Website goes unresponsive after directing to https in nginx server - django

I have a web application in django framework and I have setup an nginx server to serve the site. I have also setup SSL into the site. The site works fine with both http and https.
Now I want to direct all http requests to https so my users always use the secure version.
Here is my nginx config:
server {
listen 80;
listen 443 ssl;
server_name site.com www.site.com;
ssl_certificate /path/to/SSL;
ssl_certificate_key /path/to/SSL/key;
location = /favicon.ico { access_log off; log_not_found off; }
location /site_media/static/ {
alias /home/user/folder/static/dist/;
}
location / {
include uwsgi_params;
uwsgi_pass unix:/tmp/site.sock;
}
}
Now when I insert a 301 redirect to https and restart the server, the site goes unresponsive.
return 301 https://$server_name$request_uri;
into my
server { ... }
Any idea how to fix this issue, any suggestions would be highly appreciated.

Placing an unprotected return statement into the server block will attempt to redirect both the http and https sites, resulting in a loop. You could place the return statement inside an if block and detect when the protocol is not https, or the more common solution is split the configuration across two server blocks, for example:
server {
listen 80;
server_name site.com www.site.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name site.com www.site.com;
ssl_certificate /path/to/SSL;
ssl_certificate_key /path/to/SSL/key;
location = /favicon.ico { access_log off; log_not_found off; }
location /site_media/static/ {
alias /home/user/folder/static/dist/;
}
location / {
include uwsgi_params;
uwsgi_pass unix:/tmp/site.sock;
}
}

Related

Accessing via www. will show Nginx welcome page [+ Gunicorn + Django]

Nginx + Ubuntu 18.04 + Django 2.2.10
Accessing directly via "www.examples.com" will show nginx welcome page, but accessing anything else--"examples.com", "https://examples.com", "https://www.examples.com"--will work as expected.
On DigitalOcean, I have two A-type records [www.examples.com, examples.com] directing to the IP address--I believe they are correctly set up.
On my Django project, I have ALLOWED_HOSTS = ['localhost', 'examples.com', '137.68.49.136', 'www.examples.com'] set.
Here is my /etc/nginx/sites-available/project:
server {
server_name examples.com www.examples.com;
charset UTF-8;
error_log /home/jay/eco/nginx-error.log;
location = /favicon.ico { access_log off; log_not_found off; }
location /static {
alias /home/jay/eco/static;
}
location /media/ {
alias /home/jay/eco/media/;
}
location / {
include proxy_params;
proxy_pass http://unix:/run/gunicorn.sock;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/examples.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/examples.com/privkey.pem; # managed by Certb$
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = examples.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name examples.com;
return 404; # managed by Certbot
}
I believed this was everything but apparently not. What am I missing?
You have two server blocks, the first processes requests using the https protocol and the second processes requests using the http protocol. There is also a default server block in some other file, which responds with the Nginx welcome page.
The second server block in your question only processes requests for http://example.com. You need to add www.example.com to the server_name directive, and update the logic so that both domain names are redirected to the https service.
For example:
server {
listen 80;
listen [::]:80;
server_name example.com www.example.com;
return 301 https://$host$request_uri;
}
See this document for details.

HTTPS protocol not working with django and nginx on ec2 instance

I have been trying to auto transfer all requests to https protocol using nginx in django in ec2 instance but i am unable to do so.. here is my nginx file..
please suggest me the problem.
nginx file
server{
listen 443 ssl;
server_name www.priyamarya.com;
location = /favicon.ico { access_log off; log_not_found off; }
location /static/ {
root /home/ubuntu/project/aryapriyam/;
}
location / {
include proxy_params;
proxy_pass http://unix:/home/ubuntu/project/aryapriyam/project.sock;
}
}
server{
listen 80;
server_name priyamarya.com;
return 301 https://www.priyamarya.com;
location = /favicon.ico { access_log off; log_not_found off; }
location /static/ {
root /home/ubuntu/project/aryapriyam/;
}
location / {
include proxy_params;
proxy_pass http://unix:/home/ubuntu/project/aryapriyam/project.sock;
}
}
i have also added this in settings.py
settings.py
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
SECURE_SSL_REDIRECT =True
SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True
gunicorn.service
[Unit]
Description=gunicorn daemon
After=network.target
[Service]
User=ubuntu
Group=www-data
WorkingDirectory=/home/ubuntu/project/aryapriyam
ExecStart=/home/ubuntu/project/venv/bin/gunicorn --access-logfile - --
workers 3 --chdir /home/ubuntu/project/aryapriyam/ --bind
unix:/home/ubuntu/project/aryapriyam/project.sock
project.wsgi:application
[Install]
WantedBy=multi-user.target
i have also set my hostedzone A type record set to the alias provided by elb load balancer.
i have tried a lot of things like returning the https://sitename , and creating a different server block for both protocols but than it starts a loop in between requests. this is why i am posting the code from which i initially started. i have searched a lot but nothing is helping in regards of nginx and django both, please help.. i want all my forms request also to go through https only.
You need to add other server block for ssl and use following config for ssl
This config also redirects http request to https (i.e ssl port 443)
server {
listen 80;
server_name testing.com;
return 301 https://testing.com;
location = /favicon.ico { access_log off; log_not_found off; }
location / {
include proxy_params;
proxy_pass http://unix:/home/ubuntu/sample_project/sample_project.sock;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name testing.com;
ssl on;
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
location /static/ {
root /home/ubuntu/sample_project;
}
location / {
include proxy_params;
proxy_pass http://unix:/home/ubuntu/sample_project/sample_project.sock;
}
}

