Automatic HTTPS on Openshift/AWS/some PaaS - amazon-web-services

I'm working on a Python project that depends on a package that runs Gunicorn as a web server. I need to support https, but the Gunicorn configuration exposed by the package doesn't allow me to pass in keyfile or certfile options, and 'http' is hard-coded throughout the package.
I was wondering if there's some easy way to get https working transparently between clients and Gunicorn without Gunicorn knowing about it, on OpenShift or any popular PaaS.

Take a look at the solution purposed this Openshift KB https://www.openshift.com/kb/kb-e1044-how-to-redirect-traffic-to-https

OpenShift Online apparently handles this automatically by default.
Just change the http to https in the application url they give you (https://xxx-yyy.rhcloud.com) and you've got TLS using their *.rhcloud.com certificate.
I was expecting more configuration and just needed somebody to tell me "just change the url to https".

Related

Deploy Django with SSL without Nginx

Is it possible to deploy a django project without using third party tools like nginx or apache just to serve up https:// webpages? Being forced to setup a reverse proxy or some other web server just to serve https seems a bit overkill.
Using of built-in development server (manage.py runserver) is a bad idea for production environment. But, yes you can use SSL connection even with built-in server
Better idea is to use some application server. For example gunicorn. And yes again, you can serve SSL connection with gunicorn.
Apache or Nginx servers are not just for https. These allows you to effectively control other server resources like max number of processes, request/response headers, etc. WEB servers support many features that you can set without writing python code. And that will be more understandable for infra/server engineers.

HTTP redirects to HTTPS even though on free dyno

For some reason, even though I'm using the free dyno, my website still redirects http to https. This is what I want to happen, but I just don't understand why it is, since doesn't this only work for paid dynos?
(I'm using Django and followed this guide to do the redirecting.)
But why does HTTPS work at all? Don't I need a certificate/paid dyno for that? I'm using a Heroku subdomain.
Since you are using a .herokuapp.com subdomain you automatically get HTTPS support, even on free dynos:
SSL is always enabled for .herokuapp.com for Common Runtime apps.
You only need to use ACM, SSL, or the SSL Endpoint for custom domains. And yes, this is included with paid dynos.

Running Django on a Linux Server using Apache with HTTPS

I've been trying to figure this out for a while now and nothing I've found has really been helping.
I've got a remote Linux server running with Apache installed, and right now everything going to the server is redirected to HTTPS through Apache. This all works fine and I can access the files I need to normally, but now I'd like to also add in a Django site to my server under a new "subdomain". (For example I'd like to still be able to access non-Django files as usual 'https://www.thesite.com/path/to/file.php' and also be able to access the Django site like 'https://www.thesite.com/djangosite/some/site/page')
Could someone please give me some direction as to how I'd be able to do this? I can supply more information if it's needed.
Thanks in advance!
Edit 1: The Django server seems to dislike connecting via HTTPS and I'm getting an error that it can only support HTTP, but I need it because I want the site to be secure, and currently Apache is redirecting all HTTP requests to HTTPS, so do I need some other method of making it work?
https://www.digicert.com/ssl-support/apache-multiple-ssl-certificates-using-sni.htm
Check out SNI and also potentially wild card certificates

Rails - How can I remove the :3000 from the URL in rails thin server?

I have binded my rails thin server to a local IP. which I have given the domain name as project1. But when I am changing the hostname to project1 sometimes it goes to project1:3000. How can I remove the :3000 from the URL?
Web standards are:
http is port 80.
https is port 443.
When you go to http://stackoverflow.com, it is the same as http://stackoverflow.com:80 or https://www.google.com is the same as https://www.google.com:443
So, the :3000 at the end of the url is the port where your development server is pointing, this is normal behavior for web development. All modern frameworks will serve up the development site on a different port, 3000 being the most common. This is done for a lot of reasons, two good ones are.
Don't need to change any permission to run on port 3000, like you do if you want to run on 80, and you don't need to us an ssl certificate if you run on 443.
You can tell when you are in development.
You are trying to do something you shouldn't. If you haven't used the correct helper methods to build your links in rails you could run into some issue.
Now that you know why you shouldn't do it. You can just change the port in the rails server command like this rails server -b THEIPYOUWANTTOUSE -p 80. You will have to have the correct permissions.
First of all.You need proxy server, because rails have their app server lika thin, puma, rack and you need server that will accept requests to your IP (nginx, apache) and give them to rails server. There is a lot of guides how to deploy rails app in production mode. Try this guide or this one . This will help you run your application in production mode.

BrowserMob not proxying localhost pages

I'm trying to use BrowserMob to proxy pages with Selenium WebDriver. When the (Python) test case tries to load pages from localhost, BrowserMob fails to proxy them.
Is it possible for BrowserMob to proxy connections to the webserver at localhost?
I had the same problem with Selenium ChromeDriver. It didn't use proxy for localhost.
Setting noProxy attribute of seleniumProxy to "<-loopback>" solved the issue.
val seleniumProxy = ClientUtil.createSeleniumProxy(this)
...
seleniumProxy.noProxy = "<-loopback>"
Take a look at below link for details.
https://chromium.googlesource.com/chromium/src/+/master/net/docs/proxy.md#bypass-rule_subtract-implicit-rules
BrowserMob Proxy will work with localhost, but only in the latest version (2.0.0), and only when defining the bmp.allowNativeDnsFallback Java property when running the proxy. I'm not familiar with the Python wrapper, but it's unlikely that it meets those criteria.
The problem is the DNS resolution that BrowserMob Proxy uses, which essentially ignores the hosts file that defines localhost. If you use 127.0.0.1 instead of localhost when making requests it should work for you.