Re: Https with runserver
Following up to myself (sorry for the spam) - please replace "yourname" with something you invented yourself. Everyone signing up for yourname.pagekite.me is really not going to work very well. :-) 2011/9/22 Bjarni Rúnar Einarsson <b...@pagekite.net>: > Another way, would be to use PageKite. The service provides a wildcard > SSL cert for all *.pagekite.me names. From the command line: > > curl http://pagekite.net/pk/pagekite-0.4.py >pagekite.py > python pagekite.py 8000 yourname.pagekite.me > > Answer the account creation questions and then go to > https://yourname.pagekite.me/ - whatever is on port 8000 should be > visible. If you want to quickly password protect it so your dev work > isn't open to the world, do this instead: > > python pagekite.py 8000 yourname.pagekite.me +password/user=secret > > (disclaimer: I made this! I love feedback. :-) > > On Thu, Sep 15, 2011 at 12:52 AM, Gelonida N <gelon...@gmail.com> wrote: >> On 09/15/2011 01:44 AM, Russell Keith-Magee wrote: >>> 2011/9/14 Simon Bächler <s...@feinheit.ch>: >>>> Any news considering HTTPS and runserver? >>> >>> What "News" are you expecting? >>> >>> The Django project has made no secret of the fact that we don't >>> consider runserver to be a "real" webserver. It isn't intended for >>> production use. We haven't spent any time or effort auditing it for >>> production use. It is missing many key features that a "real" >>> webserver needs to have. >>> >>> runserver is intended to be the bare minimum necessary to support >>> local development. If you have nontrivial needs, you should be looking >>> at alternative options for local development. >>> >>> Yours, >>> Russ Magee %-) >>> >> You can also create a minimalist https server with python twisted >> (and the openssl module) >> >> You just need additional url rules, such, that django is also serving >> /static amd /media directories: >> >> >> just set PYTHONPATH >> and >> DJANGO_SETTINGS_MODULE >> as needed, >> >> create a file named django_wrapper.py with following contents: >> # File starts here ## >> from django.core.handlers.wsgi import WSGIHandler >> >> application=WSGIHandler() >> # end of file # >> >> and call then >> >> twistd -n web --https $HTTPS_PORT -p $HTTP_PORT \ >> --certificate yourcert.crt --privkey your_cert.key \ >> --wsgi django_wrapper.application >> >> >> >> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Django users" group. >> To post to this group, send email to django-users@googlegroups.com. >> To unsubscribe from this group, send email to >> django-users+unsubscr...@googlegroups.com. >> For more options, visit this group at >> http://groups.google.com/group/django-users?hl=en. >> >> > > > > -- > Bjarni R. Einarsson > Founder, lead developer of PageKite. > > Make localhost servers visible to the world: http://pagekite.net/ > -- Bjarni R. Einarsson Founder, lead developer of PageKite. Make localhost servers visible to the world: http://pagekite.net/ -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
Re: Https with runserver
Another way, would be to use PageKite. The service provides a wildcard SSL cert for all *.pagekite.me names. From the command line: curl http://pagekite.net/pk/pagekite-0.4.py >pagekite.py python pagekite.py 8000 yourname.pagekite.me Answer the account creation questions and then go to https://yourname.pagekite.me/ - whatever is on port 8000 should be visible. If you want to quickly password protect it so your dev work isn't open to the world, do this instead: python pagekite.py 8000 yourname.pagekite.me +password/user=secret (disclaimer: I made this! I love feedback. :-) On Thu, Sep 15, 2011 at 12:52 AM, Gelonida N <gelon...@gmail.com> wrote: > On 09/15/2011 01:44 AM, Russell Keith-Magee wrote: >> 2011/9/14 Simon Bächler <s...@feinheit.ch>: >>> Any news considering HTTPS and runserver? >> >> What "News" are you expecting? >> >> The Django project has made no secret of the fact that we don't >> consider runserver to be a "real" webserver. It isn't intended for >> production use. We haven't spent any time or effort auditing it for >> production use. It is missing many key features that a "real" >> webserver needs to have. >> >> runserver is intended to be the bare minimum necessary to support >> local development. If you have nontrivial needs, you should be looking >> at alternative options for local development. >> >> Yours, >> Russ Magee %-) >> > You can also create a minimalist https server with python twisted > (and the openssl module) > > You just need additional url rules, such, that django is also serving > /static amd /media directories: > > > just set PYTHONPATH > and > DJANGO_SETTINGS_MODULE > as needed, > > create a file named django_wrapper.py with following contents: > # File starts here ## > from django.core.handlers.wsgi import WSGIHandler > > application=WSGIHandler() > # end of file # > > and call then > > twistd -n web --https $HTTPS_PORT -p $HTTP_PORT \ > --certificate yourcert.crt --privkey your_cert.key \ > --wsgi django_wrapper.application > > > > > > -- > You received this message because you are subscribed to the Google Groups > "Django users" group. > To post to this group, send email to django-users@googlegroups.com. > To unsubscribe from this group, send email to > django-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/django-users?hl=en. > > -- Bjarni R. Einarsson Founder, lead developer of PageKite. Make localhost servers visible to the world: http://pagekite.net/ -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
Re: Https with runserver
On 09/15/2011 01:44 AM, Russell Keith-Magee wrote: > 2011/9/14 Simon Bächler <s...@feinheit.ch>: >> Any news considering HTTPS and runserver? > > What "News" are you expecting? > > The Django project has made no secret of the fact that we don't > consider runserver to be a "real" webserver. It isn't intended for > production use. We haven't spent any time or effort auditing it for > production use. It is missing many key features that a "real" > webserver needs to have. > > runserver is intended to be the bare minimum necessary to support > local development. If you have nontrivial needs, you should be looking > at alternative options for local development. > > Yours, > Russ Magee %-) > You can also create a minimalist https server with python twisted (and the openssl module) You just need additional url rules, such, that django is also serving /static amd /media directories: just set PYTHONPATH and DJANGO_SETTINGS_MODULE as needed, create a file named django_wrapper.py with following contents: # File starts here ## from django.core.handlers.wsgi import WSGIHandler application=WSGIHandler() # end of file # and call then twistd -n web --https $HTTPS_PORT -p $HTTP_PORT \ --certificate yourcert.crt --privkey your_cert.key \ --wsgi django_wrapper.application -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
Re: Https with runserver
if you need to simulate https for development, like for facebook apps, you can setup apache proxy. something like: ProxyPass / http://localhost:8000/ retry=1 ProxyPassReverse / http://localhost:8000/ ProxyPreserveHost On ErrorLog ${APACHE_LOG_DIR}/error.log LogLevel warn CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined SSLEngine on SSLCertificateFile/etc/ssl/certificate.crt SSLCertificateKeyFile /etc/ssl/example.com.key SSLCertificateChainFile /etc/ssl/intermediate.crt BrowserMatch "MSIE [2-6]" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 # MSIE 7 and newer should be able to use keepalive BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
Re: Https with runserver
2011/9/14 Simon Bächler <s...@feinheit.ch>: > Any news considering HTTPS and runserver? What "News" are you expecting? The Django project has made no secret of the fact that we don't consider runserver to be a "real" webserver. It isn't intended for production use. We haven't spent any time or effort auditing it for production use. It is missing many key features that a "real" webserver needs to have. runserver is intended to be the bare minimum necessary to support local development. If you have nontrivial needs, you should be looking at alternative options for local development. Yours, Russ Magee %-) -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
Https with runserver
Any news considering HTTPS and runserver? I tried the stunnel method but I get the message: Line 5: End of section https: SSL server needs a certificate. Stunnel also complains about the openssl version. I have 0.9.8r installed. The build of 1.0 fails on OSX. When I then try to access the page I get the error: (Fehlercode: ssl_error_rx_record_too_long). I need the https connection for local Facebook development. Regards Simon -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
Re: Serving https with runserver
