I'm having an issue with my nginx configuration.
I receive the error ERR: TOO MANY REDIRECTS
If I change the var SECURE_SSL_REDIRECT = True to False the error goes away but I believe this is causing issue with my channels setup, my websockets are unable to complete handshake.
I found this link which I think is my problem but I don't know how to fix it.
I tried changing proxy_pass http://unix... to https://unix... which causes the redirects to stop but the page won't load.
server {
server_name myproject.com;
location = /favicon.ico { access_log off; log_not_found off; }
location /static/ {
alias /home/xx/myproject/static/;
}
location /static/admin/ {
alias /home/xx/myproject/static/admin/;
}
location /media/ {
alias /home/xx/myproject/media/;
}
location / {
include proxy_params;
proxy_pass http://unix:/home/xx/myproject/myproject.sock;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/myproject.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/myproject.com/privkey.pem; # managed by Certb$
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = myproject.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name myproject.com;
return 404; # managed by Certbot
}
Related
I'm getting an error while connecting the websocket.
And I have read similar Q&A on stackoverflow but still not working for me. I've been trying all sorts of ways for days but still can't make the connection. This is my mistake
The server I use is: Django + Gunicorn + Nginx + Daphne
Browser error
WebSocket connection to 'wss://mydomain/ws/some_url/' failed:
Below is my config on the server
Ngnix config:
server {
server_name ****** mydomain www.mydomain;
location = /favicon.ico { access_log off; log_not_found off; }
location /static/ {
alias /home/django/magi/src/staticfiles/;
}
location / {
include proxy_params;
proxy_pass http://unix:/run/gunicorn.sock;
}
location /ws/ {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_redirect off;
proxy_pass http://127.0.0.1:8001;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/mydomain/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/mydomain/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}server {
if ($host = www.mydomain) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host =mydomain) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name ****** mydomain www.mydomain;
listen 80;
return 404; # managed by Certbot
}
If you need to check any files, please comment below so I can add them!
Thank you very much
This issue is probably because you haven't added an upstream block in the Nginx configuration which will allow your WebSocket requests to get redirected on port 8001.
your Nginx config should be like below:
upstream channels-backend {
server localhost:8001;
}
server {
server_name ****** mydomain www.mydomain;
location = /favicon.ico { access_log off; log_not_found off; }
location /static/ {
alias /home/django/magi/src/staticfiles/;
}
location / {
include proxy_params;
proxy_pass http://unix:/run/gunicorn.sock;
}
location /ws/ {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_redirect off;
proxy_pass http://127.0.0.1:8001;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/mydomain/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/mydomain/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}server {
if ($host = www.mydomain) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host =mydomain) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name ****** mydomain www.mydomain;
listen 80;
return 404; # managed by Certbot
}
Also, try to first remove the SSL configuration for HTTPS and WSS you did by using Certbot and make sure everything is working under HTTP and WS.
If it is still not working on WSS even after adding the upstream block, check for redirect config added by Certbot, try to remove them, and test it.
server {
if ($host = www.mydomain) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host =mydomain) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name ****** mydomain www.mydomain;
listen 80;
return 404; # managed by Certbot
}
I have Django website hosted to DigitalOcean , i'm using postgres db , nginx , gunicorn and ubuntu 18.04. I'm using django authentication system, i created normal user, but i could logged in successfully only few times after creating the new account after that i got Bad Request (400) , and the admin was running with css style but now only html in rendered , but the style in other pages that users can visit are working fine with style. the two problems appears in the same time.
when i turn debug to true i got :
SuspiciousFileOperation at /fr/account/login/
Storage can not find an available filename for "users/2020/07/03/users/2020/07/03/users/2020/07/03/users/2020/07/03/users/2020/07/03/users/2020/07/03/no__QKvIRQ8_2N3XJKL.png". Please make sure that the corresponding file field allows sufficient "max_length".
This is my nginx configuration
Please help me
Thanks in advance
server {
server_name server_domain_or_IP;
location = /favicon.ico { access_log off; log_not_found off; }
location /static/ {
root /home/sammy/myprojectdir;
}
location /media/ {
root /home/sammy/myprojectdir;
image_filter_buffer 10M;
}
location / {
include proxy_params;
proxy_pass http://unix:/run/gunicorn.sock;
}
client_max_body_size 100M;
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/server_domain_or_IP/fullchain.pem; # managed $
ssl_certificate_key /etc/letsencrypt/live/server_domain_or_IP/privkey.pem; # manage$
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = server_domain_or_IP) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = server_domain_or_IP) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name server_domain_or_IP;
return 404; # managed by Certbot
client_max_body_size 100M;
}
I'd like to add ssl certificate to my django app. I've followed tutorial so the nginx config for domain was changed but now it looks like generated certificate is incorrect.
