I have been trying to auto transfer all requests to https protocol using nginx in django in ec2 instance but i am unable to do so.. here is my nginx file..
please suggest me the problem.
nginx file
server{
listen 443 ssl;
server_name www.priyamarya.com;
location = /favicon.ico { access_log off; log_not_found off; }
location /static/ {
root /home/ubuntu/project/aryapriyam/;
}
location / {
include proxy_params;
proxy_pass http://unix:/home/ubuntu/project/aryapriyam/project.sock;
}
}
server{
listen 80;
server_name priyamarya.com;
return 301 https://www.priyamarya.com;
location = /favicon.ico { access_log off; log_not_found off; }
location /static/ {
root /home/ubuntu/project/aryapriyam/;
}
location / {
include proxy_params;
proxy_pass http://unix:/home/ubuntu/project/aryapriyam/project.sock;
}
}
i have also added this in settings.py
settings.py
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
SECURE_SSL_REDIRECT =True
SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True
gunicorn.service
[Unit]
Description=gunicorn daemon
After=network.target
[Service]
User=ubuntu
Group=www-data
WorkingDirectory=/home/ubuntu/project/aryapriyam
ExecStart=/home/ubuntu/project/venv/bin/gunicorn --access-logfile - --
workers 3 --chdir /home/ubuntu/project/aryapriyam/ --bind
unix:/home/ubuntu/project/aryapriyam/project.sock
project.wsgi:application
[Install]
WantedBy=multi-user.target
i have also set my hostedzone A type record set to the alias provided by elb load balancer.
i have tried a lot of things like returning the https://sitename , and creating a different server block for both protocols but than it starts a loop in between requests. this is why i am posting the code from which i initially started. i have searched a lot but nothing is helping in regards of nginx and django both, please help.. i want all my forms request also to go through https only.
You need to add other server block for ssl and use following config for ssl
This config also redirects http request to https (i.e ssl port 443)
server {
listen 80;
server_name testing.com;
return 301 https://testing.com;
location = /favicon.ico { access_log off; log_not_found off; }
location / {
include proxy_params;
proxy_pass http://unix:/home/ubuntu/sample_project/sample_project.sock;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name testing.com;
ssl on;
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
location /static/ {
root /home/ubuntu/sample_project;
}
location / {
include proxy_params;
proxy_pass http://unix:/home/ubuntu/sample_project/sample_project.sock;
}
}
Related
As the title says I want to host two different django project in the same droplet (NGINX, Gunicorn, ubuntu) with different subdomains. One will be our main site example.com. which is up and running and working perfectly. We want to host the staging site staging.example.com in the same droplet.
We have created new sockets and service files for the staging site and activated and enabled them but the issue is nginx still points to the files in main domain directory rather than the staging directory and hence we get this error below even though these domains have been added in the allowed hosts of settings.py of the staging site
DisallowedHost at /
Invalid HTTP_HOST header: 'staging.example.com'. You may need to add 'staging.example.com' to ALLOWED_HOSTS
Here is our staging.guinicorn.service file
[Unit]
Description=staging.gunicorn daemon
Requires=staging.gunicorn.socket
After=network.target
[Service]
User=admin
Group=www-data
WorkingDirectory=/home/admin/example1staging
ExecStart=/home/admin/example1staging/venv/bin/gunicorn --access-logfile - --workers 3 --bind unix:/run/staging.gunicorn.sock djangoproject.wsgi:application
[Install]
WantedBy=multi-user.target
Here is our staging.guicorn.socket file
[Unit]
Description=staging.gunicorn socket
[Socket]
ListenStream=/run/staging.gunicorn.sock
[Install]
WantedBy=sockets.target
Lastly here is our nginx config
server {
listen 80;
listen [::]:80;
server_name example.com www.example.com;
return 302 https://$server_name$request_uri;
}
server {
# SSL configuration
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /etc/ssl/cert.pem;
ssl_certificate_key /etc/ssl/key.pem;
ssl_client_certificate /etc/ssl/cloudflare.crt;
ssl_verify_client on;
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
location = /favicon.ico { access_log off; log_not_found off; }
location /static/ {
root /home/admin/example1;
}
location / {
include proxy_params;
proxy_pass http://unix:/run/gunicorn.sock;
}
}
server {
listen 80;
listen [::]:80;
server_name staging.example.com www.staging.example.com;
return 302 https://$server_name$request_uri;
}
server {
# SSL configuration
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /etc/ssl/cert.pem;
ssl_certificate_key /etc/ssl/key.pem;
ssl_client_certificate /etc/ssl/cloudflare.crt;
ssl_verify_client on;
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
location = /favicon.ico { access_log off; log_not_found off; }
location /static/ {
root /home/admin/example1staging;
}
location / {
include proxy_params;
proxy_pass http://unix:/run/staging.gunicorn.sock;
}
}
Some help here would be extremely welcome.
