I have a Django project that I deployed using only the WSGI server provided by Django(no webserver like apache, ngnix ...).
The problem is that I want to upload an SSL certificate for the HTTPS version of the website. How can I do it please ?
Thank you in advance for your answers.
You can use Let’s Encrypt and Certbot for the HTTPS version of your site.
I recommend you use web servers such as Nginx or Apache for practicing. Besides, your application runs better.
You can read this easy guide from medium.
If you are using Ubuntu or other Linux distributions:
# adding certbot repository
sudo add-apt-repository ppa:certbot/certbot
# do not forget to update your dependencies after adding some repo
sudo apt update
# installing certbot
sudo apt-get install python-certbot-nginx
# pointing certbot to your domain
sudo certbot --nginx -d yourdomain.com -d www.yourdomain.com
Related
I had started a fresh linode running ubuntu 19.04 and the first time I used the directions at:
https://www.rosehosting.com/blog/how-to-install-mezzanine-cms-on-ubuntu-18-04/
To install Mezzanine CMS it worked just fine, I could run the runserver command and see the django website. Eventually it started giving me a problem after trying 50 ways to deploy the site using apache and mod_wsgi.
I gave up and rebuilt the server and then still couldn't see the new install at the IP when I ran run server. I figured maybe it was because I accidentally installed some things using "python" and others with "python3" so I rebuilt the server.
This third time I followed the direction perfectly, the only difference is I didn't install a mysql server just kept the default SQLlite server and created a DB and Django Superuser.
I have added my ip as a host in settings.py and local_settings.py
I have already ran makemigrations and migrate
I did check to see if maybe the IP had changed when I rebuilt, it hadn't
My local environment on my laptop works fine, just not the linode
Any suggestions on anything I'm missing?
Deployment Guide
Step 1 (Installation)
Install apache2 mod_wsgi
Install virtualenv
Install virtualenv
Install Nginx for asynchronous event-driven approach to handle multiple client requests
Install mysql
sudo apt-get update
sudo apt-get install python3-pip python3-dev apache2 libapache2-mod-wsgi-py3
sudo apt-get install virtualenv ufw
sudo apt-get install nginx
sudo apt-get install mysql-server libmysqlclient-dev
sudo mysql_secure_installation
Step 2 (Apache & Hostname & User)
Set hostname and add it into /etc/hosts with hostname and your Server IP
Create new user and give add to the group sudo for safety
sudo adduser username
sudo usermod -aG sudo
Enable SSH authentication for login & Edit default port of ssh in /etc/ssh/sshd_config. https://askubuntu.com/questions/1074034/not-able-to-change-ssh-port-on-ubuntu-18-04-1-lts
Edit /etc/apache2/site-availabledefault-000.conf for your new Django configuration
Step 3 (Firewall)
sudo ufw allow 8000
sudo ufw allow http
sudo ufw allow ssh
sudo ufw default allow outgoing
sudo ufw default deny incoming
Enable all other required port numbers
ssh sudo ufw enable
Step 4 (Django configuration)
Chown static and media forlders and edit it's permission recursively
Add allowed host in settings.py
Checkout deployment checklist in django official website and do it.
Step 5 (Please checkout)
For apache configuration please visit https://pythonprogramming.net/deploying-to-server-django-tutorial/
Edit the path given in your apache configuration (path for WSGI Script,python-path, python-home ) if any errors found like Internal server error, miss configuration etc
For reference of python-home path please refer Get virtualenv's bin folder path from script
You can also add python-path to WSGIDaemonProcess
Additionally, you can visit puttygen for public and private key generation to login through SSH
For this particular problem turned out I just needed to suddenly bind dev server to 0.0.0.0
the command to do so was
python manage.py runserver 0.0.0.0:8000
Rinshans answers is definetley the details for deployment, I've followed those steps just kept making some mistake in the config and wsgi scripts. I'm going to try deploying with Gunicorn or use the Fabric self-deployment tools built in to Mezzanine CMS, just haven't done so yet.
I have followed the DigitalOcean tutorial to deploy a django app at DigitalOcean, the guide is:
https://www.digitalocean.com/community/tutorials/how-to-deploy-a-local-django-app-to-a-vps
Question:
The problem is that when I go to the IP with the browser, I see the Welcome to nginx page and not my django app.
Tutorial important points
Respect the tutorial, I have not seen the following error as tutorial says: server_names_hash, you should increase server_names_hash_bucket_size: 32
Another important difference between what I did and tutorial is that gunicorn_django --bind yourdomainorip.com:8001 did not work for me.