nginx conf before certbot modifications
server {
listen 80;
listen [::]:80;
server_name doamin.com www.domain.com;
location = /favicon.ico { access_log off; log_not_found off; }
location /static/ {
root /home/poul3r/doamin.com;
}
location / {
include proxy_params;
proxy_pass http://unix:/run/gunicorn.sock;
}
}
and after certbot action
server {
server_name doamin.com www.doamin.com;
location = /favicon.ico { access_log off; log_not_found off; }
location /static/ {
root /home/poul3r/doamin.com;
}
location / {
include proxy_params;
proxy_pass http://unix:/run/gunicorn.sock;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/doamin.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/doamin.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = doamin.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name doamin.com www.doamin.com;
return 404; # managed by Certbot
}
What I'm doing wrong or what could went wrong during letsencypt implementation ?
I've already found solution for this problem. Based info from solution I realized, there is one more app on nginx that does not have ssl certification but redirect to 443. When I changed theirs config to listen only on 80, first domain works correctly.
I have 2 machines one is django (https://orgofoods.com) and another one is wordpress (https://blog.orgofoods.com). Django is running with nginx, gunicorn and the configuration goes like this
upstream app_server {
server unix:/home/django/gunicorn.socket fail_timeout=0;
}
server {
root /usr/share/nginx/html;
index index.html index.htm;
client_max_body_size 4G;
server_name orgofoods.com;
keepalive_timeout 5;
# Your Django project's media files - amend as required
location /media {
alias /home/django/django_project/django_project/media;
}
# your Django project's static files - amend as required
location /static {
alias /home/django/django_project/django_project/static;
}
# Proxy the static assests for the Django Admin panel
location /static/admin {
alias /usr/lib/python2.7/dist-packages/django/contrib/admin/static/admin/;
}
location /blog {
proxy_pass https://blog.orgofoods.com;
}
location /blog/wp-content {
proxy_pass https://blog.orgofoods.com/wp-content;
}
location /blog/wp-includes {
proxy_pass https://blog.orgofoods.com/wp-includes;
}
location /blog/wp-login.php {
proxy_pass https://blog.orgofoods.com/wp-login.php;
}
location /blog/wp-admin {
proxy_pass https://blog.orgofoods.com/wp-admin;
}
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_redirect off;
proxy_buffering off;
proxy_pass http://app_server;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/orgofoods.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/orgofoods.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = orgofoods.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
server_name orgofoods.com;
return 404; # managed by Certbot
}
but when i try to access orgofoods.com/blog it is returning 404 error, and the request is handled by nginx where as it needs to be handled by apache, please any one can shed some light on it.
dev tools network screenshot
Thanks in advance
p.s.: i followed this tutorial (https://jeffreyeverhart.com/2016/12/11/wordpress-nginx-proxy-server-subdomain-subdirectory)
I am using Nginx and Gunicorn to host a Django project. I need to secure this site, and as a test I set up Let's encrypt to an unused domain of mine. While tailing the Django access log, I noticed the following entry from time to time:
Invalid HTTP_HOST header: 'aydinfatih.com'. You may need to add u'aydinfatih.com' to ALLOWED_HOSTS.
This is an unknown domain to me, and while trying to access the domain (it got 400 response), I could se more of these log entries on my server. What is this? Is it related to my SSL-setup, and an indication that it's not secure?
server {
server_name example.com example.com;
location /static/ {
root /home/user/project/django-project;
}
location /media/ {
root /home/user/project/django-project;
}
location / {
include proxy_params;
proxy_pass http://unix:/home/user/project/project.sock;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
if ($scheme != "https") {
return 301 https://$host$request_uri;
} # managed by Certbot
}
server {
listen 80;
server_name my.server.ip.here example.com;
return 301 https://example.com;
}
I added the following to my server block:
if ($host !~* ^(example.com|www.example.com)$ ) {
return 444;
}
The unknown domain now displays 520. Is this the correct way to deal with this? Something else I've missed?
I misread your question. Here's a new answer.
Someone configs their DNS record to point their domain name to your server IP. Adding hostname checking certainly helps, but normally we use a default "catch all" server block to handle all unwanted requests:
# "Catch all" server
server {
server_name _;
return 444;
}
# Your site settings
server {
server_name example.com example.com;
location /static/ {
root /home/user/project/django-project;
}
location /media/ {
root /home/user/project/django-project;
}
location / {
include proxy_params;
proxy_pass http://unix:/home/user/project/project.sock;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
if ($scheme != "https") {
return 301 https://$host$request_uri;
} # managed by Certbot
}
server {
listen 80;
server_name my.server.ip.here example.com;
return 301 https://example.com;
}