I have a Django ecommerce site running, and have purchases and installed an SSL cert for it.
I have added a VirtualHost entry:
<VirtualHost *:443>
#Basic setup
ServerAdmin blah#test.com
ServerName test.com
ServerAlias www.test.com
Alias /media/admin/ /home/test/public_html/test/release/env/lib/python2.6/dist-packages/django/contrib/admin/media/
Alias /static/ /home/test/public_html/test/release/static/
Alias /media/ /home/test/public_html/test/release/media/
<Directory /home/test/public_html/test/release/>
Order deny,allow
Allow from all
</Directory>
RewriteEngine On
LogLevel warn
ErrorLog /home/test/public_html/test/logs/error.log
CustomLog /home/test/public_html/test/logs/access.log combined
WSGIDaemonProcess test user=www-data group=www-data threads=20 processes=2
WSGIProcessGroup test_ssl
WSGIScriptAlias / /home/test/public_html/test/release/apache/test.wsgi
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/test.com.crt
SSLCertificateChainFile /etc/apache2/ssl/gs_root.pem
SSLCertificateKeyFile /etc/apache2/ssl/www.test.com.key
</VirtualHost>
Here is the urls.py file:
from django.conf.urls.defaults import patterns, include, url
from django.contrib import admin
from django.conf import settings
from gallery.models import LOCATIONS, Photo
admin.autodiscover()
from satchmo_store.urls import urlpatterns as satchmo_urls
from satchmo_store.shop.views.sitemaps import sitemaps
from cms.sitemaps import CMSSitemap
sitemaps['pages'] = CMSSitemap
urlpatterns = patterns('',
url(r'^admin/', include(admin.site.urls)),
url(r'^search/', include('haystack.urls')),
# Include satchmo urls. Unfortunately, this also includes it's own
# /admin/ and everything else.
url(r'^shop/', include(satchmo_urls)),
url(r'^sitemap\.xml/?$', 'django.contrib.sitemaps.views.sitemap', {'sitemaps': sitemaps}),
url(r'events/gallery/(.*)/(.*)/$', 'gallery.views.events_image'),
url(r'locations/view-all/(.*)/$', 'gallery.views.locations_image'),
url(r'locations/view-all/$', 'gallery.views.locations_view_all',{
'queryset':Photo.objects.filter(gallery__category=LOCATIONS).distinct()}),
url(r'^contact-us/', include('contact_form.urls')),
url(r'^', include('cms.urls')),
)
if settings.DEBUG:
urlpatterns = patterns('',
(r'^media/(?P<path>.*)$', 'django.views.static.serve', {'document_root': settings.MEDIA_ROOT}),
(r'^static/(?P<path>.*)$', 'django.views.static.serve', {'document_root': settings.STATIC_ROOT}),
(r'^404/$', 'django.views.defaults.page_not_found'),
(r'^500/$', 'django.views.defaults.server_error'),
) + urlpatterns
There is also a conf for non ssl which is working fine.
Whenever I request the HTTPS version of the site, I get a 302 header response which redirects to the HTTP version.
There are no redirects in the apache conf that explicitly state go to port 80.
Ive been banging my head against this for a while, any help would be great!
Thanks
You probably already fixed it and it could be an entirely different problem, but I just came across something that sounds somewhat similar and as I did not find an answer that addressed your issue, I thought it might be worth to post a reply (despite I was having a 301 and you a 302).
I am running a Django site (Django 1.6.1) with gunicorn behind nginx. So nginx does the SSL. The environment variable HTTPS is set to on.
When I set up a test server without an http-to-https redirect, I noticed that some requests end up being redirected to an http address - similar to what you describe, but in my case it was just for one particular link. After looking into the request and response headers, I found out:
The initial request https://example.org/test got redirected by Django/gunicorn with 301 MOVED PERMANENTLY to http://exmaple.org/test/. nginx then responded with 400 Bad Request - The plain HTTP request was sent to HTTPS port.
Quickly I came across a setting I had not paid much attention to before: APPEND_SLASH (https://docs.djangoproject.com/en/1.6/ref/settings/#std:setting-APPEND_SLASH) with the default value True.
