Im trying to set-up SSL sertificate for Django. I set up it by this guide: https://www.youtube.com/watch?v=dYdv6pkCufk&ab_channel=TonyTeachesTech, in the guide django server just start working with SSL, but for me is not working, but rederecting domain from http to https, but not redirecting to django server. I dont even know what to do. I search in entire internet and find nothing.
This is my nginx config:
server {
listen 80 default_server;
server_name _;
return 301 https://$host$request_uri;
}
server {
server_name wavera.ru www.wavera.ru; # managed by Certbot
return 301 https://$host$request_uri;
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/www.wavera.ru/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/www.wavera.ru/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}server {
if ($host = wavera.ru) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = www.wavera.ru) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 ;
server_name wavera.ru www.wavera.ru;
return 404; # managed by Certbot
}
i starting server by
python3 manage.py runserver
Runserver is for development purposes only, You should run something like gunicorn to create a .sock file.
For now, you can try something like -
upstream backend {
server localhost:8000;
}
server {
server_name wavera.ru www.wavera.ru;
location / {
include proxy_params;
proxy_pass http://backend
}
}
for https, try-
server {
server_name wavera.ru www.wavera.ru;
location / {
include proxy_params;
proxy_pass http://backend
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/www.wavera.ru/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.wavera.ru/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = wavera.ru) {
return 301 https://$host$request_uri;
}
if ($host = www.wavera.ru) {
return 301 https://$host$request_uri;
}
listen 80 ;
server_name wavera.ru www.wavera.ru;
return 404;
}
Related
I'm following the guide from this article However, when I link my home.html file in my django app's template folder, it doesn't load the css files and it doesn't understand any of the "{% %}" syntax.
How can I configure my nginx server block to load my django app properly?
My /etc/nginx/sites-available/myonlinefp.com file:
server {
root /home/stelity/myonlinefp/foodpantry/templates/;
index index.html index.htm index.nginx-debian.html home.html;
server_name myonlinefp.com www.myonlinefp.com;
location / {
try_files $uri $uri/ =404;
}
location /media {
alias /home/stelity/myonlinefp/foodpantry/media/;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/myonlinefp.com/fullchain.pem; # managed by
Certbot
ssl_certificate_key /etc/letsencrypt/live/myonlinefp.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.myonlinefp.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = myonlinefp.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name myonlinefp.com www.myonlinefp.com;
}
Updated, this is the edited file for a reply below:
server {
root unix:://run/gunicorn.sock;
server_name myonlinefp.com www.myonlinefp.com;
location / {
try_files $uri $uri/ =404;
}
location /media {
alias /home/stelity/myonlinefp/foodpantry/media/;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/myonlinefp.com/fullchain.pem; # managed by
Certbot
ssl_certificate_key /etc/letsencrypt/live/myonlinefp.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot }
server {
if ($host = www.myonlinefp.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = myonlinefp.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name myonlinefp.com www.myonlinefp.com; }
Here is updated nginx configuration
server {
root unix:://run/gunicorn.sock;
server_name myonlinefp.com www.myonlinefp.com;
location / {
try_files $uri $uri/ =404;
}
location /media {
alias /home/stelity/myonlinefp/foodpantry/media/;
}
location /static {
autoindex on;
alias /home/stelity/myonlinefp/foodpantry;
}
listen [::]:443 ssl ipv6only=on;
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/myonlinefp.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/myonlinefp.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}
server {
if ($host = www.myonlinefp.com) {
return 301 https://$host$request_uri;
}
if ($host = myonlinefp.com) {
return 301 https://$host$request_uri;
}
listen 80;
listen [::]:80;
server_name myonlinefp.com www.myonlinefp.com;
}
after adding this you've to run
python manage.py collectstatic
command & make sure you've configured your static files in settings.py like this
STATIC_URL = '/static/'
STATICFILES_DIR = ['/path/to/static/dir/']
STATIC_ROOT = '/path/to/static_root/dir/'
an make sure your STATIC_ROOT must be same as your nginx location name. For more information you can check Serving Static Content
I am hosting a django website on digital ocean. I have wish to access my website's IP using https with self-signed cert as Let's Encrypt does not provide certificates for public IP addresses. I followed this guide and wrote an nginx server block. I can access https://example-ip-address with:
server {
listen 443 ssl;
listen [::]:443 ssl;
include /etc/nginx/snippets/self-signed.conf;
include /etc/nginx/snippets/ssl-params.conf;
server_name 123.123.12.123;
location = /favicon.ico { access_log off; log_not_found off; }
location /static/ {
root /home/user/djangotemplates;
}
location / {
include /etc/nginx/proxy_params;
proxy_pass http://unix:/run/gunicorn.sock;
}
}
server {
listen 80;
listen [::]:80;
server_name 123.123.12.123;
return 301 https://$server_name$request_uri;
}
And, I can access https://example.com and https://www.example.com with let's encrypt SSL cert by following this and this is the server block I wrote:
server {
server_name www.example.com example.com;
location = /favicon.ico { access_log off; log_not_found off; }
location /static/ {
root /home/user/djangotemplates;
}
location / {
include proxy_params;
proxy_pass http://unix:/run/gunicorn.sock;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name www.example.com example.com;
return 404; # managed by Certbot
}
The problem here is when I put both server blocks into one single configuration file and access https://example-ip-address, the connection is then not encrypted. However, it works fine for https://example.com and https://www.example.com. Any idea what went wrong here?
