|
Well, was wondering what the recommended way for securing the django admin site with webfaction certificate, an internet search recommend the use of a middleware (which I'm not familar with), but was wondering is there a recommended & easy way for doing so in webfaction? asked 01 Dec '10, 22:45 neb |
|
Yes, there is a much easier way to do this than through a middleware component. Simply host your django application on two website records simultaneously -- one for HTTP, and one for HTTPS. The front-end Nginx webserver will handle removing the encryption layer, which then forwards to your Django application. This allows SSL to be used transparently with your existing application. Optionally, you can then implement a redirect in your httpd.conf for the HTTPS website to redirect to your HTTP site, for all URLs that do not fall under /admin. For example: And you may want a parallel one for redirecting non-HTTPS requests for /admin to the HTTPS site: answered 02 Dec '10, 00:58 ryans ♦♦ How would I use this, for example, when I "host your django application on two website records simultaneously" where one is prefixed with secure.mysite.com and the other is just www.mysite.com ? More specifically what I'ms asking is the http.conf ... are they dynamic variables declared elsewhere? Or are they hand modified by me for these example urls.
(11 May '11, 13:13)
JBlack
@JBlack: The variables shown above are the HTTP headers that come in with the request. If secure.mysite.com is HTTPS-only, and www.mysite.com is HTTP-only, then you should be able to use the above example without modification, since the SSL header is the condition that controls the rewrites. If not and you need a condition that checks for the hostname used in the request, then you can use the
(11 May '11, 15:58)
seanf
If I want login and checkout to be under a secure ssl url as well can I comma serpate additional subfolders to this same rule. Do I repeat the line "RewriteCond %{REQUEST_URI} !^/admin" for each folder I want within the condition statements? Or do I declare each one in there individual sections with repeating lines of code?
(17 May '11, 15:20)
JBlack
I'd do it by using a single regex like "(admin|login|checkout)" that matches any of the URLs that you want to redirect, eg:
(17 May '11, 15:59)
seanf
|
|
I'm not sure if this is what everyone means, but the simplest solution I have found is this:
It might take a little while for the update to take affect. One of the other answers shows you how to update your httpd.conf to redirect only /admin to https. As a note I noticed that when I first checked https and updated the https version of the site didn't work. Then I unchecked it and pressed update again. The https version of the site immediately started working but then stopped after a few minutes. I checked it again, and it didn't work (i'm assuming after some period of time it would start working), so I unchecked it, and made sure it worked which it did and then immediately rechecked the option. It continued working and hasn't stopped since. answered 18 Jan '11, 13:06 jcartmell If you want a site to work on HTTP and HTTPS, then you must create two site records, one for each.
(18 Jan '11, 14:55)
seanf
Nevermind on this, apparently that forces the whole site https, and doesn't maintain the normal http.
(18 Jan '11, 17:12)
jcartmell
|
