Geek asks and answers

Nginx / Django Admin POST only https

I have a Nginx / Gunicorn / Django server deployed on a Centos 6 machine, only the SSL port (443) visible to the outside world. Therefore, if the server is not called using https://, you will not receive any response. If you call it with http://domain:443, you just get a 400 Bad Request message. Port 443 is the only way to get to the server.

I use Nginx to serve my static files (CSS, etc.), and all other requests are handled by Gunicorn, which runs Django's http://localhost:8000. Thus, the transition to https://domain.comworks fine, like the links on the admin site, but when I submit the form in the Django admin, https is lost when redirecting, and I am sent to http://domain.com/request_uri, which cannot reach the server. The POST action is working fine and the database is being updated.

My configuration file is below. A section location /is a place where I feel that a solution needs to be found. But directives proxy_set_header X-*seem to have no effect. Am I missing a module or something else? I am running nginx / 1.0.15.

Everything I can find on the Internet indicates X-Forwarded-Protocol httpsthat he should do something, but I am not getting any changes. I also cannot get debugging running on the remote server, although my next step may be to compile locally with debugging enabled in order to get additional hints. The last resort is to open port 80 and redirect everything ... but this requires some documents.

[http://pastebin.com/Rcg3p6vQ] (My nginx configuration arguments)

server {
    listen       443 ssl;

    ssl on;
    ssl_certificate /path/to/cert.crt;
    ssl_certificate_key /path/to/key.key;
    ssl_protocols       SSLv3 TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers         HIGH:!aNULL:!MD5;

    server_name  example.com;

    root /home/gunicorn/project/app;
    access_log /home/gunicorn/logs/access.log;
    error_log /home/gunicorn/logs/error.log debug;

    location /static/ {
        autoindex on;
        root /home/gunicorn;
    }

    location / {
        proxy_pass http://localhost:8000/;
        proxy_redirect off;
        proxy_set_header Host $host;
        proxy_set_header X-Scheme $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Protocol https; 
    }

}
+5
source share
1 answer

I did not have time to understand what exactly these two lines do, but their elimination solved my problems:

    proxy_redirect off;
    proxy_set_header Host $host;
+2
source

More articles:


All Articles