Django and SSL question

Question

I am planning to sell products by charging credit cards thus using SSL will be critical for Django-powered website. And I am very naive for this.

My initial django setup plan was using Apache as the webserver and using mod_wsgi to communicate with Django, static media again served by Apache. All seemed good until SSL protocol comes to the plans.

I will be using SSL protocol for user account configuration pages, the whole purchase sequence and maybe at the django admin.

I have checked the official documentations and googled but answers are rather confusing.

• What would be the recommended way of implementing SSL to this setup ?
• Any suggestions to this first time SSL implementer to a website ?
• From this page, it seems like they have included Nginx to the stack. Couldn't it be done without it ?

Thanks

Answer 1

I have deployed Django apps on SSL using Apache's mod_ssl and mod_wsgi.

I am no Apache expert, but here's how I setup SSL for one site (put the directives below in the httpd.conf file, or in a file referenced from that file, for instance in the sites-enabled directory, if that is used in your Apache installation). See the first documentation link below for how to create and use a self-signed certificate.

NameVirtualHost *:443 <VirtualHost *:443>     SSLEngine On     SSLCertificateFile /etc/apache2/ssl/certificatefile.crt     SSLCertificateKeyFile /etc/apache2/ssl/certificatekeyfile.crt      WSGIScriptAlias / /path/to/file.wsgi </VirtualHost> 

Documentation links:

• Apache self signed certificate HOWTO: http://www.perturb.org/display/entry/754/
• http://httpd.apache.org/docs/2.2/mod/mod_ssl.html
• http://httpd.apache.org/docs/2.2/ssl/
• Using mod_wsgi to host Django: http://docs.djangoproject.com/en/dev/howto/deployment/modwsgi/

Answer 2

For those coming through Google, heres an example config for Nginx:

server {     listen 443 ssl default;     server_name example.com;     ssl on;     ssl_certificate /etc/nginx/server.crt;     ssl_certificate_key /etc/nginx/server.key;     add_header  Cache-Control "public, must-revalidate";     # add_header  Cache-Control "no-cache";     expires     1d;     add_header Strict-Transport-Security "max-age=2592000; includeSubdomains";      location / {         fastcgi_pass   localhost:8000;         fastcgi_param PATH_INFO $fastcgi_script_name;         fastcgi_param REQUEST_METHOD $request_method;         fastcgi_param CONTENT_TYPE $content_type;         fastcgi_param CONTENT_LENGTH $content_length;         fastcgi_param  SERVER_PORT        $server_port;         fastcgi_param  SERVER_NAME        $server_name;         fastcgi_param  SERVER_PROTOCOL    $server_protocol;         fastcgi_pass_request_headers on;         # include fastcgi_params;     }      location /static {         root /home/myapp/application;     }      location = /favicon.ico {         root /home/myapp/application/assets;         access_log off;         log_not_found off;     }  }