind:
The files are not collected into your collected_static directory yet (./manage.py collectstatic)
Nginx has no read access to the files
You use an old nginx version that has problems with your current configuration. You should use a current 1.x version, if you're on Debian, use the Deb repository from nginx.org.
If permissions aren't the problem, check the nginx access file to see if the requests are really reaching Nginx. Then check the nginx error log to see if any errors were logged.
As a sidenote (but unrelated), I recommend putting some proxy headers in your / location configuration and moving the app server configuration into a separate section, e.g.:
upstream app_server {
server localhost:8888 fail_timeout=0;
}
server {
...
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://app_server;
break;
}
}
Pardon me if this is not the right place to ask.
I have a django app served by Gunicorn, which is reversed by NginX and this one is being reversed by an ISA server, so I have the following:
ISA --> Nginx --> Gunicorn
ISA reverses www.mydomain.com/some/path/here to Nginx, and this one reverses /myapp to Gunicorn (nginx and gunicorn are on the same server).
The problem is with the url, for instance the base url to access this apps is
www.mydomain.com/some/path/here/myapp/
When there's an action in a django view like redirect e.g: redirect(reverse('start')),
the url should be
www.mydomain.com/some/path/here/myapp/start/
but I get
www.mydomain.com/some/path/here/some/path/here/myapp/start/
As you can see some/path/here/ is being repeated, I'm assuming this is done by the ISA server, but I'm not sure about this. What am I doing wrong here?
In my settings.py I have:
BASE_PATH = '/some/path/here'
FORCE_SCRIPT_NAME = BASE_PATH + '/myapp'
LOGIN_URL = FORCE_SCRIPT_NAME + '/loginhere/'
urls.py:
...
url(r'^start/', 'testapp.views.start', name='start'),
...
My nginx.conf:
user www-data;
worker_processes 1;
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
access_log /var/log/nginx/access.log;
sendfile on;
keepalive_timeout 65;
tcp_nodelay on;
gzip on;
gzip_disable "MSIE [1-6]\.(?!.*SV1)";
upstream wawared {
server 127.0.0.1:8000;
}
server {
listen 80;
server_name localhost;
access_log /var/log/nginx/wawared.access.log;
error_log /var/log/nginx/wawared.error.log;
location /static {
root /path/to/static/files;
expires 1d;
gzip on;
}
location /myapp/ {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_pass http://127.0.0.1:8000/;
proxy_redirect off;
}
}
}