Setup of SSL with Django
We use the SSL certificate from NameCheap. Purchase the domain name, email box and the SSL from NameCheap. Activate the new email box.
Type the following command on the terminal window
openssl req -new -newkey rsa:2048 -nodes -keyout mlconvexdev.key -out mlconvexdev.csr
Enter answers to the list of questions. When you get a question of
Common Name (e.g. server FQDN or YOUR name) []
add your new domain name here. After entering the information, you should have now two files
mlconvexdev.key
mlconvexdev.csr
mlconvexdev.csr
Active the certificate on the NameCheap site. Copy paste the content of the mlconvexdev.csr -file to the field 'Enter CSR' (NameCheap web site).
When you submit the SSL-content, you need to confirm it. If you choose an email as a validation mechanism, you will get an email from NameCheap after a while with two files
mlconvexdev.crt
mlconvexdev.ca-bundle
mlconvexdev.ca-bundle
Download the files locally and type the command
cat mlconvexdev.crt mlconvexdev.ca-bundle >> mlconvexdev_cert_chain.crt
Now copy two files
mlconvexdev_cert_chain.crt
mlconvexdev.key
mlconvexdev.key
to the directory /etc/ssl/ as follows
sudo cp mlconvexdev_cert_chain.crt /etc/ssl/
sudo cp mlconvexdev.key /etc/ssl/
sudo cp mlconvexdev.key /etc/ssl/
Edit your mysite_nginx.conf file
upstream mysite {
server unix:///tmp/mysite.sock;
}
server {
server_name mlconvex.dev www.mlconvex.dev;
listen 80;
return 301 https://mlconvex.dev;
}
server {
server_name mlconvex.dev www.mlconvex.dev;
listen 443 ssl;
charset utf-8;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
ssl_certificate /etc/ssl/mlconvexdev_cert_chain.crt;
ssl_certificate_key /etc/ssl/mlconvexdev.key;
client_max_body_size 4G;
access_log /dev/null;
error_log /dev/null;
location /media {
alias /../Project/media;
}
location /static {
alias /../Project/static;
}
location / {
include /../Project/uwsgi_params;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Host $http_host;
proxy_redirect off;
uwsgi_pass mysite;
}
}
server unix:///tmp/mysite.sock;
}
server {
server_name mlconvex.dev www.mlconvex.dev;
listen 80;
return 301 https://mlconvex.dev;
}
server {
server_name mlconvex.dev www.mlconvex.dev;
listen 443 ssl;
charset utf-8;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
ssl_certificate /etc/ssl/mlconvexdev_cert_chain.crt;
ssl_certificate_key /etc/ssl/mlconvexdev.key;
client_max_body_size 4G;
access_log /dev/null;
error_log /dev/null;
location /media {
alias /../Project/media;
}
location /static {
alias /../Project/static;
}
location / {
include /../Project/uwsgi_params;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Host $http_host;
proxy_redirect off;
uwsgi_pass mysite;
}
}
At the NameCheap site, go the the tab 'Advanced DNS'.
Add the following records
A record @ your_ip Automatic
A record * your_ip Automatic
A record * your_ip Automatic
Press Save all changes button. Add the following lines to mysite/settings.py
SECRET_KEY = base.get_env_variable('SECRET_KEY')
DEBUG = False
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
SECURE_SSL_REDIRECT = True
SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True
ALLOWED_HOSTS = ['mlconvex.dev'.'www.mlconvex.dev']
DEBUG = False
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
SECURE_SSL_REDIRECT = True
SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True
ALLOWED_HOSTS = ['mlconvex.dev'.'www.mlconvex.dev']
Add the following environment variable to env_vars.sh file in activate.d
export SECRET_KEY='secret_key_from_settings.py'
and the unset command to deactivate.d
unset SECRET_KEY
Remove the key from the settings.py file. Restart the Django and the Nginx server
sudo service nginx restart
The website should now be available at
https://mlconvex.dev/
Return to the Mac main page.