> Den 10/12/2014 kl. 17.55 skrev pythonista <software.by.pyt...@gmail.com>:
> 1. Can Django be made hardened via ssl?
"Django" is actually your WSGI server (gunicorn, uwsgi etc.).
> 2. Doesn't Apache and the Proxy server provide sufficient security so that
>
On Wed, Dec 10, 2014 at 1:22 PM, pythonista
wrote:
> Is there a need for ssl if apache (https) and a proxy are between django and
> the outside world.
if they're serving Django with apache, they should be using mod_wsgi,
in that case not only there's no more needs
> The security team is saying that the communication from Django should also
> be ssl encrypted in case the proxy server goes down.
>
> 1. Can Django be made hardened via ssl?
> 2. Doesn't Apache and the Proxy server provide sufficient security so that
> ssl / django is not required?
Can Django be made hardened via ssl?
> 2. Doesn't Apache and the Proxy server provide sufficient security so that
> ssl / django is not required?
>
> 3. If the Proxy server goes down I can test some header responses to
> determine if the call is from a secure call and from the ex
encrypted in case the proxy server goes down.
1. Can Django be made hardened via ssl?
2. Doesn't Apache and the Proxy server provide sufficient security so that
ssl / django is not required?
3. If the Proxy server goes down I can test some header responses to
determine if the call is from a secure
Using a separate sub domain future-proofs your site in the event it grows
large and you need to split your dynamic and static content between
servers.
It also makes it easier to parse statistics from the logs. Most web log
analyzers will handle a separate sub domain out of the box better than
On Sat, Apr 26, 2014 at 2:46 PM, James Schneider wrote:
> If you use a separate subdomain for static content (recommended), even on
> the same server, include that as well.
>
Thanks James. I did not know this(subdomain for static content) was
recommended. Why?
Regards,
t:_e(%7B%7D,'cvml','venka...@gmail.com');>
> > wrote:
>
>> Hi,
>>
>> Am an SSL newbie and am trying to understand various facets of moving a
>> webapp to ssl. Are there any learnings that the group can share w.r.t
>> moving a django site to ssl? Any pitfalls or thi
And I prefer being on nginx + uWSGI.
On Thu, Apr 24, 2014 at 1:05 PM, Venkatraman S <venka...@gmail.com> wrote:
> Hi,
>
> Am an SSL newbie and am trying to understand various facets of moving a
> webapp to ssl. Are there any learnings that the group can share w.r.t
> moving
On 2014-04-24 17:55, Mike Dewhirst wrote:
> I suppose it depends on your site. In my case it was Apache rather
> than nginx and pretty much all I had to do was establish a redirect
> so any url with http://blah.blah went to https://... instead.
If you're redirecting to HTTPS regardless of the URL
Den 24/04/2014 kl. 09.35 skrev Venkatraman S <venka...@gmail.com>:
> Hi,
>
> Am an SSL newbie and am trying to understand various facets of moving a
> webapp to ssl. Are there any learnings that the group can share w.r.t moving
> a django site to ssl? Any pitfalls or thing
On 24/04/2014 5:35 PM, Venkatraman S wrote:
Hi,
Am an SSL newbie and am trying to understand various facets of moving a
webapp to ssl. Are there any learnings that the group can share w.r.t
moving a django site to ssl? Any pitfalls or things to be careful about.
Or is it a totally independent
Hi,
Am an SSL newbie and am trying to understand various facets of moving a
webapp to ssl. Are there any learnings that the group can share w.r.t
moving a django site to ssl? Any pitfalls or things to be careful about. Or
is it a totally independent activity with no side effects
Hey take a look at this
http://www.howsthe.com/blog/2009/sep/20/djang-nginx-mod_wsgi-ssl/
Vitaly Babiy
On Thu, Oct 15, 2009 at 5:30 PM, neri...@gmail.com wrote:
>
> I'm trying to do the same thing but I'm having problems getting nginx
> to server over https. I removed all 443
I'm trying to do the same thing but I'm having problems getting nginx
to server over https. I removed all 443 references for apache and
added them to my nginx/sites-available/domain.com, so I have a
declaration for static content listening on port 80 and then another
for ssl on 443. I'm totally
On Sep 1, 11:30 pm, Alex Robbins
wrote:
> Graham,
>
> I'm interested in understanding what you just said. It seems like you
> are saying you can get the X-Forwarded-SSL environment variable to
> automatically be set, without needing the django middleware. Seems
>
Thanks guys for all the feedback, I have done what Francis said, we are
using nginx and apache/mod_wsgi in the back. Nginx handles the ssl and it
works great.
Thanks for the help.
Vitaly Babiy
On Tue, Sep 1, 2009 at 9:30 AM, Alex Robbins
wrote:
>
> Graham,
>
> I'm
Graham,
I'm interested in understanding what you just said. It seems like you
are saying you can get the X-Forwarded-SSL environment variable to
automatically be set, without needing the django middleware. Seems
simple enough.
The middleware also handles redirects, so that someone accidentally
On Sep 1, 3:39 am, Francis wrote:
> We setup a Nginx proxy in front of Apache/WSGI and got Nginx to handle
> the SSL cert and simply pass on a flag to WSGI if the connection was
> coming through http or https.
>
> Next you'll want a SSL middleware, we
>
We setup a Nginx proxy in front of Apache/WSGI and got Nginx to handle
the SSL cert and simply pass on a flag to WSGI if the connection was
coming through http or https.
Next you'll want a SSL middleware, we use:
http://www.djangosnippets.org/snippets/240/
Now its a matter of configuring which
You'll probably want to look into something like this:
http://www.djangosnippets.org/snippets/880/
It allows you to set some urls to redirect so they are always https.
Otherwise those silly users will go to credit card pages without
https.
On Aug 29, 1:04 am, Vitaly Babiy
Hey guys,
What is the best way to deploy an app that uses mod_wsgi that some parts of
it need to be behind SSL?
Thanks,
Vitaly Babiy
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to
Glad you've got the SSL up and running, anyway.
I wouldn't say I'm an expert, I just stab around until I get things to
work. I do so little server configuration any more I tend to forget much
of what I learned between bouts, and I'm afraid I'm away from home this
week so I don't have the notes I
It turns out that it was because i have multiple domains hosted at
this current location. The ssl.conf file for Apache was configured
for one of the other domains. One I configured that file for the
domain I wanted it for, and moved the VirtualHost stuff from
httpd.conf to ssl.conf, it worked.
Note that you can only have one SSL server on an IP address: you can't
have multiple virtual hosts running SSL because the connection has to be
established (using the server's identity) before the Host: header can be
read.
I run the SSL server on my private server as a Virtual Host. This
Hmmm I played around a bit more. I don't think this is a Django
problem. I reduced the virtual host entry to:
ServerName mysite.com
ServerAliaswww.mysite.com
DocumentRoot "/home/django/test"
That fails too. If I change that port to 80, it works. Must be
something my host
I can't view my site over ssl. If I go to http://www.mysite.com, the
site works. If I go to https://www.mysite.com, I get a secure
connection, but my django app isn't get served, but rather /var/www/
index.html is. Here's my apache config for mysite:
ServerName mysite.com
ServerAlias
27 matches
Mail list logo