I have a subdomain as : app.example.com
Now I want to serve a static website on app.example.com which does some API based querying on the Django app which I want to host on same base URL something like : app.example.com/app/api....
But I am unable to do so. My Nginx configuration is as follows :
server {
root /home/ubuntu/dist/;
index index.html index.htm index.nginx-debian.html;
server_name app.example.com;
location / {
alias /home/ubuntu/dist/ ;
try_files $uri /$uri index.html last;
}
location /admind {
alias /home/ubuntu/admind/dist/ ;
try_files $uri /$uri/ index.html last;
}
location /app/ {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://gunicorn;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/app.example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/app.example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
# listen 80;
# listen [::]:80;
#
# server_name example.com;
#
# root /var/www/example.com;
# index index.html;
#
# location / {
# try_files $uri $uri/ =404;
# }
#}
server {
if ($host = app.example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 default_server;
listen [::]:80 default_server;
server_name app.example.com;
return 404; # managed by Certbot
}
Whenever I implement the following configuration app.example.com opens as expected but the Django app url app.example.com/app/api or for that matter /app/admin/ of Django Admin doesn't open up and throws 404.
TIA
How about you just append a BASE_URL to all the core url_patterns, something like,
settings.py
BASE_URl = 'app/'
urls.py
from django.conf import settings
from django.urls import path
from .views import *
urlpatterns = [
path("%sadmin/" % settings.BASE_URL, AdminView, name='admin'),
path("%sapi/" % settings.BASE_URL, MyAPIView, name="myapi"),
]
This way all your URLs already start with app/, so even if you reverse proxy the root app.example.com it'll still serve on app/
You need to add a header to tell Django you are serving from a sub-path.
location /app/ {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header SCRIPT_NAME app;
proxy_redirect off;
proxy_pass http://gunicorn;
}
Related
I have a files in files and favicon.ico in static folder. Webpages is served by Nginx, favicon is not visible and files are not accessible. I tried reading some post but they fixing is not working on my. Here is configuration.
The webpage is working but icon is not rendering.
$ cat /etc/nginx/sites-enabled/my_app
server {
server_name www.mysite.com;
location /static/ {
# handle static files directly, without forwarding to the application
alias /home/ubuntu/mysite/app/static/;
expires 30d;
}
location = /_favicon.ico {
alias /home/ubuntu/mysite/app/static/favicon.ico;
}
location / {
# forward application requests to the gunicorn server
proxy_pass http://localhost:8000;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/www.mysite.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/www.mysite.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.mysite.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name www.mysite.com;
return 404; # managed by Certbot
}
thanks in advance
We have a Django project that is served in production using Nginx and Gunicorn reverse-proxy setup. Everything seems to work except for one small detail. Somehow, the browser "sees" the following addresses as different sessions.
Suppose I log into the site using the example.com address.
Then, if I visit https://www.example.com, the browser does not see that the user has logged in.
When I visit www.example.com, I get a 404 error in the browser from Nginx.
My suspicion is that this has something to do with the way Nginx or Gunicorn are setup. Any help on how to resolve this discrepancy is appreciated.