After adding APPEND_SLASH = False to my settings.py file, a request to https://example.org/test resulted in a 404 NOT FOUND response, without a redirect to http. So it seems that APPEND_SLASH does not respect the HTTP environment variable setting - I guess configuring SECURE_PROXY_SSL_HEADER (https://docs.djangoproject.com/en/1.6/ref/settings/#std:setting-SECURE_PROXY_SSL_HEADER) would solve this, I have not tested it yet.
By the way, the reason for that "faulty" link in my case was a hard-coded link in a template. The easy way to avoid links like that is using the built-in {% url ... %} template tag (https://docs.djangoproject.com/en/1.6/ref/templates/builtins/#url [sorry, I could not make this link clickable because I don't have "at least 10 reputation"...]).
Perhaps this helps you or anyone else who wonders why Django sometimes redirects from https to http.
I know this is an old question but I have just spent hours searching for a solution to an identical problem so I thought I would post what I eventually worked out here.
I was using Satchmo as the original poster was, It has a middleware class satchmo_store.shop.SSLMiddleware.SSLRedirect which by default sends a redirect exactly as described in the original question from https to http with a 302 header response. Commenting the line in MIDDLEWARE_CLASSES fixes the problem and may be OK if anyone wants to run completely over https but the documentation http://satchmo.readthedocs.org/en/latest/configuration.html#ssl explains how to use it properly which is what I am going to try to do.
Only thing that I can think of is your site setting in the database. If you put an explicit port number in your Site object... Could you take a look in your admin?
Related
I've created a website using Django and added robots.txt using the code :
path('robots.txt', lambda r: HttpResponse("User-agent: *\nDisallow: /", content_type="text/plain")),
in my main urls.py , it works great but now i need to add some rules to it .. how to do it
robots.txt is not just an HttpResponse. It is an actual file.
You can either continue to fabricate the whole response manually using the lambda function. In this case you need to keep building up a string response.
Or you could write a file to server's disk, write rules to it, etc. and serve that file upon request to robots.txt
Further reading on robots.txt (not related to django)
Related SO question: django serving robots.txt efficiently
You can write the robots.txt under your template and then serve it as follows if you want to serve it through Django:
from django.conf.urls import url
from django.views.generic import TemplateView
urlpatterns = [
url(r'^robots.txt$', TemplateView.as_view(template_name="robots.txt", content_type="text/plain"), name="robots_file")
]
However recommended way is to serve through your web server directives.
Nginx:
location /robots.txt {
alias /path/to/static/robots.txt;
}
Apache:
<Location "/robots.txt">
SetHandler None
Require all granted
</Location>
Alias /robots.txt /var/www/html/project/robots.txt
in your main app urls.py
from django.urls import path, include
from django.views.generic.base import TemplateView
urlpatterns = [
# If you are using admin
path('admin/', admin.site.urls),
path(
"robots.txt",
TemplateView.as_view(template_name="robots.txt", content_type="text/plain"),
),
path(
"sitemap.xml",
TemplateView.as_view(template_name="sitemap.xml", content_type="text/xml"),
),
]
Then go to your template root folder and create a robots.txt file and you can add something like this
User-Agent: *
Disallow: /private/
Disallow: /junk/
Got to your tempalte root folder again and create another file sitemap.xml and you can add somemthing like this or get it done properly with sitemaps generator here is an example:
<url>
<loc>https://examplemysite.com</loc>
<lastmod>2020-02-01T15:19:02+00:00</lastmod>
<priority>1.00</priority>
</url>
Now if you run python manage.py runserver you can test it 127.0.0.1:8000/sitemap.xml and /robots.txt and it will work. But this won't work in your production server because you will need to let nginx know about this and give the paths.
So you will need to ssh into your server and for example in nginx you should have a configuration file that you named when you built it. You should cd into /etc/nginx/sites-available in that folder you should have the default file (which you should leave alone) and there should be another file there that you named, usually should be named same as your project name or website name. Open that file with nano but take a back up first. Next you can add your paths for both files like this:
Be aware of the paths, but obviously you can look at the file and you should get an idea you should see the path to static file or media. So you could do something like this.
location /robots.txt {
root /home/myap-admin/projects/mywebsitename/templates;
}
location /sitemap.xml {
root /home/myap-admin/projects/mywebsitename/templates;
}
/home/myap-admin/projects/mywebsitename/templates you should know the path to your mywebsitename. This is just an example path that leads to templates folder.
