2

I was under the assumption that I could run a Django Channels app using only Daphne (ASGI) and Nginx as a proxy for my Django app to begin with.

The application would be running with Daphne on 127.0.0.1:8001

However, I am running into a 403 Forbidden error.

2019/03/06 17:45:40 [error] *1 directory index of "/home/user1/app/src/app/" is forbidden

And when I posted about that, another user mentioned

There is no directive to pass http request to django app in your nginx config

And suggested to look into fastcgi_pass or uwsgi_pass or Gunicorn.

Obviously Django Channels runs on ASGI and I am passing all requests through that right now (not to uWSGI then on to ASGI depending on the request.)

Can I serve my Django app with only Nginx and Daphne? The Django Channels docs seem to think so as they don't mention needing Gunicorn or something similar.

my nginx config 

upstream socket {
    ip_hash;
    server 127.0.0.1:8001 fail_timeout=0;
}

server {

    listen 80;
    #listen [::]:80 ipv6only=on;

    server_name your.server.com;
    access_log /etc/nginx/access.log;

    root /var/www/html/someroot;

    location / {
            #autoindex on;

            # First attempt to serve request as file, then
            # as directory, then fall back to displaying a 404.
            # try_files $uri =404;

            #proxy_set_header X-Real-IP $remote_addr;
            #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            #proxy_set_header Host $http_host;
            #proxy_set_header X-NginX-Proxy true;
            #proxy_pass http://socket;
            #proxy_redirect off;
            #proxy_http_version 1.1;
            #proxy_set_header Upgrade $http_upgrade;
            #proxy_set_header Connection "upgrade";

            #proxy_redirect off;
            #proxy_set_header   X-Forwarded-Proto $scheme;
            #proxy_cache one;
            #proxy_cache_key sfs$request_uri$scheme;
    }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/some/fullchain.pem;
    # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/some/privkey.pem; 
    # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot

    if ($scheme != "https") {
        return 301 https://$host$request_uri;
    }
}
Trilla
  • 943
  • 2
  • 15
  • 31

1 Answers1

2

Yes, it's possible. Try this config:

upstream socket {
    ip_hash;
    server $DAPHNE_IP_ADDRESS$ fail_timeout=0;
}

server {
    ...

    location / {
        proxy_pass http://socket;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }

    ...
}

Where $DAPHNE_IP_ADDRESS$ - your daphne IP and port without schema(127.0.0.1:8001).

floydya
  • 416
  • 6
  • 12
  • Thanks for your comment, I knew I wasn't crazy! I've tried implementing your above solution however I still face the same `403 Forbidden....directory index of "/path/to/app/" is forbidden` Do you have any idea why this may be? – Trilla Mar 07 '19 at 09:42
  • @Trilla update your answer with the recent config. It looks like it can't proxy_pass to daphne. Maybe your requests are picking up by a different server config? And please add "error_log /etc/nginx/error.log;" to your config and check the error.log, it may tell something. – Yarimadam Mar 07 '19 at 10:39
  • I have just updated my answer. The error logs just say `"2019/03/07 11:23:48 [error] 16642#16642: *11 directory index of "/path/to/app" is forbidden, client: xx.xxx.xx.xx, server: app.com, request: "GET / HTTP/1.1", host: "www.app.com", referrer: "http://www.app.com""` – Trilla Mar 07 '19 at 11:40
  • I had to take out the `try_files` line completely for it to work. – Trilla Mar 08 '19 at 08:41