I have a domain say 'mydjango.com' . When its called i want to handle the request on multiple ports on the same IP. 122.34.55.1:8000 , 122.34.55.1:8001, 122.34.55.1:8002
This is expected for load balancing. I am using wsgi, dgango and ngix.
My nginx config file /etc/nginx/sites-available/djwsgi is -
server {
listen 80;
listen 8001;
listen 8002;
listen 8003;
location = /favicon.ico { access_log off; log_not_found off; }
root /home/raka/djwsgi;
server_name mydjango.com;
location /static/ {
root /home/raka/djwsgi;
}
location / {
include uwsgi_params;
uwsgi_pass unix:/run/uwsgi/djwsgi.sock;
}
}
But by default mydjango.com is mapped with port 80 only.
Other ports are being called when i am mentioning port number like mydjango.com:8002
What i need is - when i call mydjango.com nginx should call next port every time.
Like, 80 then 8001 then 8002, 8003, then 80, 8001, .
Please any body suggest any idea !
Thanks
I'm not sure that's what you want. Tell me
upstream mydjangoback {
server 127.0.0.1:8000;
server 127.0.0.1:8001;
server 127.0.0.1:8002;
}
server {
listen 80;
location = /favicon.ico { access_log off; log_not_found off; }
root /home/raka/djwsgi;
server_name mydjango.com;
location /static/ {
root /home/raka/djwsgi;
}
location / {
proxy_pass http://mydjangoback;
}
}
I found the complete solution. I am posting that here.
This is how nginx and wsgi used to balance the load on our sites and avoid manual running of Django application on server.
upstream backend {
server 127.0.1.1:8002;
server 127.0.1.1:8001;
server 127.0.1.1:8000;
}
server {
listen 80;
listen [::]:80;
location = /favicon.ico { access_log off; log_not_found off; }
root /home/raka/djwsgi;
server_name mysite.com;
location /static/ {
root /home/raka/djwsgi;
}
location / {
include uwsgi_params;
uwsgi_pass unix:/run/uwsgi/djwsgi.sock;
proxy_pass http://backend;
}
}
server {
listen 8000;
listen 8001;
listen 8002;
location = /favicon.ico { access_log off; log_not_found off; }
root /home/raka/djwsgi;
server_name mysite.com;
location /static/ {
root /home/raka/djwsgi;
}
location / {
include uwsgi_params;
uwsgi_pass unix:/run/uwsgi/djwsgi.sock;
}
}
There are many key which could be set in above configuration to achieve extra benefit.
Like in wsgi configuration file we can mention the number of processes.
I have a VPS on Digital Ocean with Ubuntu 18.04, Nginx, Gunicorn, Django, and a test web application, all configured (ufw) to work with http: 80. Everything works perfectly. Tutorial
Now I modify the file /sites-available/LibrosWeb to allow SSL traffic with a self-signed certificate, since I do not have a domain. Tutorial. Result "Error 502 Bad Gateway".
This is the initial code that works well with http: 80:
server{
#Configuracion http
listen 80;
listen [::]:80;
server_name 15.15.15.15;
location = /favicon.ico { access_log off; log_not_found off; }
location /robots.txt {
alias /var/www/LibrosWeb/robots.txt ;
}
location /static/ {
root /home/gela/LibrosWeb;
}
location / {
include proxy_params;
proxy_pass http://unix:/run/gunicorn.sock;
}
}
And this is the code to allow SSL (error 502):
server{
#Configuracion SSL
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name 15.15.15.15;
include snippets/self-signed.conf;
include snippets/ssl-params.conf;
location = /favicon.ico { access_log off; log_not_found off; }
location /robots.txt {
alias /var/www/LibrosWeb/robots.txt ;
}
location /static/ {
root /home/gela/LibrosWeb;
}
location / {
include proxy_params;
proxy_pass https://unix:/run/gunicorn.sock;
}
}
server{
#Configuracion http
listen 80;
listen [::]:80;
server_name 15.15.15.15;
return 302 https://15.15.15.15$request_uri;
}
UFW configured as:
80,443/tcp (Nginx Full) ALLOW IN Anywhere
80,443/tcp (Nginx Full (v6)) ALLOW IN Anywhere (v6)
The files /etc/nginx/snippets/self-signed.conf and /etc/nginx/snippets/ssl-params.conf are the same as those in the tutorial.
