How to configure uWSGI to use ssl-socket instead of socket - django

I have an Apache reverse proxy server with a config:
ProxyPass /hub06/ uwsgi://myotherserver:8006/
ProxyPassReverse /hub06/ uwsgi://myotherserver:8006/
Then I have a second server running a Django app with uwsgi setup like this:
ssl-socket=0.0.0.0:8006,/home/user1/server.crt,/home/user1/server.key,HIGH
I am getting internal server error. When I use a plain socket without a certificate:
socket=0.0.0.0:8006
It works perfectly well.
Any ideas how to make ssl-socket work please?

mod_proxy_uwsgi does not currently support uwsgi over ssl (albeit it should be an easy addition). If you need ssl for backends, you may want to use https-socket (instead of ssl-socket) and mod_proxy_http

Related

NGINX Docker on Server with pre-existing NGINX on Ubuntu Server

I am currently running into an issue with one of my projects that will be running in Docker on my Ubuntu Server with a NGINX docker container to manage the reverse proxy for the Django Project. My issue I am running into is I already have previous Django projects running on that particular Ubuntu server so port 80 is already being used by a NGINX block running on the actual server.
Is there a workaround to running my Docker NGINX as well as the Ubuntu NGINX and have my docker image run as a "add on" site because the Django sites hosted there are clients websites, so I would prefer to not interfere with them if I dont have to.
My project needs HTTPS because it is serving data to a React-Native app running on Android APK 28 which for some reason has a security rule that blocks non HTTPS connections from happening in the app. If anyone else has run into an issue like this I would gladly appreciate the advice on how to tackle this issue.
I have tried running NGINX in Docker with port 81 instead of port 80 and that works perfectly, but I dont think there is a way to make a secure connection to port 81 is there?
Thanks in advance.
You can't just mess with default HTTP ports for endpoints - user browsers use 80 and 443 by default. If you change those, your users would have to connect to your.server.com:81 or something similar. Nobody would do that for a public server, but this can be an option for a private one.
I think a reasonable way out of this will be to use host's NGINX to proxy requests into Docker's NGINX (if there is sense in keeping it at all). You can handle HTTPS termination on host's NGINX and pass plain HTTP into Docker's one.
Another adequate option is to use another server, so that everything works with no dirty hacking involved.

How do you serve ember-cli from https://localhost:4200 in development

For our authentication to work with our ember app we need to serve the app from a secure url. We have a self signed ssl cert.
How do I setup the ember-cli to serve the index.html form a https domain.
Cheers
Also see https://stackoverflow.com/a/30574934/1392763.
If you will always use SSL you can set "ssl": true in the .ember-cli file for your project which will result in the ember serve command using SSL by default without having to pass the command line flag every time.
By default ember-cli will look in an ssl folder in the root of your project for server.key and server.crt files but you can customize that as well with the --ssl-key and --ssl-cert options to provide an alternate path.
If you don't already have a self signed SSL certificate for development you can follow these instructions to easily generate one: https://devcenter.heroku.com/articles/ssl-certificate-self
Example .ember-cli:
{
"disableAnalytics": false,
// Use SSL for development server by default
"ssl": true,
"ssl-key": "path/to/server.key",
"ssl-cert": "path/to/server.crt"
}
EDIT
For googlers, this is no longer true. Use ember-cli --ssl
Thx to xdumaine Jul 12 at 10:08***
emphasized textYou can't directly from ember-cli without putting your hand in the code which I don't recommend :)
If you want to go this way look at: node_modules/ember-cli/lib/tasks/server/express-server.js and may be also into node_modules/ember-cli/lib/tasks/server/livereload-server.js
For those who still want to go through a web server :
However there are other cleaner solutions, for example use nginx as a (reverse) proxy :) or ever serving directly from nginx on the /dist folder :)
Reverse basic example with nginx (didn't tried with ssl but should theoretically work :p) :
server {
listen 443;
server_name *.example.com;
ssl on;
ssl_certificate /path/to/your/certificate.crt;
ssl_certificate_key /path/to/your/key.key;
location / {
proxy_pass http://localhost:4200;
}
}
I said nginx but actually any webserver can do the trick right :)
NaB DO NOT USE ember serve IN PRODUCTION
I use the tunnels gem with pow port-proxying.
Update: more detail
Using a real web server (like the previous answer with nginx) is a great way to go, and is probably more like your production setup. However, I manage a lot of different projects, and am not that interested in managing an nginx configuration file for all of my projects. Pow makes it easy to make a lot of different projects available on port 80 on one development machine.
Pow has two main modes. The primary function is to be a simple server for Rack applications, accessed via a custom local domain such as http://my-application.dev/. This is done by symlinking ~/.pow/my-application to a directory that contains a rack application. However, pow can also proxy requests to a custom local domain to a specified port by creating a file that contains only the port number (such as echo 4200 > ~/.pow/my-application). This makes it easy to develop locally with an actual domain (also, as a side note, subdomains work too, which is really handy; for example, foobar.my-application.dev will also route to my-application).
Tunnels makes it easy to use pow with https.
Setup
# Install pow
curl get.pow.cx | sh
# Set up pow proxy for your ember app
echo 4200 > ~/.pow/my-application
# Start your ember server
ember serve # specify a port here if you used something else for pow proxy
# Check that http://my-application.dev correctly shows your ember app in the browser
# Install tunnels
gem install tunnels # possibly with sudo depending on your ruby setup
# Start tunnels
sudo tunnels
# Now https://my-application.dev should work