I use this statement to start gunicorn:
web: gunicorn --chdir code/computationalMarketing computationalMarketing.wsgi --log-file -
My configuration
At /etc/nginx/sites-enabled I have symlink called computationalMarketing that refers to /etc/nginx/sites-available/computationalMarketing
This files has the following lines:
server {
listen 127.0.0.1;
server_name 159.65.18.211;
error_log /var/log/nginx/localhost.error_log info;
root /var/www/localhost/htdocs;
location /static/ {
alias /opt/computationalMarketing/static/;
}
location / {
proxy_pass http://127.0.0.1:8001;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Real-IP $remote_addr;
add_header P3P 'CP="ALL DSP COR PSAa PSDa OUR NOR ONL UNI COM NAV"';
}
}
I have a virtualenv at /opt/computationalMarketing and inside this I have another computationalMarketing folder with the Git repo file.
This repo has the following structure:
My installations are:
sudo pip3 install numpy==1.13.3
sudo pip3 install pandas==0.22.0
sudo pip3 install scikit-learn==0.19.1
sudo pip3 install pymysql==0.8.1
sudo pip3 install psycopg2==2.7.3.2
sudo pip3 install django==2.0.5
sudo pip3 install django-connection-url==0.1.2
sudo pip3 install whitenoise==3.3.1
sudo pip3 install gunicorn==19.7.1
The database is a Postgresql, which I can connect without problem.
Can anyone guess why I am seeing the nginx page and not my django app?
You've told nginx to listen for this particular config on the localhost only. Don't do that. Remove that listen line altogether.
There are a few other weird things in your question. The command you claim to be using to start gunicorn is a Procfile instruction, it's not something you could actually run at the command line. What command are you actually using to start gunicorn? Whatever you use, you do need to tell it to serve on the same port that nginx is proxying to - in your case 8001.
I just installed Jenkins EC2 instance in AWS. I tried to configure the redirection from http to https (i.e. http://myjenkins.com to https://myjenkins.com). Do I configure in AWS or in Jenkins? I only found https://aws.amazon.com/premiumsupport/knowledge-center/redirect-http-https-elb/ but does not help much. Please advise. Thanks
If you are trying to get to the jenkins web UI on port 443, i would suggest using a web server like nginx to proxy requests to your jenkins installation. That way, you can have a fairly vanilla jenkins installation and handle all of the SSL configuration and port redirection in nginx (which is much easier to do).
Here's an example outline of how you might accomplish what are you asking:
Set up your server and install Jenkins normally, serving on port 8080.
Install nginx and configure it to proxy "/" to port 8080 on localhost.
Install your SSL certs. Using certbot with Let's Encrypt makes this step pretty easy as it handles all of the SSL config for you. (Note that for the install to work, your Security Group will have to allow all traffic to access your instance while you're doing the install. You can make it more restrictive once everything is configured. You also need a URL that is publicly accessible for your SSL certs to be valid).
Access your site using the bare domain and look for it to be forwarded to https.
And here are the actual steps I used to get mine working on a Ubuntu EC2 VM (you might have to hum along to the tune of the install but you will get the idea):
apt-get update
apt-get upgrade -y
apt-get install nginx -y
cd /etc/nginx/sites-enabled/
vim default (see config below)
systemctl restart nginx
wget -q -O - http://pkg.jenkins-ci.org/debian/jenkins-ci.org.key | apt-key add -
echo "deb http://pkg.jenkins-ci.org/debian binary/" | tee -a /etc/apt/sources.list
add-apt-repository ppa:webupd8team/java -y
apt-get update
apt-get install oracle-java8-installer -y
apt-get install jenkins –y
systemctl status jenkins
cd /var/lib/jenkins/secrets/
cat initialAdminPassword
ufw enable
sudo add-apt-repository ppa:certbot/certbot
apt-get update
apt-get install python-certbot-nginx
ufw allow 'Nginx Full'
ufw allow OpenSSH
ufw status
certbot --nginx -d jenkins.example.com
Your default nginx config will look something like this:
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
server_name jenkins.example.com;
location / {
proxy_pass http://localhost:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
if ($scheme != "https") {
return 301 https://$host$request_uri;
}
When you run the certbot --nginx -d jenkins.example.com step, it will also insert some lines into your nginx config to set up the SLL and cert specifics.
After that, you should be good!
