Trouble getting SSL to work with django + nginx + wsgi

Posted by Kevin on Server Fault See other posts from Server Fault or by Kevin
Published on 2011-01-06T01:32:23Z Indexed on 2011/01/06 1:55 UTC
Read the original article Hit count: 365

Filed under:
|
|

I've followed a couple of examples for Django + nginx + wsgi + ssl, but I can't get them to work. I simply get an error in my browser than I can't connect.

I'm running two websites off the host. The config files are identical except for the ip addresses, server names, and directories.

When neither use SSL, they work fine. When I try to listen on 443 with one of them, I can't connect to either.

My config files are below, and any suggestions would be appreciated.

server{
listen xxx.xxx.xxx.xxx:80;
server_name sub.domain.com;

access_log /home/django/logs/nginx_customerdb_http_access.log;
error_log /home/django/logs/nginx_customerdb_http_error.log;

location / { 
    proxy_pass  http://127.0.0.1:8080; 
    proxy_redirect          off;
    proxy_set_header        Host            $host;
    proxy_set_header        X-Real-IP       $remote_addr;
    proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
    client_max_body_size    10m;
    client_body_buffer_size 128k;
    proxy_connect_timeout   90; 
    proxy_send_timeout      90; 
    proxy_read_timeout      90; 
    proxy_buffers           32 4k; 
}   

location /site_media/ {
    alias /home/django/customerdb_site_media/;
}   

location /admin-media/ {
    alias /home/django/django_admin_media/;
}   
}

server{
listen xxx.xxx.xxx.xxx:443;
server_name sub.domain.com;

access_log /home/django/logs/nginx_customerdb_http_access.log;
error_log /home/django/logs/nginx_customerdb_http_error.log;

ssl on; 
ssl_certificate sub.domain.com.crt;
ssl_certificate_key sub.domain.com.key;
ssl_prefer_server_ciphers   on; 


location / { 
    proxy_pass              http://127.0.0.1:8080; 
    proxy_redirect          off;
    proxy_set_header        Host            $host;
    proxy_set_header        X-Real-IP       $remote_addr;
    proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header        X-Forwarded-Protocol    https;
    client_max_body_size    10m;
    client_body_buffer_size 128k;
    proxy_connect_timeout   90;
    proxy_send_timeout      90;
    proxy_read_timeout      90;
    proxy_buffers           32 4k;
}

location /site_media/ {
    alias /home/django/customerdb_site_media/;
}

location /admin-media/ {
    alias /home/django/django_admin_media/;
}
}


<VirtualHost *:8080>
ServerName xxx.xxx.xxx.xxx
ServerAlias xxx.xxx.xxx.xxx

LogLevel warn
ErrorLog /home/django/logs/apache_customerdb_error.log
CustomLog /home/django/logs/apache_customerdb_access.log combined

WSGIScriptAlias / /home/django/customerdb/apache/django.wsgi
WSGIDaemonProcess customerdb_wsgi processes=4 threads=5
WSGIProcessGroup customerdb_wsgi

SetEnvIf X-Forwarded-Protocol "^https$" HTTPS=on

</VirtualHost>

UDPATE: the existence of two sites (on separate IPs) on the host is the issue. if i delete the other site, the setting above mostly work. doing so also brings up another issue: chrome doesn't accept the site as secure saying that some content is not encrypted.

© Server Fault or respective owner

Related posts about ssl

Related posts about nginx