Is it possible to deploy a django project without using third party tools like nginx or apache just to serve up https:// webpages? Being forced to setup a reverse proxy or some other web server just to serve https seems a bit overkill.
Using of built-in development server (manage.py runserver) is a bad idea for production environment. But, yes you can use SSL connection even with built-in server
Better idea is to use some application server. For example gunicorn. And yes again, you can serve SSL connection with gunicorn.
Apache or Nginx servers are not just for https. These allows you to effectively control other server resources like max number of processes, request/response headers, etc. WEB servers support many features that you can set without writing python code. And that will be more understandable for infra/server engineers.
Related
I have binded my rails thin server to a local IP. which I have given the domain name as project1. But when I am changing the hostname to project1 sometimes it goes to project1:3000. How can I remove the :3000 from the URL?
Web standards are:
http is port 80.
https is port 443.
When you go to http://stackoverflow.com, it is the same as http://stackoverflow.com:80 or https://www.google.com is the same as https://www.google.com:443
So, the :3000 at the end of the url is the port where your development server is pointing, this is normal behavior for web development. All modern frameworks will serve up the development site on a different port, 3000 being the most common. This is done for a lot of reasons, two good ones are.
Don't need to change any permission to run on port 3000, like you do if you want to run on 80, and you don't need to us an ssl certificate if you run on 443.
You can tell when you are in development.
You are trying to do something you shouldn't. If you haven't used the correct helper methods to build your links in rails you could run into some issue.
Now that you know why you shouldn't do it. You can just change the port in the rails server command like this rails server -b THEIPYOUWANTTOUSE -p 80. You will have to have the correct permissions.
First of all.You need proxy server, because rails have their app server lika thin, puma, rack and you need server that will accept requests to your IP (nginx, apache) and give them to rails server. There is a lot of guides how to deploy rails app in production mode. Try this guide or this one . This will help you run your application in production mode.
I am currently working on a web project in django and there is a requirement to ensure the safety of transmitting data over a network (passwords, usernames etc.).
I've read on owasp cheat sheet about authenication that for safety reasons all passwords should be sent from a client to a server over tsl protocol.
https://www.owasp.org/index.php/Authentication_Cheat_Sheet#Transmit_Passwords_Only_Over_TLS_or_Other_Strong_Transport
Django framework sends these over http protocol. Is it possible to make django send it over tsl or work around it in another way?
When you run a Django application on the Internet, it's usually looking something like this:
[Django Application] <-> [uWSGI] <-> [nginx] <-> [web browser]
You can use different components, e.g. Gunicorn instead of uWSGI or Apache instead of nginx.
The thing is, you simply configure the webserver (Apache or nginx or whatever) with an SSL certificate and listen for https instead of http.
I think you're using Django runserver command for server your app over HTTP. It is absolutely not made for production and is a really HTTP (only) server for development.
For serve your app across SSL/TLS, you must use a frontend as described in henrikstroem's response
I'm working on a Python project that depends on a package that runs Gunicorn as a web server. I need to support https, but the Gunicorn configuration exposed by the package doesn't allow me to pass in keyfile or certfile options, and 'http' is hard-coded throughout the package.
I was wondering if there's some easy way to get https working transparently between clients and Gunicorn without Gunicorn knowing about it, on OpenShift or any popular PaaS.
Take a look at the solution purposed this Openshift KB https://www.openshift.com/kb/kb-e1044-how-to-redirect-traffic-to-https
OpenShift Online apparently handles this automatically by default.
Just change the http to https in the application url they give you (https://xxx-yyy.rhcloud.com) and you've got TLS using their *.rhcloud.com certificate.
I was expecting more configuration and just needed somebody to tell me "just change the url to https".
I'm writing an angular/clojure ring webapp. All routes to the ring side will have an "/api" prefix and will be routed with compojure.
Serving upp all other static file with ring seems a bit messy though.
Is there a good way to direct "/api/whatever" requests to ring and all other to be served up as static files using jetty? or using any other major web server, like apache, nginx, lighttpd?
We put nginx infront of jetty and have nginx configured to serve the static stuff (actually redirects to a CDN) directly and proxy all the app stuff to jetty. In production jetty is running on a separate load balancer though this works out the same if they are running on the same instance.
If you want to run clojure Ring handlers with Nginx without any Java Web Server, eg. Jetty. please try Nginx-Clojure module.
Major web frameworks (such as Django, Pyramid, Rails, etc) are often run as persistent servers, with a separate web server like nginx serving as a frontend. The web server connects via a protocol like FastCGI or SCGI:
browser --[http]--> nginx --[fastcgi]--> flup -> django
This seems convoluted to me; why is the request converted to an entirely different protocol, when the backend could just run its own HTTP server?
browser --[http]--> nginx --[http]--> wsgiref -> django
This approach appears to be both simpler and more flexible, since there's only one transport protocol and it's an RFC.
However, I don't think I've ever seen a web framework encourage the http-only design, so I assume there must be a reason for it.
What are the advantages of using a protocol like FastCGI/SCGI here?
HTTP is a large, complex protocol. Paring the interface down to the capabilities provided by FastCGI or WSGI allows the framework to handle requests faster than if it had to deal with the original.