ProxyPass and ProxyPassReverse for Django app

I have a follow up question from my original Django serving question which was how to develop Django apps and serve them from the same server as my main PHP-based site (all part of a larger migration of my website from a static and PHP driven one to a series of Django apps).
I couldn't quite use the name server solution I was provided with, and instead just deployed my Django applications on a different port (8000) using mod_wsgi. Now, however, I need to actually integrate the Django application into the main site. In my Apache 2.0 configuration file (for say http://www.example.com) I added the following ProxyPass commands (after my mod_wsgi initialization):
ProxyPass /app/newsletter http://www.example.com:8000/app/newsletter
ProxyPassReverse /app/newsletter http://www.example.com:8000/app/newsletter
Here I expect that any request to:
http://www.example.com/app/newsletter
will get successfully proxied to:
http://www.example.com:8000/app/newsletter
and all will be right with the world.
However, this is not the case. Apache hangs for 5 or so minutes (the time taken to craft this question) then spits out a 502 Proxy Error:
Proxy Error
The proxy server received an invalid response from an upstream server.
The proxy server could not handle the request GET /app/newsletter/.
Reason: Error reading from remote server
Watching my Apache 2.0 error log after this response I see continuous errors like the following:
[Thu Sep 27 15:25:49 2012] [error] Exception KeyError: KeyError(****,) in <module 'threading' from '/usr/lib64/python2.6/threading.pyc'> ignored
So something seems to be remiss in either how mod_proxy plays with Django and/or Python. I have other Java related processes that I use ProxyPass and ProxyPassReverse on and they work fine. Also, when I don't try to apply the ProxyPass the Django apps all work well (ie. when I address them on port 8000 directly).
Any ideas? I don't feel like what I am doing is particularly complex.
Thanks in advance.
In the end, using mod_rewrite was the solution. Added this to Apache's httpd.conf file:
RewriteEngine On
RewriteRule ^/app/newsletter/(.*)$ http://%{SERVER_NAME}:8000%{REQUEST_URI} [P]
Everything works as expected.

Django runserver shows HTTP

I have configured nginx to run HTTPS. I also rewrite all the rules so it's running under HTTPS.
But is it true that Django still runs with HTTP internally?
Django version 1.2.1, using settings 'myproject.settings'
Development server is running at http://127.0.0.1:8000/
Quit the server with CONTROL-C.
[14/Aug/2012 23:57:04] "GET /app/c HTTP/1.0" 200 4
[14/Aug/2012 23:57:09] "GET /app/c HTTP/1.0" 200 4
Yes. I know my version is way way way outdated.
I checked request.is_secure and it returns True as I am accessing HTTPS.
Correct, internally you will use http to communicate through your proxy server but all your external traffic will use the https method.
To further secure your traffic ensure that you only bind to a local address, or alternatively use a socket to connect between nginx and your application server.
I do hope that you're not using django's development server in production, you should instead use something like gunicorn as your application server.

How may I deploy a Wt application with the built-in web server?

I am new using Wt and I would like to know what I must do to get an example (let’s say Hello) working on a web server (Apache or free webhost for testing).
I know how to use the built-in web server ; I have to launch that command :
./hello.wt --docroot . --http-address 0.0.0.0 --http-port 8080
Then, I go to http://127.0.0.1:8080/ and it is working.
But, how may I do this using Apache ?
Thanks.
Pass -DCONNECTOR_FCGI=ON to cmake and follow these instructions for configuring FastCGI with Apache
I added FastCgiServer /dir/to/Wt/Examples/Hello/hello.wt to my fastcgi.conf and now it's working.