Login/Register
Django + uwsgi + nginx + SSL
Asked Answered
Solved djangouwsgidotcloud
D

3

12

I am using Django on DotCloud which uses Django on top of uwsgi + nginx. I am trying to redirect all http traffic to https which is leading to a redirect loop. I am using the following http configuration

if ($http_x_forwarded_port != 443) { rewrite ^ https://$http_host/; }

It seems that Django doesn't understand that it is operating on https and the header is not preserved. It redirects https://url.com/ to http://url.com/accounts/login/ which is redirecting again and again leading to a redirect loop. I am not really an expert in nginx and do not understand it well enough. What can I be doing wrong?

In short how do I run redirect http to https in django running on top of uswsgi and nginx.

Daphnedaphnis answered 21/7, 2011 at 21:50 Comment(1)
try reading through this - yuji.wordpress.com/2008/08/15/…Saw
J
7
server {
  listen  80;
  server_name  yourhttphost;
  rewrite ^ https://yourhttpshost$request_uri? permanent; #301 redirect
}
server {
  listen 443;
  server_name  yourhttpshost;
  ........
  the rest
  ........
}

Using "if" in nginx config is a very bad idea!

Janettjanetta answered 8/10, 2011 at 10:24 Comment(2)
This is the correct answer as "if" statements are generally not a good idea in nginx configs.Proficient
Yep, I know about 'if' heheJanettjanetta
B
13

I needed a bit more to make Django aware that it should be using https.

In settings.py I added SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')

And in the nginx configuration

location / {
    proxy_set_header X-Forwarded-Proto https;
    include uwsgi_params;
    uwsgi_param UWSGI_SCHEME https;
    uwsgi_pass_header X_FORWARDED_PROTO;
    uwsgi_pass unix:///path/to/socket;
}
Bertina answered 15/2, 2013 at 10:59 Comment(2)
For the sake of posterity, this answer works when only port 443 is open (ie. firewall blocks request on port 80)Bolinger
uwsgi_pass_header allows to pass header from server to client, so this is probably not what you need here. What about correct redirects, the UWSGI_SCHEME param did the trick in my case without any custom headers. Is the SECURE_PROXY_SSL_HEADER setting really needed?Wheatley
J
7
server {
  listen  80;
  server_name  yourhttphost;
  rewrite ^ https://yourhttpshost$request_uri? permanent; #301 redirect
}
server {
  listen 443;
  server_name  yourhttpshost;
  ........
  the rest
  ........
}

Using "if" in nginx config is a very bad idea!

Janettjanetta answered 8/10, 2011 at 10:24 Comment(2)
This is the correct answer as "if" statements are generally not a good idea in nginx configs.Proficient
Yep, I know about 'if' heheJanettjanetta
M
3
if ( $scheme = "http" ) {
     rewrite ^/(.*)$   https://$host/ permanent;
}
Maori answered 22/8, 2011 at 11:17 Comment(1)
Having an "if" processed for each request is very ineffective in Nginx. It's better to create a separate :80 server and redirect every request hitting it.Cryometer

© 2022 - 2024 — McMap. All rights reserved.