使用HTTPS的Digitalocean One-Click-Install-Image Django / Nginx

时间:2014-08-12 13:27:56

标签: django ssl nginx https digital-ocean

我是django和nginx的新手,我开始使用DigitalOcean的一键式图像安装Django 1.6环境,它使用nginx和gunicorn。默认规范和详细信息可在https://www.digitalocean.com/community/tutorials/how-to-use-the-django-one-click-install-image找到。

最近,我一直试图弄清楚如何使用SSL / HTTPS保护管理页面以防止登录捕获。我已经意识到stackoverflow上有关于此的信息。但是,似乎大多数信息都有nginx的基本设置,与Digital Oceans不同。所以,我应该保留,编辑和删除。在这一刻,我对nginx中的两个实例的代理感到满意:在HTTP下的平面页面和在HTTPS下的管理员,因为这只是一个启动页面。您如何保护https后面的整个网站?对以下nginx和Django设置进行必要的修改是什么?

Nginx设置

upstream app_server {
server 127.0.0.1:9000 fail_timeout=0;
}

server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;

root /usr/share/nginx/html;
index index.html index.htm;

client_max_body_size 4G;
server_name _;

keepalive_timeout 5;

# Your Django project's media files - amend as required
location /media  {
    alias /home/django/django_project/media;
}

# your Django project's static files - amend as required
location /static {
    alias /home/django/django_project/static; 
}

location / {
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_redirect off;
    proxy_pass http://app_server;
}
}

Django设置

"""Production settings and globals."""

from __future__ import absolute_import

from os import environ

from .base import *

SESSION_COOKIE_SECURE = True
CRSF_COOKIE_SECURE = True

# Honor the 'X-Fowarded-Proto' header for request.is_secure()
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')

########## HOST CONFIGURATION
# See: https://docs.djangoproject.com/en/1.5/releases/1.5/#allowed-hosts-required-in-  production
ALLOWED_HOSTS = [
    'localhost',
    '{{website url}}',
]
########## END HOST CONFIGURATION
########## EMAIL CONFIGURATION
# See: https://docs.djangoproject.com/en/dev/ref/settings/#email-backend
EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'

# See: https://docs.djangoproject.com/en/dev/ref/settings/#email-host
EMAIL_HOST = environ.get('EMAIL_HOST', 'smtp.gmail.com')

# See: https://docs.djangoproject.com/en/dev/ref/settings/#email-host-password
EMAIL_HOST_PASSWORD = environ.get('EMAIL_HOST_PASSWORD', '')

# See: https://docs.djangoproject.com/en/dev/ref/settings/#email-host-user
EMAIL_HOST_USER = environ.get('EMAIL_HOST_USER', 'your_email@example.com')

# See: https://docs.djangoproject.com/en/dev/ref/settings/#email-port
EMAIL_PORT = environ.get('EMAIL_PORT', 587)

# See: https://docs.djangoproject.com/en/dev/ref/settings/#email-subject-prefix
EMAIL_SUBJECT_PREFIX = '[%s] ' % SITE_NAME

# See: https://docs.djangoproject.com/en/dev/ref/settings/#email-use-tls
EMAIL_USE_TLS = True

# See: https://docs.djangoproject.com/en/dev/ref/settings/#server-email
SERVER_EMAIL = EMAIL_HOST_USER
########## END EMAIL CONFIGURATION

########## DATABASE CONFIGURATION
DATABASES = {}
########## END DATABASE CONFIGURATION


########## CACHE CONFIGURATION
# See: https://docs.djangoproject.com/en/dev/ref/settings/#caches
CACHES = {}
########## END CACHE CONFIGURATION


########## SECRET CONFIGURATION
# See: https://docs.djangoproject.com/en/dev/ref/settings/#secret-key
SECRET_KEY = get_secret("SECRET_KEY")
########## END SECRET CONFIGURATION

0 个答案:

没有答案