Make sure you then run service nginx restart
Since Django does not do .htaccess (at least on my host), I need to do a 301 RedirectMatch in the similar manner that you'd do an .htaccess RedirectMatch:
RedirectMatch 301 ^/oldfolder/(.*)$ http://sub.domain.com/newfolder/$1
The wildcard does not work in the same manner that it does for the .htaccess, so any help appreciated! It must be a permanent redirect too so that search indexes will know it got moved. What am I redirecting is images to my new CDN subdomain.
Not tested:
# Django >= 1.3
from Django.views.generic.base import RedirectView
urls = patterns('',
# some patterns here...
url(
r"^oldfolder/(?P<whatever>.*)$",
RedirectView.as_view(
url="http://sub.domain.com/newfolder/%(whatever)s",
)
),
# more patterns here
)
[edit] Re-reading your question: "What am I redirecting is images to my new CDN subdomain" - if that's about static medias (images, css etc) then they shouldn't be served by Django but by your front web server (Apache, Nginx, whatever) so assuming Apache you can use a simple RedirectMatch in your vhost config.
Django has been up and running on my mod_wsgi implementation of Apache (on Windows 7 x64, btw) for a bit. This was a huge pain, complete with having to actually hand-modify registry values to get things to install correctly and to get Django to use the same MySQL install as all my other apps. I also had to modify the PATH variable by double-escaping parentheses (Program Files (x86)) because they were screwing with batch files. But this is mostly Microsoft's fault and I'm rambling.
Here is my issue:
All of the URLs used in the URLCONF and in views work correctly. The only thing which doesn't is in templates when I try to work off the site root URL. I am running a development server and I have two Django sites, this particular one running off of www.example.com/testing.
In the templates, if I just put "/" in an < a >, then it will point to www.example.com/, and NOT www.example.com/testing/. I have read a topic on this but the issue wasn't resolved because the poster was being stubborn. I am posting my WSGI configuration in the httpd.conf below:
Listen 127.0.0.1:8001
VirtualHost *:8001 >
ServerName ****.net/testing
ServerAdmin *******#gmail.com
ErrorLog ********.log
WSGIScriptAlias /testing ****/htdocs/testing/apache/django.wsgi
Directory ****/htdocs/testing/apache >
Order deny,allow
Allow from all
/Directory>
Location "/media">
SetHandler None
/Location>
/VirtualHost>
Note: all "<" omitted so the tags would show
Here is the file django.wsgi in the above directory:
import sys
import os
sys.path.insert(0, '*****/Django/')
sys.path.insert(0, '*****/htdocs/')
sys.path.insert(0, '*****/htdocs/testing')
sys.path.insert(0, '*****/htdocs/testing/apache')
os.environ['DJANGO_SETTINGS_MODULE'] = 'testing.settings'
import django.core.handlers.wsgi
application = django.core.handlers.wsgi.WSGIHandler()
import testing.monitor
testing.monitor.start(interval=1.0)
I have an Nginx frontend which passes any non-static file from testing/ to :8001 for Apache to catch with this virtualhost.
If I omit the root "htdocs/" line from the django.wsgi file, I just get 500 errors on the site. Also, if I use the URL form relative to the current URL (ie "example/" instead of "/example/"), that works alright. But if I add the initial "/" to put the URL off the root, it will make it off of "www.example.com" instead of "www.example.com/testing" like I wanted.
Sorry for the very long post, but I wanted to be as clear as possible. Thank you for your time.
This is why you should not hard-code URLs in your templates. Of course / will take you to the root of the site, not the root of your app - that's what it's supposed to do.
Instead, give your root view a name in your urlconf:
urlpatterns = patterns('',
url('^$', 'myapp.views.index', name='home')
)
now in your template you can do:
Home
and this will correctly resolve to /testing/.
How do I go about redirecting all requests for domain.com/... to www.domain.com/... with a 301 in a django site?
Obviously this can't be done in urls.py because you only get the path part of the URL in there.