Nginx config:
server {
root /home/example/mysite;
# Add index.php to the list if you are using PHP
index index.html index.htm;
server_name example.com www.example.com;
client_max_body_size 512M;
location /static/ {
alias /home/example/mysite/static/;
expires 30d;
add_header Vary Accept-Encoding;
access_log off;
}
location /media {
alias /home/example/mysite/media/;
expires 30d;
add_header Vary Accept-Encoding;
access_log off;
}
location / {
# try_files $uri $uri/ =404;
proxy_pass http://127.0.0.1:8080;
proxy_set_header Host $server_name;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_connect_timeout 6000;
proxy_send_timeout 6000;
proxy_read_timeout 6000;
send_timeout 6000;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /home/ubuntu/ssl/example_com_chain.crt;
ssl_certificate_key /home/ubuntu/ssl/server.key;
#include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
#ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 default_server;
listen [::]:80 default_server;
server_name example.com www.example.com;
return 404; # managed by Certbot
}
to redirect
http://www.example.com
http://example.com
https://www.example.com
to
https://example.com
you need to make changes in your nginx vhost config file like so:
# Resirect 'http www' and 'http non-www' traffic to 'https non-www'
server {
listen 80;
server_name example.com www.example.com;
return 301 https://example.com$request_uri;
}
# Resirect 'https www' traffic to 'https non-www'
server {
listen 443 ssl;
server_name www.example.com;
return 301 https://example.com$request_uri;
}
# https://example.com
server {
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
server_name example.com;
root /home/example/mysite;
# Add index.php to the list if you are using PHP
index index.html index.htm;
client_max_body_size 512M;
location /static/ {
alias /home/example/mysite/static/;
expires 30d;
add_header Vary Accept-Encoding;
access_log off;
}
location /media {
alias /home/example/mysite/media/;
expires 30d;
add_header Vary Accept-Encoding;
access_log off;
}
location / {
# try_files $uri $uri/ =404;
proxy_pass http://127.0.0.1:8080; # HERE review this line it should be the server IP not localhost
proxy_set_header Host $server_name;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_connect_timeout 6000;
proxy_send_timeout 6000;
proxy_read_timeout 6000;
send_timeout 6000;
}
ssl_certificate /home/ubuntu/ssl/example_com_chain.crt;
ssl_certificate_key /home/ubuntu/ssl/server.key;
# include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
# ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
this thread may helps you https://www.digitalocean.com/community/questions/redirecting-https-www-domain-to-non-www-domain-with-nginx (my answer is based on)
and in your settings.py:
ALLOWED_HOSTS = [
'example.com', # https non-www
]
# SESSION_COOKIE_SECURE = True
# CSRF_COOKIE_SECURE = True
for more details see
https://docs.djangoproject.com/en/3.1/topics/security/#ssl-https
https://security.stackexchange.com/questions/8964/trying-to-make-a-django-based-site-use-https-only-not-sure-if-its-secure?newreg=bf8583d7f6d34236b7c6cbfb0fe315b4
I have 2 machines one is django (https://orgofoods.com) and another one is wordpress (https://blog.orgofoods.com). Django is running with nginx, gunicorn and the configuration goes like this
upstream app_server {
server unix:/home/django/gunicorn.socket fail_timeout=0;
}
server {
root /usr/share/nginx/html;
index index.html index.htm;
client_max_body_size 4G;
server_name orgofoods.com;
keepalive_timeout 5;
# Your Django project's media files - amend as required
location /media {
alias /home/django/django_project/django_project/media;
}
# your Django project's static files - amend as required
location /static {
alias /home/django/django_project/django_project/static;
}
# Proxy the static assests for the Django Admin panel
location /static/admin {
alias /usr/lib/python2.7/dist-packages/django/contrib/admin/static/admin/;
}
location /blog {
proxy_pass https://blog.orgofoods.com;
}
location /blog/wp-content {
proxy_pass https://blog.orgofoods.com/wp-content;
}
location /blog/wp-includes {
proxy_pass https://blog.orgofoods.com/wp-includes;
}
location /blog/wp-login.php {
proxy_pass https://blog.orgofoods.com/wp-login.php;
}
location /blog/wp-admin {
proxy_pass https://blog.orgofoods.com/wp-admin;
}
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_redirect off;
proxy_buffering off;
proxy_pass http://app_server;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/orgofoods.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/orgofoods.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = orgofoods.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
server_name orgofoods.com;
return 404; # managed by Certbot
}
but when i try to access orgofoods.com/blog it is returning 404 error, and the request is handled by nginx where as it needs to be handled by apache, please any one can shed some light on it.
dev tools network screenshot
Thanks in advance
p.s.: i followed this tutorial (https://jeffreyeverhart.com/2016/12/11/wordpress-nginx-proxy-server-subdomain-subdirectory)
I'm trying to create a django site on my nginx server. I already have other site in other sub-folders. I use gunicorn service to redirect from nginx to django.
I'm able to access the default django welcome page (https://example.com/django/) but I can't go to the admin page of my django site (if I enter https://example.com/django/admin, it redirect me to https://example.com/admin/login/?next=/admin/ and I get a nginx 404). Renaming the redirection to https://example.com/django/admin/login/?next=/admin/ shows a plain html login page (like if the static content was not loaded).
I'm only starting webdev so I might be wrong, but is seems the error is in my nginx config.
