[mezzanine-users] https or SSL redirect for whole site in Cartridge
I was trying to configure SSL redirect for whole site using nginx.conf but was running into errors redirecting in ways that request will never be completed. After reading the mezzanine docs and django SECURE_PROXY_SSL_HEADER, I came with following way to enable SSL for whole site - the site pages are now being server over HTTPS but I am wary that it could creates big security holes as i change a default setting which is used in the SSLMiddleware logic by mezzanine. Here are my changes In my projects 'settings.py' - set SSL_FORCED_PREFIXES_ONLY = False modify 'nginx.conf' in deploy folder as follows add following server block server { listen 80; return 301 https://%(domains_nginx)s$request_uri; } modify default/provided server server { ### listen 80; comment it out listen 443 ssl; proxy_set_headerX-Forwarded-Protocol https; set it to https } Approach - 2 - The Recommended way I saw was to add all of the major prefixes to following setting SSL_FORCE_URL_PREFIXES SSL_ENABLED = True Any feedback on which one to use and why? I am not full aware of so many security options and protocols. I ran my site against QualSys - https://www.ssllabs.com/ssltest/analyze.html with the default fabric/cartridge deploy settings. The site gave a rating of C -- You received this message because you are subscribed to the Google Groups Mezzanine Users group. To unsubscribe from this group and stop receiving emails from it, send an email to mezzanine-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [mezzanine-users] Text processing code?
Hello Ken, This doesn't look like what I want. I am talking about inside MCE editor. Where is the code that takes the text inside an edit field and does stuff with it? thanks, Brandon Keith Biggs http://www.brandonkeithbiggs.com/ On 7/1/2015 3:00 PM, Ken Bolton wrote: Hi Brandon, This question is not specific to Mezzanine. I believe you want to read up on Django's custom template tags https://docs.djangoproject.com/en/1.8/howto/custom-template-tags/. Let us know if that gets it done. -ken On Wed, Jul 1, 2015 at 2:39 AM, Brandon Keith Biggs brandonkeithbi...@gmail.com mailto:brandonkeithbi...@gmail.com wrote: Hello, I would like a way where I can check the code that is in the text editor when it is submitted to be saved for blog and page text. I would like to be able to place variables in my code without creating a separate template for every page with the variables. I have a variable as my age. So I would like it to update every year. I would like to write something like: [brandon_age] or {{brandon_age}} and when my check finds the set of brakets like that, have it check for a function or variable in a file and if it matches, show the result. Where would I place this check? thanks, -- Brandon Keith Biggs http://www.brandonkeithbiggs.com/ -- You received this message because you are subscribed to the Google Groups Mezzanine Users group. To unsubscribe from this group and stop receiving emails from it, send an email to mezzanine-users+unsubscr...@googlegroups.com mailto:mezzanine-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups Mezzanine Users group. To unsubscribe from this group and stop receiving emails from it, send an email to mezzanine-users+unsubscr...@googlegroups.com mailto:mezzanine-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups Mezzanine Users group. To unsubscribe from this group and stop receiving emails from it, send an email to mezzanine-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[mezzanine-users] TESTING, South, Django-Redirects, and OPTIONAL_APPS
When running manage.py test, Mezzanine's utils/conf.py automatically sets settings.TESTING = True. A few lines later, it forks based on the TESTING setting: If TESTING is False, then South and OPTIONAL_APPS are added to INSTALLED_APPS. If TESTING is True, then those apps are NOT added, and furthermore django.contrib.redirects is removed from INSTALLED_APPS. 1. What is the rationale for removing django.contrib.redirects during testing? 2. What is the rationale for removing South during testing? 3. Why aren't the optional apps loaded during testing? 4. How can we override or prevent these configurations? Thanks, Shawn -- You received this message because you are subscribed to the Google Groups Mezzanine Users group. To unsubscribe from this group and stop receiving emails from it, send an email to mezzanine-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [mezzanine-users] https or SSL redirect for whole site in Cartridge
I would redirect with nginx and then set SSL_FORCED_PREFIXES_ONLY, https://github.com/stephenmcd/mezzanine/blob/master/mezzanine/core/defaults.py#L440, to False in your settings.py file. That way Mezzanine won't try to redirect away from SSL ever. Alternatively you could probably do this in your settings.py: SSL_FORCE_URL_PREFIXES = ('/',) Good luck! On Wed, Jul 1, 2015 at 2:11 PM, vikraw vik...@gmail.com wrote: I was trying to configure SSL redirect for whole site using nginx.conf but was running into errors redirecting in ways that request will never be completed. After reading the mezzanine docs and django SECURE_PROXY_SSL_HEADER, I came with following way to enable SSL for whole site - the site pages are now being server over HTTPS but I am wary that it could creates big security holes as i change a default setting which is used in the SSLMiddleware logic by mezzanine. Here are my changes In my projects 'settings.py' - set SSL_FORCED_PREFIXES_ONLY = False modify 'nginx.conf' in deploy folder as follows add following server block server { listen 80; return 301 https://%(domains_nginx)s$request_uri; } modify default/provided server server { ### listen 80; comment it out listen 443 ssl; proxy_set_headerX-Forwarded-Protocol https; set it to https } Approach - 2 - The Recommended way I saw was to add all of the major prefixes to following setting SSL_FORCE_URL_PREFIXES SSL_ENABLED = True Any feedback on which one to use and why? I am not full aware of so many security options and protocols. I ran my site against QualSys - https://www.ssllabs.com/ssltest/analyze.html with the default fabric/cartridge deploy settings. The site gave a rating of C -- You received this message because you are subscribed to the Google Groups Mezzanine Users group. To unsubscribe from this group and stop receiving emails from it, send an email to mezzanine-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups Mezzanine Users group. To unsubscribe from this group and stop receiving emails from it, send an email to mezzanine-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.