I can't use mod rewrite in .htaccess, because .htaccess files do nothing under Django (I think).
I'm guessing something in middleware or apache conf?
I'm running Django on a Linux server with Plesk, using mod WSGI
The WebFaction discussion someone pointed out is correct as far as the configuration, you just have to apply it yourself rather than through a control panel.
RewriteEngine On
RewriteCond %{HTTP_HOST} ^example.com$
RewriteRule (.*) http://www.example.com/$1 [R=301,L]
Put in .htaccess file, or in main Apache configuration in appropriate context. If inside of a VirtualHost in main Apache configuration, your would have ServerName be www.example.com and ServerAlias be example.com to ensure that virtual host handled both requests.
If you don't have access to any Apache configuration, if need be, it can be done using a WSGI wrapper around the Django WSGI application entry point. Something like:
import django.core.handlers.wsgi
_application = django.core.handlers.wsgi.WSGIHandler()
def application(environ, start_response):
if environ['HTTP_HOST'] != 'www.example.com':
start_response('301 Redirect', [('Location', 'http://www.example.com/'),])
return []
return _application(environ, start_response)
Fixing this up to include the URL within the site and dealing with https is left as an exercise for the reader. :-)
The PREPEND_WWW setting does just that.
There is a lightweight way to do that involving VirtualHosts and mod_alias Redirect directive. You can define two VirtualHosts, one holding the redirect and another holding the site configuration:
<VirtualHost *:80>
ServerName example.com
Redirect permanent / http://www.example.com/
</VirtualHost>
<VirtualHost *:80>
ServerName www.example.com
# real site configuration
</VirtualHost>
And that will do the job.
This also can be done with a middleware.
Some examples:
http://eikke.com/django-domain-redirect-middleware/
https://djangosnippets.org/snippets/510/
https://djangosnippets.org/snippets/434/
This is a better version of snippet-510:
class UrlRedirectMiddleware(object):
"""
This middleware lets you match a specific url and redirect the request to a
new url. You keep a tuple of (regex pattern, redirect) tuples on your site
settings, example:
URL_REDIRECTS = (
(r'(https?)://(www\.)?sample\.com/(.*)$', r'\1://example.com/\3'),
)
"""
def process_request(self, request):
full_url = request.build_absolute_uri()
for url_pattern, redirect in settings.URL_REDIRECTS:
match = re.match(url_pattern, full_url)
if match:
return HttpResponsePermanentRedirect(match.expand(redirect))
My django site is served up with the following in Apache's config:
WSGIScriptAlias /studio /django/studio/bin/django.wsgi
My urls.py looks like:
urlpatterns += patterns(
'django.contrib',
(r'^admin/', include(admin.site.urls)),
(r'^accounts/login/$', 'auth.views.login'),
(r'^accounts/logout/$', 'auth.views.logout'),
)
...and yet:
[admin]
...generates a link to /admin rather than /studio/admin.
Bizarrely, the urls within the admin interface itself are fine.
I'm using:
Python 2.5.2-3
Django 1.1.1
mod_wsgi 2.5-1~lenny1
apache2 2.2.9-10+lenny6
Can anyone tell me what I'm doing wrong?
cheers,
Chris
This is a bug in Django, see:
http://code.djangoproject.com/ticket/12464
The problem is that because Apache's rewrite engine is on as a result of rewriting I need to do elsewhere in the virtual host, the SCRIPT_URL environment variable is set. But, when a request is made to /project through Apache, PATH_INFO is empty, which results in SCRIPT_NAME being incorrectly set as an empty string.
Until this bug is fixed, inserting the following RewriteRule into the Apache configuration will safely work around the problem by ensuring that PATH_INFO is never empty.
RewriteEngine On
RewriteRule ^/project$ /project/ [R]
WSGIScriptAlias /project /django/project/bin/django.wsgi
Your Django instance knows nothing about the /studio part of the URL as it is handled in WSGI. You have to manually prepend it either in templates or, better, in urls.py:
in settings.py:
BASE_URL = '/studio'
in urls.py:
r('^%s/admin/' % settings.BASE_URL, include(admin.site.urls)), ...
Then your url reversing will work as expected. You admin links work because once you are in the admin interface all links are relative.