Here is my nginx configuration file:
server {
listen 80;
server_name example.com www.example.com;
return 301 https://$host$request_uri;
}
server {
server_name example.com www.example.com;
# listen 80;
# SSL configuration
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # drop SSLv3 (POODLE vulnerability)
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
root /var/www/example.com;
index index.php index.html;
location / {
try_files $uri $uri/ $uri.html $uri.php$is_args$query_string;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
location ~ \.php$ {
include snippets/fastcgi-php.conf;
# With php-fpm (or other unix sockets):
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
# With php-cgi (or other tcp sockets):
#fastcgi_pass 127.0.0.1:9000;
}
location /biketrack {
try_files $uri $uri/ =404;
auth_basic "Restricted Content";
auth_basic_user_file /etc/nginx/.htpasswd;
}
# Django configuration
location /django/static/ {
alias /home/pi/elops-tracker-project/static;
}
location /django {
include proxy_params;
rewrite ^/django/(.*) /$1 break;
# alias /home/pi/elops-tracker-project
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header Host $http_host;
# proxy_set_header X-Forwarded-Host $server_name;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_redirect off;
# proxy_set_header SCRIPT_NAME /django
proxy_pass http://unix:/home/pi/elops-tracker-project/elops_tracker.sock;
}
}```
[SOLVED]
It caused by /etc/nginx/sites-enabled/default
default file already defines for in bound traffic, so when I delete it,It works fine.
I'm using Django/uwsgi/nginx.
And to access ssl, installed Lets encrypt.
Below source is nginx and uwsgi confirue file.
[project_rest.conf]
upstream django {t
server 127.0.0.1:8001;
}
server {
listen 8000;
server_name .mysitedomain.com;
charset utf-8;
client_max_body_size 75M; # adjust to taste
# Django media
location /media {
alias /home/app/project_rest/media; # your Django project's media files - amend as required
}
location /static {
alias /home/app/project_rest/static; # your Django project's static files - amend as required
}
# Finally, send all non-media requests to the Django server.
location / {
uwsgi_pass django;
include /home/app/project_rest/uwsgi_params; # the uwsgi_params file you installed
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/mysitedomain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/mysitedomain.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
(I created project_rest.conf and link to /etc/nginx/sites-enabled/)
[/etc/nginx/sites-available/default]
server {
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name mysitedomain.com www.mysitedomain.com;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# include snippets/fastcgi-php.conf;
#
# # With php7.0-cgi alone:
# fastcgi_pass 127.0.0.1:9000;
# # With php7.0-fpm:
# fastcgi_pass unix:/run/php/php7.0-fpm.sock;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/mysitedomain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/mysitedomain.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.mysitedomain.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = mysitedomain.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 default_server;
listen [::]:80 default_server;
server_name mysitedomain.com www.mysitedomain.com;
return 404; # managed by Certbot
}
[uwsgi.ini]
[uwsgi]
# the base directory (full path)
chdir=/home/app/project_rest
# Django's wsgi file
module=project_rest.wsgi:application
master=true
# maximum number of worker processes
processes=10
# the socket (use the full path to be safe
socket=127.0.0.1:8001
chmod-socket=664
chown-socket=app:app
pidfile=/tmp/project_rest.pid
# clear environment on exit
vacuum=true
max-requests=5000
daemonize=project_rest.uwsgi.log
(I used vitualenv)
after entered "uwsgi --ini uwsgi.ini", I can access to mysitedomain.com:8000 to my django's site.
But I can't access to https://mysitedomain.com:8000 while can access to https://mysitedomain.com
I want to access https://mysitedomain.com:8000, How can it implement?
Thanks.
[SOLVED]
It caused by /etc/nginx/sites-enabled/default
default file already defines for in bound traffic, so when I delete it,
It works fine.
server {
listen 80;
server_name example.com;
rewrite ^/(.*) https://example.com/$1 permanent;
}
server {
listen 443 ssl;
server_name example.com;
access_log /var/log/nginx/example.com_access.log combined;
error_log /var/log/nginx/example.com_error.log error;
ssl_certificate /etc/letsencrypt/live/mysitedomain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/mysitedomain.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
location /static/ {
alias /webapps/example/static/;
}
location /media/ {
alias /webapps/example/media/;
}
location / {
proxy_pass http://localhost:8000/;
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
Change the values with your domain and report feedback please