Django - Tutorial 019. Configuring the HTTPS protocol on the site of Let`s Encrypt

SSL, Django, HTTPS, letsencrypt, Nginx

Yesterday I received a letter from Google , since I use Google Search Console to monitor the indexing of site in Google search engine. The essence of the letter is that Google Chrome will report unsafe site that uses the http protocol on pages that require a password. And when you consider that on my site authorization form located on every page, it means that a warning will be on all pages of the site. Not the most pleasant situation, so I had to quickly get an SSL certificate and configure https.

At the moment there CA Let`s Encrypt, which gives out free certificates for a period of 90 days. This CA is supported by organizations such as the Electronic Frontier Foundation (EFF), Mozilla Foundation, Akamai, Cisco Systems.

The process of obtaining and installing the certificate is automated, but in the case of a site that is running on Django and Nginx , will need further work on Nginx server settings.

Obtaining a certificate

To obtain a certificate and updates automatically using software Certbot software. The site Let`s encrypt refers to the software, where you can choose the type of your operating system and the server, which is used for the return of content on your site. In my case it Nginx and Ubuntu 16.04 .

There will be instruction on the installation and the process of obtaining the certificate.

To install the software certification use the following command:

sudo apt-get install letsencrypt 

Next, you must obtain a certificate by using the plugin webroot with the following command:

sudo letsencrypt certonly --webroot -w /var/www/example -d example.com -d www.example.com 

Where specified directory for the certification of your site, in this case /var/www/example , it will be necessary to create, and the corresponding domains for which you receive a certificate.

In this case, there a nuance. Already at this point you must configure Nginx , as in the directory /var/www/example will create a hidden directory .well-known , which is necessary to obtain a certificate. More information about the initial setup Nginx can read the corresponding article .

Therefore, pre-configure Nginx , as shown below and restart it.

server {
	listen 80;
	listen [::]:80;
	server_name example.com;
	
	location /.well-known {
		alias /var/www/example/.well-known;
	}

	location / {
		proxy_pass http://127.0.0.1:8000;
		proxy_set_header Host $server_name;
		proxy_set_header X-Real-IP $remote_addr;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	}
}

Then you successfully get your SSL certificate.

Configuring https protocol

Once we have received the certificate, you must configure the https protocol, and for this you need to open port 443 on the server.

sudo ufw allow 443/tcp

And configure Nginx .

server {	
	listen 80;
	listen [::]:80;
	listen 443 ssl;
	listen [::]:443 ssl;
	server_name example.com;

	ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;	

	location /.well-known {
		alias /var/www/example/.well-known;
	}

	location / {
		proxy_pass http://127.0.0.1:8000;
		proxy_set_header Host $server_name;
		proxy_set_header X-Real-IP $remote_addr;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	}
}

In this case, specify the path to your certificates and the ports on which the server listens for connections.

Set up a connection via http

Leave it possible to connect via http protocol for users - it's up to you already, but what is the point to leave the opportunity to work on this protocol, if you already have https . Therefore, the user will do a redirect to the pages with http on the same page with https .

server {
	listen 80;
	listen [::]:80;
	server_name example.com;
	return 301 https://$server_name$request_uri;
}

server {
	listen 443 ssl;
	listen [::]:443 ssl;
	server_name example.com;

	ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;	


	location /.well-known {
		alias /var/www/example/.well-known;
	}

	location / {
		proxy_pass http://127.0.0.1:8000;
		proxy_set_header Host $server_name;
		proxy_set_header X-Real-IP $remote_addr;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	}
}

Restart Nginx and make sure that when you try to connect via http we automatically redirected to the connecting of https .

Automatic certificate renewal

Use the following command to update the certificate:

letsencrypt renew 

But the process can be automated using the cron (daemon designed to run jobs at a specific time or at regular intervals).

To edit cron as root execute the following command:

sudo crontab -e

It will provide the choice between the possible editors, choose your editor to taste. And I use nano. After that, insert the following line in the cron configuration.

30 2 * * 1 /usr/bin/letsencrypt renew >> /var/log/letsencrypt-renew.log

In this case, on Mondays at 2:30 am will be an attempt to renew the certificate.

Correction of content

The last thing left is the correction of all links on the site. That is, you need to change http to https, that the internal linking site does not create additional referrals.