You need to configure Jenkins settings to HTTPS inside your EC2;
And if you are using Load Balance in front of the EC2, you also need to configure ELB to forward port to HTTPS.
How to install xsendfile for httpd 2.4 on amazon linux ami? Default package repositories from amazon and epel do not have a package for httpd 2.4, only for httpd 2.2. I would prefer not to compile the module if possible. Thank you.
I'm not aware of a quick Yum/apt-get style install for X-sendfile for Apache24 on an EC2 instance at the time of writing this answer, however compiling and installing the module your self is super easy:
Prepwork
Download mod_xsendfile.c from download section the link below
https://tn123.org/mod_xsendfile/
Install GCC for compiling
sudo yum install gcc
We need httpd24-devel for apxs
sudo yum install httpd24-devel.x86_64
Compiling and installation
sudo apxs -cia mod_xsendfile.c
Edit your http.conf add
<IfModule mod_xsendfile.c>
XSendFile on
XSendFilePath /home/path/to/private/files/to/serve/
</IfModule>
Restart Apache24
sudo service httpd restart
Done !
Check your phpinfo or apache_modules() to confirm all good and modify settings to your liking.
Enjoy efficient downloads :)
I'm trying do deploy a django project. I tried a lot of tutorials, but had no luck. I use a new clean Ubuntu 11.10. I've performed
apt-get install nginx
apt-get install uwsgi
service nginx start
I've created folder /deploy/project1 and put there manage.py and other files.
My current /deploy/project1/project1/wsgi.py contains:
import os
os.environ.setdefault("DJANGO_SETTINGS_MODULE", "project1.settings")
from django.core.wsgi import get_wsgi_application
application = get_wsgi_application()
So, could you tell me how to deploy my django app for domain.com properly?
I've also installed Django via pip and easy_install
What should I add in /etc/nginx/sites-enabled/default.
Assuming that you have installed all requirement and you are using the aptitude packages then you don't need the wsgi.py. All the configuration is in the uwsgi ini/xml/yaml file. (take the format that you prefer).
Here is a minimal example for example.com file for nginx(/etc/nginx/sites-available/examplecom for ubuntu 11.10)
server {
listen 80;
server_name example.com;
access_log /var/log/nginx/projectname.log;
location /media {
alias /vagrant/test/projectname/media/;
}
location /static {
alias /vagrant/test/projectname/static/;
}
location / {
uwsgi_pass unix:///run/uwsgi/projectname/socket;
include uwsgi_params;
}
}
Create a symbolic link to /etc/nginx/sites-enabled
sudo ln -s /etc/nginx/sites-available/examplecom /etc/nginx/sites-enabled/examplecom
or
sudo /usr/sbin/nxensite examplecom
You are done with NGINX.
Go to /etc/uwsgi/apps-available and create your ini file
sudo vim /etc/uwsgi/apps-available/projectname.ini
[uwsgi]
virtualenv=/home/vagrant/.virtualenvs/projectenv
thread=3
master=1
env = DJANGO_SETTINGS_MODULE=projectname.settings
module = django.core.handlers.wsgi:WSGIHandler()
chdir = /path/to/my/django/project
socket = /run/uwsgi/projectname/socket
logto = /var/log/uwsgi/projectname.log
Point your ini to /etc/uwsgi/apps-enabled/projectname.ini
sudo ln -s /etc/uwsgi/apps-available/projectname.ini /etc/uwsgi/apps-enabled/projectname.ini
For more information, see any of these files on your system:
/etc/uwsgi/apps-available/README
/etc/uwsgi/apps-enabled/README
/usr/share/doc/uwsgi/README.Debian.gz
/etc/default/uwsgi
You are done. You can now restart nginx & uwsgi
sudo service nginx restart
sudo service uwsgi restart
Cheers!
Do not forget that Debian's, Ubuntu's and its derivates' uwsgi package does not require installation of its Python plugin — uwsgi-plugin-python, because uWSGI does not necessarily uses only Python (there are plugins for Lua, Erlang and other languages). However, Django requires Python plugin. Install it:
sudo apt install uwsgi-plugin-python
Unlike PIP's installation, you should explicitly mention uwsgi's plugin used in the app's config by adding a plugins = python line to it (if you use Python), like this:
[uwsgi]
plugins = python
uwsgi-socket = /var/sockets/django.sock
chmod-socket = 660
chdir = /home/v/django
module = project.wsgi
Unless you do this, there will be no Python-specific options available. And Debian's/Ubuntu's uWSGI will be just quiet about it!