I just started my django website live on digital ocean - and I received an error email 'Invalid HTTP_HOST header: '123.123.12.123'. You may need to add '123.123.12.123' to ALLOWED_HOSTS.' So, I added the ip address in the ALLOWED_HOSTS. And I think it's safer to visit the ip address with https.
I suggest you to use certbot instead of a self signed certificate
https://certbot.eff.org
I'd like to add ssl certificate to my django app. I've followed tutorial so the nginx config for domain was changed but now it looks like generated certificate is incorrect.
nginx conf before certbot modifications
server {
listen 80;
listen [::]:80;
server_name doamin.com www.domain.com;
location = /favicon.ico { access_log off; log_not_found off; }
location /static/ {
root /home/poul3r/doamin.com;
}
location / {
include proxy_params;
proxy_pass http://unix:/run/gunicorn.sock;
}
}
and after certbot action
server {
server_name doamin.com www.doamin.com;
location = /favicon.ico { access_log off; log_not_found off; }
location /static/ {
root /home/poul3r/doamin.com;
}
location / {
include proxy_params;
proxy_pass http://unix:/run/gunicorn.sock;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/doamin.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/doamin.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = doamin.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name doamin.com www.doamin.com;
return 404; # managed by Certbot
}
What I'm doing wrong or what could went wrong during letsencypt implementation ?
I've already found solution for this problem. Based info from solution I realized, there is one more app on nginx that does not have ssl certification but redirect to 443. When I changed theirs config to listen only on 80, first domain works correctly.
I am trying to launch a django website and I want to install and make sure https connection works with let's encrypt for my site.
I followed DigitalOcean "How To Secure Nginx with Let's Encrypt on Ubuntu 18.04" tutorial on https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-18-04. When my site works with http connection, after the installation of let's encrypt, neither http nor https connection works now.
My nginx/sites-available/mysite.com file code is shown below:
server {
server_name mysite.com www.mysite.com;
location = /favicon.ico { access_log off; log_not_found off; }
location /static/ {
root /root/project/app/;
}
location / {
include proxy_params;
proxy_pass http://unix:/run/gunicorn.sock;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/mysite.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/mysite.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.mysite.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = mysite.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name mysite.com www.mysite.com;
return 404; # managed by Certbot
}
Normally, my website with http works fine, yet when I follow the tutorial and try to connect my site, it does not load on browser. If I try with curl, I get response: curl: (7) Failed to connect to mysite.com port 443: Connection refused.
I am using Nginx and Gunicorn to host a Django project. I need to secure this site, and as a test I set up Let's encrypt to an unused domain of mine. While tailing the Django access log, I noticed the following entry from time to time:
Invalid HTTP_HOST header: 'aydinfatih.com'. You may need to add u'aydinfatih.com' to ALLOWED_HOSTS.
This is an unknown domain to me, and while trying to access the domain (it got 400 response), I could se more of these log entries on my server. What is this? Is it related to my SSL-setup, and an indication that it's not secure?
server {
server_name example.com example.com;
location /static/ {
root /home/user/project/django-project;
}
location /media/ {
root /home/user/project/django-project;
}
location / {
include proxy_params;
proxy_pass http://unix:/home/user/project/project.sock;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
if ($scheme != "https") {
return 301 https://$host$request_uri;
} # managed by Certbot
}
server {
listen 80;
server_name my.server.ip.here example.com;
return 301 https://example.com;
}
I added the following to my server block:
if ($host !~* ^(example.com|www.example.com)$ ) {
return 444;
}
The unknown domain now displays 520. Is this the correct way to deal with this? Something else I've missed?
I misread your question. Here's a new answer.
Someone configs their DNS record to point their domain name to your server IP. Adding hostname checking certainly helps, but normally we use a default "catch all" server block to handle all unwanted requests:
# "Catch all" server
server {
server_name _;
return 444;
}
# Your site settings
server {
server_name example.com example.com;
location /static/ {
root /home/user/project/django-project;
}
location /media/ {
root /home/user/project/django-project;
}
location / {
include proxy_params;
proxy_pass http://unix:/home/user/project/project.sock;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
if ($scheme != "https") {
return 301 https://$host$request_uri;
} # managed by Certbot
}
server {
listen 80;
server_name my.server.ip.here example.com;
return 301 https://example.com;
}