setup ssl on nginx for a django project

Question

I want to setup ssl for nginx, my project is a django and i also use gunicorn as wsgi http server. I add following lines in my settings.py code :

CSRF_COOKIE_SECURE = True
SESSION_COOKIE_SECURE = True

I don't know if it's necessary to do this, then i configure my nginx in the following form:

upstream app_server {
    server 127.0.0.1:6000; // your gunicorn server
}
server {
    listen 80;
    server_name <name>;
    return 301 https://$host$request_uri;
}

server {
    #listen 80;
    listen 443 default ssl;
    client_max_body_size 4G;

    server_name <name>;

    #ssl                  on;
    ssl_certificate      /etc/nginx/ssl/ssl.crt;
    ssl_certificate_key  /etc/nginx/ssl/ssl.key;

    ssl_session_timeout  5m;

    ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers         HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers   on;
    keepalive_timeout 5;

# path for static files
    root /home/deploy/;

    location /static/ {
    }
    location /media/ {
    }

    location / {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        #proxy_set_header Host $http_host;
        proxy_redirect off;
        proxy_set_header Host $host;
        proxy_pass http://app_server;
    }

    error_page 500 502 503 504 /500.html;
    location = /500.html {
        root /home/deploy/static;
    }
}

nginx configure is correct i think because its redirect 80 to 443,but nothing happens, 80 request sent, then nginx redirect it to 443, but nothing happend, it can't connect to gunicorn or project.

what is the problem of my nginx? my nginx version nginx/1.0.15. i almost see al related topics and according to them my configuration is correct. can any one help me? should i do something with gunicorn? my certificate is self-signed, or what should i do?

regards :)

First try to make it working without SSL and then add SSL. Try to debug the request from your browser using Firebug or Chrome devtools - what do they show? — baldr, Dec 01 '15 at 16:47
Hi, Mohammad! Did you solve your problem? I also have the same issue as you. — BringBackCommodore64, Nov 07 '16 at 17:20

score 1 · Accepted Answer · answered Nov 26 '15 at 16:44

This is the configuration I use for nginx with gunicorn and it works. Try it out, see what you get.

server { 
  listen 80; 
 server_name something.com;                             
 access_log off; 
 return 301 https://$server_name$request_uri; 
 } 
server{
     server_name something.com; 
     listen 443 ssl;
     ssl_certificate /path/to/file.crt;
     ssl_certificate_key /path/to/privatekey.pem;

location /static/ {            
    alias /opt/myenv/static/;                   
}  
location / {                                
    proxy_pass http://127.0.0.1:8001; 
    proxy_set_header X-Forwarded-Host $server_name;
    proxy_set_header X-Real-IP $remote_addr;
    add_header P3P 'CP="ALL DSP COR PSAa PSDa OUR NOR ONL UNI COM NAV"';
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    add_header Front-End-Https on;
    proxy_redirect off;  

}

I think the key ingredient is:

proxy_pass http://127.0.0.1:8001;

That redirects the request to gunicorn, assuming you are running it on port 8001. My guess is that thats what you need to add.

thanks alot, but i use socket for gunicorn, i did what you said but after redirection nothing happens. is that the gunicorn problem? — Mairon, Nov 26 '15 at 17:20
Give me more info about how you are using socket with gunicorn. I have set up a socket.io implementation with django before, if thats what you are talking about, but that requires you run two separate servers, the gunicorn server and the socket server, on different ports. Is that what you are getting at? — Isaac Ray, Nov 27 '15 at 01:47
no i mean unix domain socket. i use proxy_pass unix:/var/run/gunicorn/xxx.sock for app_server. — Mairon, Nov 27 '15 at 06:36

setup ssl on nginx for a django project

1 Answers1

Linked