I'm following the guide from this article However, when I link my home.html file in my django app's template folder, it doesn't load the css files and it doesn't understand any of the "{% %}" syntax.
How can I configure my nginx server block to load my django app properly?
My /etc/nginx/sites-available/myonlinefp.com file:
server {
root /home/stelity/myonlinefp/foodpantry/templates/;
index index.html index.htm index.nginx-debian.html home.html;
server_name myonlinefp.com www.myonlinefp.com;
location / {
try_files $uri $uri/ =404;
}
location /media {
alias /home/stelity/myonlinefp/foodpantry/media/;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/myonlinefp.com/fullchain.pem; # managed by
Certbot
ssl_certificate_key /etc/letsencrypt/live/myonlinefp.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.myonlinefp.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = myonlinefp.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name myonlinefp.com www.myonlinefp.com;
}
Updated, this is the edited file for a reply below:
server {
root unix:://run/gunicorn.sock;
server_name myonlinefp.com www.myonlinefp.com;
location / {
try_files $uri $uri/ =404;
}
location /media {
alias /home/stelity/myonlinefp/foodpantry/media/;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/myonlinefp.com/fullchain.pem; # managed by
Certbot
ssl_certificate_key /etc/letsencrypt/live/myonlinefp.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot }
server {
if ($host = www.myonlinefp.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = myonlinefp.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name myonlinefp.com www.myonlinefp.com; }
Here is updated nginx configuration
server {
root unix:://run/gunicorn.sock;
server_name myonlinefp.com www.myonlinefp.com;
location / {
try_files $uri $uri/ =404;
}
location /media {
alias /home/stelity/myonlinefp/foodpantry/media/;
}
location /static {
autoindex on;
alias /home/stelity/myonlinefp/foodpantry;
}
listen [::]:443 ssl ipv6only=on;
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/myonlinefp.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/myonlinefp.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}
server {
if ($host = www.myonlinefp.com) {
return 301 https://$host$request_uri;
}
if ($host = myonlinefp.com) {
return 301 https://$host$request_uri;
}
listen 80;
listen [::]:80;
server_name myonlinefp.com www.myonlinefp.com;
}
after adding this you've to run
python manage.py collectstatic
command & make sure you've configured your static files in settings.py like this
STATIC_URL = '/static/'
STATICFILES_DIR = ['/path/to/static/dir/']
STATIC_ROOT = '/path/to/static_root/dir/'
an make sure your STATIC_ROOT must be same as your nginx location name. For more information you can check Serving Static Content
Related
Actually, I am hosting a project to a domain using a Linode server.
The Project is on Bitbucket.
I have tried all the methods static root static dirs and collect static but nothing works half of the CSS is loading but not left Static.
STATIC_URL = '/static/'
STATICFILES_DIRS = [os.path.join(BASE_DIR / 'static/')]
#STATIC_ROOT = os.path.join(BASE_DIR, 'static/')
Nginx Config:
server {
server_name domain.in;
location = /favicon.ico { access_log off; log_not_found off; }
location /static/ {
root /home/web/tst/;
}
access_log /var/log/nginx/tst-access.log;
error_log /var/log/nginx/tst-error.log;
location / {
include proxy_params;
proxy_pass http://unix:/home/web/msg/msg.sock;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/domain.in/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/domain.in/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = domain.in) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name domain.in;
return 404; # managed by Certbot
}
You have to server your static files through nginx and pass your static dir path to it:
server {
...
location /static {
alias PATH_TO_YOUR_STATIC_DIR;
}
}
Im trying to set-up SSL sertificate for Django. I set up it by this guide: https://www.youtube.com/watch?v=dYdv6pkCufk&ab_channel=TonyTeachesTech, in the guide django server just start working with SSL, but for me is not working, but rederecting domain from http to https, but not redirecting to django server. I dont even know what to do. I search in entire internet and find nothing.
This is my nginx config:
server {
listen 80 default_server;
server_name _;
return 301 https://$host$request_uri;
}
server {
server_name wavera.ru www.wavera.ru; # managed by Certbot
return 301 https://$host$request_uri;
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/www.wavera.ru/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/www.wavera.ru/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}server {
if ($host = wavera.ru) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = www.wavera.ru) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 ;
server_name wavera.ru www.wavera.ru;
return 404; # managed by Certbot
}
i starting server by
python3 manage.py runserver
Runserver is for development purposes only, You should run something like gunicorn to create a .sock file.
For now, you can try something like -
upstream backend {
server localhost:8000;
}
server {
server_name wavera.ru www.wavera.ru;
location / {
include proxy_params;
proxy_pass http://backend
}
}
for https, try-
server {
server_name wavera.ru www.wavera.ru;
location / {
include proxy_params;
proxy_pass http://backend
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/www.wavera.ru/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.wavera.ru/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = wavera.ru) {
return 301 https://$host$request_uri;
}
if ($host = www.wavera.ru) {
return 301 https://$host$request_uri;
}
listen 80 ;
server_name wavera.ru www.wavera.ru;
return 404;
}
I'd like to add ssl certificate to my django app. I've followed tutorial so the nginx config for domain was changed but now it looks like generated certificate is incorrect.
nginx conf before certbot modifications
server {
listen 80;
listen [::]:80;
server_name doamin.com www.domain.com;
location = /favicon.ico { access_log off; log_not_found off; }
location /static/ {
root /home/poul3r/doamin.com;
}
location / {
include proxy_params;
proxy_pass http://unix:/run/gunicorn.sock;
}
}
and after certbot action
server {
server_name doamin.com www.doamin.com;
location = /favicon.ico { access_log off; log_not_found off; }
location /static/ {
root /home/poul3r/doamin.com;
}
location / {
include proxy_params;
proxy_pass http://unix:/run/gunicorn.sock;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/doamin.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/doamin.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = doamin.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name doamin.com www.doamin.com;
return 404; # managed by Certbot
}
What I'm doing wrong or what could went wrong during letsencypt implementation ?