Problem when reconfiguring Nginx for SSL with self-signed certificate

I have a VPS on Digital Ocean with Ubuntu 18.04, Nginx, Gunicorn, Django, and a test web application, all configured (ufw) to work with http: 80. Everything works perfectly. Tutorial
Now I modify the file /sites-available/LibrosWeb to allow SSL traffic with a self-signed certificate, since I do not have a domain. Tutorial. Result "Error 502 Bad Gateway".
This is the initial code that works well with http: 80:
server{
#Configuracion http
listen 80;
listen [::]:80;
server_name 15.15.15.15;
location = /favicon.ico { access_log off; log_not_found off; }
location /robots.txt {
alias /var/www/LibrosWeb/robots.txt ;
}
location /static/ {
root /home/gela/LibrosWeb;
}
location / {
include proxy_params;
proxy_pass http://unix:/run/gunicorn.sock;
}
}
And this is the code to allow SSL (error 502):
server{
#Configuracion SSL
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name 15.15.15.15;
include snippets/self-signed.conf;
include snippets/ssl-params.conf;
location = /favicon.ico { access_log off; log_not_found off; }
location /robots.txt {
alias /var/www/LibrosWeb/robots.txt ;
}
location /static/ {
root /home/gela/LibrosWeb;
}
location / {
include proxy_params;
proxy_pass https://unix:/run/gunicorn.sock;
}
}
server{
#Configuracion http
listen 80;
listen [::]:80;
server_name 15.15.15.15;
return 302 https://15.15.15.15$request_uri;
}
UFW configured as:
80,443/tcp (Nginx Full) ALLOW IN Anywhere
80,443/tcp (Nginx Full (v6)) ALLOW IN Anywhere (v6)
The files /etc/nginx/snippets/self-signed.conf and /etc/nginx/snippets/ssl-params.conf are the same as those in the tutorial.
I've been testing configurations for two days and the most I could get is that I work halfway, that is, I can show the default page of django but not the one of my application, if I put the code like this:
server{
#Configuracion http
listen 80;
listen [::]:80;
server_name 15.15.15.15;
return 302 https://15.15.15.15$request_uri;
location = /favicon.ico { access_log off; log_not_found off; }
location /robots.txt {
alias /var/www/LibrosWeb/robots.txt ;
}
location /static/ {
root /home/gela/LibrosWeb;
}
}
server{
#Configuracion SSL
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name 15.15.15.15;
include snippets/self-signed.conf;
include snippets/ssl-params.conf;
location / {
include proxy_params;
proxy_pass https://unix:/run/gunicorn.sock;
}
}
What is wrong, or what is missing?
I think my days of suffering are over. After reading hundreds of logs, I found the problem. An update of Whitenoise to 4.0 where you must change the shape of the configuration, caused that with my old configuration the gunicorn service will throw errors. The rest is all right.
http://whitenoise.evans.io/en/stable/django.html#django-middleware
Thanks for the help.
Good day.

Nginx Django after add SSL get too many redirects error

Fist of all sorry for my bad english.
I'm having a problem configuring LetsEncrypt in my webapp, i make it work now i can access using https://www.myproject.com but if i try to use www.myproject.com, myproject.com or even https://myproject.com without the www i always get the error ERR_TOO_MANY_REDIRECTS.
This is my nginx config in /etc/nginx/sites-available/myproject
server {
listen 80;
listen [::]:80;
server_name myproject.com www.myproject.com;
return 301 https://$server_name$request_uri;
}
server {
# SSL configuration
listen 443 ssl http2;
listen [::]:443 ssl http2;
include snippets/ssl-myproject.com.conf;
include snippets/ssl-params.conf;
location = /favicon.ico { access_log off; log_not_found off; }
location /static/ {
root /home/user;
}
location /media/ {
root /home/user;
}
location /.well-known {
alias /home/user/myproject/.well-known;
}
location / {
include proxy_params;
proxy_pass http://unix:/home/user/myproject.sock;
}
}
I check a lot of questions like mine but in php projects try the solutions but still not found one to solve my problem.
if helps i have to say that i have cloudflare free configure for my domain
Thanks!
FIX: If you use cloudflare in your web when you install SSL certificates have to put the SSL cloudflare configuration in Full or Full(strict).

Route53 routing issue DNS address could not be found

Hello I have two domains registered on Route53, www.sample.com and sample.com
Right now www.sample.com's A record is pointing to an elastic ip that is bound to an EC2 (Using Django + Gunicorn + Nginx). www.sample.com website works perfectly fine so I try to reroute sample.com's A record to the same ip, but I keep getting the issue DNS address could not be found. Anyone know why?
Do I have to change the nginx configuration file to be listening to sample.com as well?
Here is the configuration file
server {
listen 80;
server_name www.sample.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name www.sample.com
# add Strict-Transport-Security to prevent man in the middle attacks
add_header Strict-Transport-Security "max-age=31536000";
ssl_certificate /etc/nginx/ssl/sample_com/ssl-bundle.crt;
ssl_certificate_key /etc/nginx/ssl/sample_com/sample_com.key;
# side note: only use TLS since SSLv2 and SSLv3 have had recent vulnerabilities
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
root /home/ubuntu/sample_Landing_page/;
location = /favicon.ico { access_log off; log_not_found off; }
location /static/ {
alias /home/ubuntu/sample_Landing_page/static/static_root/;
expires 365d;
}
location / {
include proxy_params;
proxy_pass
http://unix:/home/ubuntu/sample_Landing_page/sample_Landing.sock;
}
}