I've been testing configurations for two days and the most I could get is that I work halfway, that is, I can show the default page of django but not the one of my application, if I put the code like this:
server{
#Configuracion http
listen 80;
listen [::]:80;
server_name 15.15.15.15;
return 302 https://15.15.15.15$request_uri;
location = /favicon.ico { access_log off; log_not_found off; }
location /robots.txt {
alias /var/www/LibrosWeb/robots.txt ;
}
location /static/ {
root /home/gela/LibrosWeb;
}
}
server{
#Configuracion SSL
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name 15.15.15.15;
include snippets/self-signed.conf;
include snippets/ssl-params.conf;
location / {
include proxy_params;
proxy_pass https://unix:/run/gunicorn.sock;
}
}
What is wrong, or what is missing?
I think my days of suffering are over. After reading hundreds of logs, I found the problem. An update of Whitenoise to 4.0 where you must change the shape of the configuration, caused that with my old configuration the gunicorn service will throw errors. The rest is all right.
http://whitenoise.evans.io/en/stable/django.html#django-middleware
Thanks for the help.
Good day.
family, Im having a little trouble to make nginx server load static file collected by django. here is my nginx sites-available
server {
listen 80;
server_name <my_ip_address>;
location / {
proxy_pass http://127.0.0.1:8000;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Real-IP $remote_addr;
}
location /asset/ {
autoindex on;
alias /var/www/html/dev2_assets/;
}
}
Down here is my Django STATIC_URL and STATIC_ROOT configurations
STATIC_URL = '/assets/'
STATICFILES_DIRS = (
os.path.join(BASE_DIR, "assets"),
)
STATIC_ROOT = '/var/www/html/dev2_assets/'
When i run the application with ./manage.py runserver its loads all the static files. Any help. Thanks
Your problem is your Location.
Your not specifying a root for it, also in your settings.py your declaring assets but in your location your declaring asset with a missing s. try changing it to something like this:
location /assets/ {
autoindex on;
root /var/www/html/dev2_assets;
}
Also for debugging purposes try added this above location:
error_log /var/log/nginx/error.log;
Then you will get a specific error message about it not being able to retrive your static files.
Lastly are you sure your utilyzing nginx, django, and gunicorn correct?
Here is a copy of my site file for comparison:
# This redirects all incoming traffic on port 80 to 443
server {
listen 80;
server_name domain.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443;
ssl on;
ssl_certificate /etc/ssl/domain.com.chained.crt;
ssl_certificate_key /etc/ssl/domain.com.key;
server_name helius.dk;
access_log /var/log/nginx/nginx.vhost.access.log;
error_log /var/log/nginx/nginx.vhost.error.log;
#location = /favicon.ico { access_log off; log_not_found off; }
location /static/ {
root /home/user/projectname/static;
}
location / {
include proxy_params;
proxy_pass http://unix:/home/user/projectname/gunicorn.sock;
}
}
I have a web application in django framework and I have setup an nginx server to serve the site. I have also setup SSL into the site. The site works fine with both http and https.
Now I want to direct all http requests to https so my users always use the secure version.
Here is my nginx config:
server {
listen 80;
listen 443 ssl;
server_name site.com www.site.com;
ssl_certificate /path/to/SSL;
ssl_certificate_key /path/to/SSL/key;
location = /favicon.ico { access_log off; log_not_found off; }
location /site_media/static/ {
alias /home/user/folder/static/dist/;
}
location / {
include uwsgi_params;
uwsgi_pass unix:/tmp/site.sock;
}
}
Now when I insert a 301 redirect to https and restart the server, the site goes unresponsive.
return 301 https://$server_name$request_uri;
into my
server { ... }
Any idea how to fix this issue, any suggestions would be highly appreciated.
Placing an unprotected return statement into the server block will attempt to redirect both the http and https sites, resulting in a loop. You could place the return statement inside an if block and detect when the protocol is not https, or the more common solution is split the configuration across two server blocks, for example:
server {
listen 80;
server_name site.com www.site.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name site.com www.site.com;
ssl_certificate /path/to/SSL;
ssl_certificate_key /path/to/SSL/key;
location = /favicon.ico { access_log off; log_not_found off; }
location /site_media/static/ {
alias /home/user/folder/static/dist/;
}
location / {
include uwsgi_params;
uwsgi_pass unix:/tmp/site.sock;
}
}