I've already found solution for this problem. Based info from solution I realized, there is one more app on nginx that does not have ssl certification but redirect to 443. When I changed theirs config to listen only on 80, first domain works correctly.
[SOLVED]
It caused by /etc/nginx/sites-enabled/default
default file already defines for in bound traffic, so when I delete it,It works fine.
I'm using Django/uwsgi/nginx.
And to access ssl, installed Lets encrypt.
Below source is nginx and uwsgi confirue file.
[project_rest.conf]
upstream django {t
server 127.0.0.1:8001;
}
server {
listen 8000;
server_name .mysitedomain.com;
charset utf-8;
client_max_body_size 75M; # adjust to taste
# Django media
location /media {
alias /home/app/project_rest/media; # your Django project's media files - amend as required
}
location /static {
alias /home/app/project_rest/static; # your Django project's static files - amend as required
}
# Finally, send all non-media requests to the Django server.
location / {
uwsgi_pass django;
include /home/app/project_rest/uwsgi_params; # the uwsgi_params file you installed
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/mysitedomain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/mysitedomain.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
(I created project_rest.conf and link to /etc/nginx/sites-enabled/)
[/etc/nginx/sites-available/default]
server {
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name mysitedomain.com www.mysitedomain.com;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# include snippets/fastcgi-php.conf;
#
# # With php7.0-cgi alone:
# fastcgi_pass 127.0.0.1:9000;
# # With php7.0-fpm:
# fastcgi_pass unix:/run/php/php7.0-fpm.sock;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/mysitedomain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/mysitedomain.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.mysitedomain.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = mysitedomain.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 default_server;
listen [::]:80 default_server;
server_name mysitedomain.com www.mysitedomain.com;
return 404; # managed by Certbot
}
[uwsgi.ini]
[uwsgi]
# the base directory (full path)
chdir=/home/app/project_rest
# Django's wsgi file
module=project_rest.wsgi:application
master=true
# maximum number of worker processes
processes=10
# the socket (use the full path to be safe
socket=127.0.0.1:8001
chmod-socket=664
chown-socket=app:app
pidfile=/tmp/project_rest.pid
# clear environment on exit
vacuum=true
max-requests=5000
daemonize=project_rest.uwsgi.log
(I used vitualenv)
after entered "uwsgi --ini uwsgi.ini", I can access to mysitedomain.com:8000 to my django's site.
But I can't access to https://mysitedomain.com:8000 while can access to https://mysitedomain.com
I want to access https://mysitedomain.com:8000, How can it implement?
Thanks.
[SOLVED]
It caused by /etc/nginx/sites-enabled/default
default file already defines for in bound traffic, so when I delete it,
It works fine.
server {
listen 80;
server_name example.com;
rewrite ^/(.*) https://example.com/$1 permanent;
}
server {
listen 443 ssl;
server_name example.com;
access_log /var/log/nginx/example.com_access.log combined;
error_log /var/log/nginx/example.com_error.log error;
ssl_certificate /etc/letsencrypt/live/mysitedomain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/mysitedomain.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
location /static/ {
alias /webapps/example/static/;
}
location /media/ {
alias /webapps/example/media/;
}
location / {
proxy_pass http://localhost:8000/;
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
Change the values with your domain and report feedback please
I am using Nginx and Gunicorn to host a Django project. I need to secure this site, and as a test I set up Let's encrypt to an unused domain of mine. While tailing the Django access log, I noticed the following entry from time to time:
Invalid HTTP_HOST header: 'aydinfatih.com'. You may need to add u'aydinfatih.com' to ALLOWED_HOSTS.
This is an unknown domain to me, and while trying to access the domain (it got 400 response), I could se more of these log entries on my server. What is this? Is it related to my SSL-setup, and an indication that it's not secure?
server {
server_name example.com example.com;
location /static/ {
root /home/user/project/django-project;
}
location /media/ {
root /home/user/project/django-project;
}
location / {
include proxy_params;
proxy_pass http://unix:/home/user/project/project.sock;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
if ($scheme != "https") {
return 301 https://$host$request_uri;
} # managed by Certbot
}
server {
listen 80;
server_name my.server.ip.here example.com;
return 301 https://example.com;
}
I added the following to my server block:
if ($host !~* ^(example.com|www.example.com)$ ) {
return 444;
}
The unknown domain now displays 520. Is this the correct way to deal with this? Something else I've missed?
I misread your question. Here's a new answer.
Someone configs their DNS record to point their domain name to your server IP. Adding hostname checking certainly helps, but normally we use a default "catch all" server block to handle all unwanted requests:
# "Catch all" server
server {
server_name _;
return 444;
}
# Your site settings
server {
server_name example.com example.com;
location /static/ {
root /home/user/project/django-project;
}
location /media/ {
root /home/user/project/django-project;
}
location / {
include proxy_params;
proxy_pass http://unix:/home/user/project/project.sock;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
if ($scheme != "https") {
return 301 https://$host$request_uri;
} # managed by Certbot
}
server {
listen 80;
server_name my.server.ip.here example.com;
return 301 https://example.com;
}