19

Does anyone have a working configuration for these four?

- Django
- uWSGI
- Nginx
- SSL

The main question is how to correctly set up SSL for this? I've googled a lot, and still can't get it to work. I have a working set up for http with unix sockets, but that's as far as I could get.

There are some other answers posted, but they are mostly code snippets, and not a whole configuration.

Aaron Lelevier
  • 19,850
  • 11
  • 76
  • 111
  • 2
    it's common to have ssl terminate at nginx, then nginx talks to the upstream servers (uWSGI) through http. There are many many examples of this online, one of which is https://www.digitalocean.com/community/tutorials/how-to-set-up-nginx-load-balancing-with-ssl-termination – dm03514 Apr 23 '15 at 15:04
  • @dm03514 I understand that `https` will terminate at the public facing `nginx reverse proxy server`. The tutorial link is helpful. Do the `location / ... proxy ` args block apply to `uWSGI` are those need to be replaced with `uwsgi` arguments? – Aaron Lelevier Apr 23 '15 at 15:11

2 Answers2

16
server {
    listen          80;
    server_name     example.com;
    rewrite ^/(.*)  https://example.com/$1 permanent;
}

server {
    listen          443 ssl;
    server_name     example.com;
    access_log      /var/log/nginx/example.com_access.log combined;
    error_log       /var/log/nginx/example.com_error.log error;

    ssl_certificate         /etc/nginx/ssl/example-unified.crt;
    ssl_certificate_key     /etc/nginx/ssl/example.key;

    location /static/ {
        alias /webapps/example/static/;
    }

    location /media/ {
        alias /webapps/example/media/;
    }

    location / {
        proxy_pass         http://localhost:8000/;
        proxy_redirect     off;

        proxy_set_header   Host              $http_host;
        proxy_set_header   X-Real-IP         $remote_addr;
        proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
    }

}

This is basic nginx configuration that will work with SSL and will forward requests to uwsgi running on port 8000 (you can change this to socket if you want).

For advanced SSL settings check THIS.

Domen Blenkuš
  • 2,182
  • 1
  • 21
  • 29
  • I cannot get this to work. Have you done this set up before for `uwsgi + nginx + django + ssl`?? If so, could you provide an example `uwsgi.ini` file? Your help is much appreciated. Thanks – Aaron Lelevier Apr 24 '15 at 13:41
  • In our company we use uwsgi for running Django, but sadly I can't share template here. I can just tell you that nginx template is almost identical to this one (this is my personal one). There is no difference regarding uwsgi if you are using https or not, so problem should be somewhere else. I personally prefer Gunicorn for running Django (in our company we use uwsgi only because latest versions support web sockets). Do you have any reason for using uwsgi? I can give you template for running Gunicorn if you want. – Domen Blenkuš Apr 24 '15 at 18:51
  • Yea, I need to use `uwsgi` to work with web sockets for my current project. I have used Gunicorn in the past and have a working version with it. Thank you for your help, I hope to solve this in the next day or so. – Aaron Lelevier Apr 24 '15 at 20:59
  • your configuration is exactly correct. I had not opened up port `443/tcp` for `ssl`, so it was the `ufw` that was blocking the request. Thanks. – Aaron Lelevier Apr 25 '15 at 13:14
  • You're welcome! Great that you've solved your problem. – Domen Blenkuš Apr 25 '15 at 17:46
2

I am new to nginx,uwsgi and ssl. Here shares my testing nginx and uwsgi config.

Basically, there are four steps to deploy Django only support SSL/HTTPS.

  1. Setup a SSL Certificate
    • use openssl to generate server.crt and server.key

      openssl req -new -x509 -nodes -out server.crt -keyout server.key

  2. Config nginx.conf and uwsgi.ini under Django project
    • Set nginx.conf (sorry,the layout is weird in text block, so I insert a picture here.) enter image description here
    • symlink to this file from /etc/nginx/sites-enabled so nginx can see it

      sudo ln -s /path/to/django/example_nginx.conf /etc/nginx/sites-enabled/

    • config uwsgi.ini under django project enter image description here

  3. Config settings.py

    SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True
SECURE_SSL_REDIRECT = True

  4. Restart nginx and uwsgi

    • restart nginx

      sudo /etc/init.d/nginx restart

    • run uwsgi

      uwsgi --ini /path/to/django/example_uwsgi.ini

lily LIU
  • 119
  • 1
  • 5