Geek Answers Handbook

How to use django-sslify to force https in my application for Django + nginx + gunicorn and rely on the new free SSL Cloudflare?

Introduction

Cloudflare, which provides SSL for free , and I would be a fool to not take advantage of this on my site, and completely unsightly to break everything in the process of trying.

I can program applications well, but when it comes to setting up or configuring https / nginx / gunicorn / etc / idon'tknowtheterminology, I know enough to follow the instructions on Google.

Question

I would like to use django-sslify to force https in my Django web application. How can I achieve this "strike" without upsetting the balance in my life, given the following known facts?

Known facts

  • I am using Django 1.7 running on a DigitalOcean server connected to the (free) Cloudflare DNS. Django installed (serviced?) With nginx and machine gun. This guide is mainly followed in order to configure it.
  • Access to my website currently defaults to the regular http://example.com header.
  • Manually accessing https://example.com works with the green lock and that's it, but it violates all forms of submission with the error "(403) CSRF verification failed. Request aborted.".
  • In my Cloudflare site settings, the domain is currently configured for Flexible SSL.
  • Trying to use django-sslify with my existing installation completely breaks everything, and the browser cannot return a response.
  • This information nugget tells me that I should use the Full SSL configuration setting when using django-sslify with Cloudflare SSL.
  • I found a reason for hesitation here , where it is mentioned that a Pro Cloudflare account is required for processing USD completion for $ 20 / month. So I really don't want to mess it up: /
  • In my nginx and gunicorn configuration there was only 1 mention of “http” or “https”, in particular in my nginx configuration:

location / { proxy_pass http://127.0.0.1:8001; ... } proxy_pass http://127.0.0.1:8001; ... }

Ok i think all i have

In addition, my server provides the Django Rest Framework api for the Phonegap application, should I take this into account? If I need to provide more information, let me know and I will get back to you. Thanks for watching this! :)

+2
source share
1 answer

CloudFlare allows you to enable certain page rules , one of which is forced SSL (through which it makes redirects ). This is a great thing to use in addition to django-sslify or django-secure

In addition to setting up SSL forwarding, you also need to tell Django to make secure requests. Luckily, Django provides a decent guide for this, but there are a few things that it doesn't mention, but I had to do with Nginx.

In Django settings you need to tell Django how to define a secure request

 SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTOCOL', 'https')

In your nginx configuration, you need to configure the X-Forwarded-Protocol header (and the X-Forwarded-For / X-Scheme headers are also useful).

 proxy_set_header X-Scheme $scheme; proxy_set_header X-Forwarded-Protocol $scheme; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

You also need to proxy the Host header, so Django can read the correct host and port, which is used, among other things, to create absolute URLs and CSRFs.

 proxy_set_header Host $http_host;

Note that instead of $host or $host:$server_port I used the $http_host variable. This ensures that Django will still respect CSRF requests on non-standard ports, while maintaining the correct absolute URLs.

Like most things related to nginx and gunicorn, YMMV, and it becomes easier after you do this several times.

+3
source

More articles:


All Articles