Re: Django and SSL

> Den 10/12/2014 kl. 17.55 skrev pythonista : > 1. Can Django be made hardened via ssl? "Django" is actually your WSGI server (gunicorn, uwsgi etc.). > 2. Doesn't Apache and the Proxy server provide sufficient security so that > ssl / django is not required? Apache *is* the proxy server in this

Re: Django and SSL

On Wed, Dec 10, 2014 at 1:22 PM, pythonista wrote: > Is there a need for ssl if apache (https) and a proxy are between django and > the outside world. if they're serving Django with apache, they should be using mod_wsgi, in that case not only there's no more needs for SSL, there's no space for S

Re: Django and SSL

Is there a need for ssl if apache (https) and a proxy are between django and the outside world. Doesn't the apache server/proxy provide a sufficient layer of security. isn't it true that the data is being served through the server securely via https? Thanks On Wednesday, December 10, 2014 11:5

Re: Django and SSL

Hopefully you aren’t using Django runserver command for actually running Django. This is really a configuration question relating to your WSGI application server. Gunicorn is popular and supports SSL. http://gunicorn-docs.readthedocs.org/en/latest/settings.html#ssl

Django and SSL

I am getting a request from the security infrastructure and I could use some advice/recommendation. This is a 3 tier application. Apache/Django/Sql Server Apache is https and there is a proxy server between. The security team is saying that the communication from Django should also be ssl enc

Re: Django and SSL

Using a separate sub domain future-proofs your site in the event it grows large and you need to split your dynamic and static content between servers. It also makes it easier to parse statistics from the logs. Most web log analyzers will handle a separate sub domain out of the box better than usin

Re: Django and SSL

On Sat, Apr 26, 2014 at 2:46 PM, James Schneider wrote: > If you use a separate subdomain for static content (recommended), even on > the same server, include that as well. > Thanks James. I did not know this(subdomain for static content) was recommended. Why? Regards, Venkat -- You received

Django and SSL

Outside of the various guides for implementing SSL using various combinations like Apache/Nginx/uWSGI/GNUnicorn etc., there are only a few other things I would watch out for: Ensure that your server (or hosting provider) has been patched against the Heartbleed vulnerability (CVE-2014-0160) in the

Re: Django and SSL

And I prefer being on nginx + uWSGI. On Thu, Apr 24, 2014 at 1:05 PM, Venkatraman S wrote: > Hi, > > Am an SSL newbie and am trying to understand various facets of moving a > webapp to ssl. Are there any learnings that the group can share w.r.t > moving a django site to ssl? Any pitfalls or thi

Re: Django and SSL

On 2014-04-24 17:55, Mike Dewhirst wrote: > I suppose it depends on your site. In my case it was Apache rather > than nginx and pretty much all I had to do was establish a redirect > so any url with http://blah.blah went to https://... instead. If you're redirecting to HTTPS regardless of the URL

Re: Django and SSL

Den 24/04/2014 kl. 09.35 skrev Venkatraman S : > Hi, > > Am an SSL newbie and am trying to understand various facets of moving a > webapp to ssl. Are there any learnings that the group can share w.r.t moving > a django site to ssl? Any pitfalls or things to be careful about. Or is it a > total

Re: Django and SSL

On 24/04/2014 5:35 PM, Venkatraman S wrote: Hi, Am an SSL newbie and am trying to understand various facets of moving a webapp to ssl. Are there any learnings that the group can share w.r.t moving a django site to ssl? Any pitfalls or things to be careful about. Or is it a totally independent ac

Django and SSL

Hi, Am an SSL newbie and am trying to understand various facets of moving a webapp to ssl. Are there any learnings that the group can share w.r.t moving a django site to ssl? Any pitfalls or things to be careful about. Or is it a totally independent activity with no side effects on the application

Re: Django and SSL Deployment using mod_wsgi

Hey take a look at this http://www.howsthe.com/blog/2009/sep/20/djang-nginx-mod_wsgi-ssl/ Vitaly Babiy On Thu, Oct 15, 2009 at 5:30 PM, neri...@gmail.com wrote: > > I'm trying to do the same thing but I'm having problems getting nginx > to server over https. I removed all 443 references for apac

Re: Django and SSL Deployment using mod_wsgi

I'm trying to do the same thing but I'm having problems getting nginx to server over https. I removed all 443 references for apache and added them to my nginx/sites-available/domain.com, so I have a declaration for static content listening on port 80 and then another for ssl on 443. I'm totally ne

Re: Django and SSL Deployment using mod_wsgi

On Sep 1, 11:30 pm, Alex Robbins wrote: > Graham, > > I'm interested in understanding what you just said. It seems like you > are saying you can get the X-Forwarded-SSL environment variable to > automatically be set, without needing the django middleware. Seems > simple enough. X-Forwarded-SSL

Re: Django and SSL Deployment using mod_wsgi

Thanks guys for all the feedback, I have done what Francis said, we are using nginx and apache/mod_wsgi in the back. Nginx handles the ssl and it works great. Thanks for the help. Vitaly Babiy On Tue, Sep 1, 2009 at 9:30 AM, Alex Robbins wrote: > > Graham, > > I'm interested in understanding wha

Re: Django and SSL Deployment using mod_wsgi

Graham, I'm interested in understanding what you just said. It seems like you are saying you can get the X-Forwarded-SSL environment variable to automatically be set, without needing the django middleware. Seems simple enough. The middleware also handles redirects, so that someone accidentally g

Re: Django and SSL Deployment using mod_wsgi

On Sep 1, 3:39 am, Francis wrote: > We setup a Nginx proxy in front of Apache/WSGI and got Nginx to handle > the SSL cert and simply pass on a flag to WSGI if the connection was > coming through http or https. > > Next you'll want a SSL middleware, we > use:http://www.djangosnippets.org/snippe

Re: Django and SSL Deployment using mod_wsgi

We setup a Nginx proxy in front of Apache/WSGI and got Nginx to handle the SSL cert and simply pass on a flag to WSGI if the connection was coming through http or https. Next you'll want a SSL middleware, we use: http://www.djangosnippets.org/snippets/240/ Now its a matter of configuring which

Re: Django and SSL Deployment using mod_wsgi

You'll probably want to look into something like this: http://www.djangosnippets.org/snippets/880/ It allows you to set some urls to redirect so they are always https. Otherwise those silly users will go to credit card pages without https. On Aug 29, 1:04 am, Vitaly Babiy wrote: > Hey guys, > W

Django and SSL Deployment using mod_wsgi

Hey guys, What is the best way to deploy an app that uses mod_wsgi that some parts of it need to be behind SSL? Thanks, Vitaly Babiy --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to th