For Django I recommend VDS-server of Timeweb hoster .

We recommend hosting TIMEWEB
We recommend hosting TIMEWEB
Stable hosting, on which the social network EVILEG is located. For projects on Django we recommend VDS hosting.
Support the author Donate

Добрый день хочу обновить сертификат, но получаю следующее

The following certs are not due for renewal yet: /etc/letsencrypt/live/mysite_ru/fullchain.pem (skipped) No renewals were attempted
. Как правильно обновить сертифика, подскажите? Может что в конфиге поправить?

Добрый день. Либо webroot не отработал как следует, либо вы где-то в настройке http накосячили. Смотрите строчки, где указывается путь к ssl сертификату в конфиге nginx.

Comments

Only authorized users can post comments.
Please, Log in or Sign up
How to become an author?

Contribute to the evolution of the EVILEG community.

Learn how to become a site author.

Learn it
Donate

Good day, Dear Users!!!

I am Evgenii Legotckoi, developer of EVILEG. And it is my hobby project, which helps to learn programming another programmers and developers

If the site helped you, and you want also support the development of the site, than you can donate by following ways

PayPalYandex.Money
Timeweb

Let me recommend you the excellent hosting on which EVILEG is located.

For many years, Timeweb has been proving his stability.

For projects on Django I recommend VDS hosting

View Hosting Timeweb
n
June 5, 2020, 2:28 a.m.
n1k0m1

Qt - Test 001. Signals and slots

  • Result:0points,
  • Rating points-10
s
June 3, 2020, 1:56 a.m.
silo1995

C++ - Тест 003. Условия и циклы

  • Result:35points,
  • Rating points-10
AP
June 2, 2020, 9:11 p.m.
Aleksej Pikenin

C++ - Test 005. Structures and Classes

  • Result:75points,
  • Rating points2
Last comments
June 5, 2020, 10:52 a.m.
progammist

Распознавание изображений на Python с помощью TensorFlow и Keras

Огромное спасибо за метериал, по-больше бы подобных статей (с подробным описанием работы и примерами применения). Вопрос поразмышлять. На текущий момент реализовано немало технологий в осно…
June 5, 2020, 1:39 a.m.
Evgenij Legotskoj

Qt/C++ - Tutorial 091. How to write a custom delegate controlling the highlighting of a row in a table

По-моему, смысла в этом нет особого. Если делегат будет игнорировать настройки таблицы, то это приведёт ещё к большему непониманию, что вообще происходит, для программиста, который после вас буд…
June 5, 2020, 1:34 a.m.
IscanderChe

Qt/C++ - Tutorial 091. How to write a custom delegate controlling the highlighting of a row in a table

Сижу, размышляю: можно ли переписать делегата так, чтобы независимо от настроек строк выделялись строки?
June 5, 2020, 1:31 a.m.
Evgenij Legotskoj

Qt/C++ - Tutorial 091. How to write a custom delegate controlling the highlighting of a row in a table

Понятно. Я не обратил внимания на то, что там было в старом коде по настройкам строк :)
Now discuss on the forum
June 5, 2020, 6:13 a.m.
IscanderChe

Фильтр для QtableView sql

Добрый день. Для такой фильтрации необходимо использовать QSortFilterProxyModel. В оффдоках есть хороший пример.
MA
June 4, 2020, 2:46 a.m.
Mihail A

Qt- C++ QTableView подсветить строку

Спасибо.
f
June 3, 2020, 1:49 a.m.
fryn3

Можно ли сделать в QML таблицу как в Excel?

edi-tableview - нашел пока такое выглядит коряво, посмотрим что можно сделать
June 2, 2020, 2:46 a.m.
Evgenij Legotskoj

Медиа файлы Google Firebase

Картинки можете попробовать сжимать через QPixmap, там есть возможность установки scaleFactor, через него можете устанавливать нужные параметры. А что касается конвертации видео, то лучше п…
June 2, 2020, 2:01 a.m.
Evgenij Legotskoj

Перехват обращения к локальным файлам QWebEngineView

В вашем случае вполне адекватное решение. Так сказать меньше зло. В противном случае пришлось бы очень много переписывать и перепиливать.
About
Services
© EVILEG 2015-2020
Recommend hosting TIMEWEB