Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Nginx/Django Admin POST https only

Tags:

nginx

https

django-admin

gunicorn

I've got an Nginx/Gunicorn/Django server deployed on a Centos 6 machine with only the SSL port (443) visible to the outside world. So unless the server is called with the https://, you won't get any response. If you call it with an http://domain:443, you'll merely get a 400 Bad Request message. Port 443 is the only way to hit the server.

I'm using Nginx to serve my static files (CSS, etc.) and all other requests are handled by Gunicorn, which is running Django at http://localhost:8000. So, navigating to https://domain.com works just fine, as do links within the admin site, but when I submit a form in the Django admin, the https is lost on the redirect and I'm sent to http://domain.com/request_uri which fails to reach the server. The POST action does work properly even so and the database is updated.

My configuration file is listed below. The location location / section is where I feel like the solution should be found. But it doesn't seem like the proxy_set_header X-* directives have any effect. Am I missing a module or something? I'm running nginx/1.0.15.

Everything I can find on the internet points to the X-Forwarded-Protocol https like it should do something, but I get no change. I'm also unable to get the debugging working on the remote server, though my next step may have to be compiling locally with debugging enabled to get some more clues. The last resort is to expose port 80 and redirect everything...but that requires some paperwork.

[http://pastebin.com/Rcg3p6vQ](My nginx configure arguments)

server {
    listen       443 ssl;

    ssl on;
    ssl_certificate /path/to/cert.crt;
    ssl_certificate_key /path/to/key.key;
    ssl_protocols       SSLv3 TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers         HIGH:!aNULL:!MD5;

    server_name  example.com;

    root /home/gunicorn/project/app;
    access_log /home/gunicorn/logs/access.log;
    error_log /home/gunicorn/logs/error.log debug;

    location /static/ {
        autoindex on;
        root /home/gunicorn;
    }

    location / {
        proxy_pass http://localhost:8000/;
        proxy_redirect off;
        proxy_set_header Host $host;
        proxy_set_header X-Scheme $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Protocol https; 
    }

}
like image 669
brewerja Avatar asked Nov 04 '22 19:11

brewerja

1 Answers

Haven't had time yet to understand exactly what these two lines do, but removing them solved my problems:

    proxy_redirect off;
    proxy_set_header Host $host;
like image 50
brewerja Avatar answered Nov 09 '22 14:11

brewerja
Sign in to Comment

Related questions

Configure Tomcat8 behind Apache with HTTPS
How to reference CDN images in a stylesheet which may use HTTPS?
JMeter stops sending JSESSIONID cookie when switched to SSL
Delphi XE2 DataSnap - 'Connection Closed Gracefully' When Using REST Over HTTPS
HTML5 audio playback over HTTPS on safari IPhone 4.3
how do I check if the X509Certificate issuer is trusted?
Is python's ssl module correctly validating certificates? (I have an odd example, that bothers me)
Test an HTTPS (SSL) request in RSpec Rails
java.lang.ClassCastException: libcore.net.http.HttpURLConnectionImpl cannot be cast to javax.net.ssl.HttpsURLConnection
htaccess force https and redirect www to non-www, but no other subdomains
Python requests.exceptions.SSLError: EOF occurred in violation of protocol

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!