Setup of SSL with Django


We use the SSL certificate from NameCheap. Purchase the domain name, email box and the SSL from NameCheap. Activate the new email box.

Type the following command on the terminal window

openssl req -new -newkey rsa:2048 -nodes -keyout mlconvexdev.key -out mlconvexdev.csr

Enter answers to the list of questions. When you get a question of

Common Name (e.g. server FQDN or YOUR name) []

add your new domain name here. After entering the information, you should have now two files

mlconvexdev.key
mlconvexdev.csr

Active the certificate on the NameCheap site. Copy paste the content of the mlconvexdev.csr -file to the field 'Enter CSR' (NameCheap web site).

SSL_page1


When you submit the SSL-content, you need to confirm it. If you choose an email as a validation mechanism, you will get an email from NameCheap after a while with two files

mlconvexdev.crt
mlconvexdev.ca-bundle

Download the files locally and type the command

cat mlconvexdev.crt mlconvexdev.ca-bundle >> mlconvexdev_cert_chain.crt

Now copy two files

mlconvexdev_cert_chain.crt
mlconvexdev.key

to the directory /etc/ssl/ as follows

sudo cp mlconvexdev_cert_chain.crt /etc/ssl/
sudo cp mlconvexdev.key /etc/ssl/

Edit your mysite_nginx.conf file

upstream mysite {
   server unix:///tmp/mysite.sock;
}

server {
   server_name mlconvex.dev www.mlconvex.dev;
   listen 80;
   return 301 https://mlconvex.dev;
}
server {
   server_name mlconvex.dev www.mlconvex.dev;
   listen 443 ssl;
   charset utf-8;
   ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
   ssl_certificate /etc/ssl/mlconvexdev_cert_chain.crt;
   ssl_certificate_key /etc/ssl/mlconvexdev.key;
   client_max_body_size 4G;
   access_log /dev/null;
   error_log /dev/null;
   location /media {
      alias /../Project/media;
   }
   location /static {
      alias /../Project/static;
   }
   location / {
      include /../Project/uwsgi_params;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto https;
      proxy_set_header Host $http_host;
      proxy_redirect off;
      uwsgi_pass mysite;
   }
}

At the NameCheap site, go the the tab 'Advanced DNS'.

SSL_page2


Add the following records

A record    @    your_ip    Automatic
A record    *    your_ip    Automatic

Press Save all changes button. Add the following lines to mysite/settings.py

SECRET_KEY = base.get_env_variable('SECRET_KEY')

DEBUG = False

SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
SECURE_SSL_REDIRECT = True
SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True

ALLOWED_HOSTS = ['mlconvex.dev'.'www.mlconvex.dev']

Add the following environment variable to env_vars.sh file in activate.d

export SECRET_KEY='secret_key_from_settings.py'

and the unset command to deactivate.d

unset SECRET_KEY

Remove the key from the settings.py file. Restart the Django and the Nginx server

sudo service nginx restart

The website should now be available at

https://mlconvex.dev/


Return to the Mac main page.