On Monday 01 Mar 2010 5:55:41 pm Jirka Vejrazka wrote: > >> Then maybe web server is the best option. In all cases you have to > >> configure something until someday 'runserver' come with ssl support. > > I think that no one would really object if runserver was SSL-aware, > or you could have an nginx server proxying to the dev server - nginx looks after the ssl and listens on port 443 - runserver does not need to know anything about ssl. And you do not need to restart on code change and you can have print output on the console - in short, have your cake and eat it too. -- regards Kenneth Gonsalves Senior Associate NRC-FOSS http://certificate.nrcfoss.au-kbc.org.in -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-us...@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
Re: Serving https with runserver
>> Then maybe web server is the best option. In all cases you have to >> configure something until someday 'runserver' come with ssl support. I think that no one would really object if runserver was SSL-aware, however people requesting it need to be aware that having an SSL-aware webserver is significantly more difficult that having a simple HTTP web server. The things that come to mind are: - extra dependencies: I'm not sure about all of those, but at least openssl comes to mind - the need to have a server certificate: While not a terribly complex task to generate one, some decisions need to be made (e.g. where it will be stored?). - more complex URL handling for testing. As local server uses port 8000 by default and links are usually relative, it's not a big deal. But if people start relying on having HTTPS dev webserver, they might get confused if that one is not running on default port 443. So, if dev web server was running on port 8443, people would need to keep this in mind when working on their templates / redirects. On top of those, I can see 2 big risks: - if SSL-aware development server exists and easily available (just one command), people could start relying on it as it'd be much easier to set up than any other SSL website. That would be a big mistake, the dev server would be very insecure, missing lots of necessary features (and almost certainly having a self-signed certificate). - it'd probably only escalate things. If people get SSL-enabled dev server, they start asking why it does not support client-side certificates :) Just my 2 cents. Jirka -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-us...@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
Re: Serving https with runserver
El 01/03/10 08:18, Adnan Sadzak escribió: > Then maybe web server is the best option. In all cases you have to > configure something until someday 'runserver' come with ssl support. It doesn't seem like that day will ever come: """ DON'T use this server in anything resembling a production environment. It's intended only for use while developing. (*We're in the business of making Web frameworks, not Web servers*.) """ ( http://docs.djangoproject.com/en/1.1/intro/tutorial01/#the-development-server ) -- Gonzalo Delgado-- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-us...@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
Re: Serving https with runserver
Then maybe web server is the best option. In all cases you have to configure something until someday 'runserver' come with ssl support. On Mon, Mar 1, 2010 at 11:56 AM, Ian Lewiswrote: > I can think of a number of reasons why you would want to test SSL > behavior on your local machine before running it on a production > server. Setup can be pretty annoying for one. > > I wrote a blog post on how to do this very thing a while back. I used > stunnel, as Janusz mentioned, to test SSL redirect behavior on the > development server. You need to run two dev servers one for http and > one for https. You also need to make sure that you set HTTPS=on as an > environment variable so that request.is_secure() returns true > properly. > > http://www.ianlewis.org/en/testing-https-djangos-development-server > > Ian > > On Mon, Mar 1, 2010 at 7:43 PM, Gonzalo Delgado > wrote: > > El 01/03/10 07:07, cool-RR escribió: > >> Adnan, I'm really baffled by your response. No, my reasons for using > >> SSL here is not because I'm afraid someone will sniff my data, We are > >> talking here about `runserver`, which is the development server which > >> is never used for production. The goal of `runserver` is to be able to > >> easily test how your Django project behaves before you upload it to > >> the real server. > > > > While it may sound so, the development server isn't really intended to > > test *exactly* how a Django project behaves before uploading it to a > > production server. There are a couple of cases where it will always fall > > short, like serving static media or using SSL. It also can't help you > > much to test how a site behaves with a big number of requests per second. > > For those cases a staging[0] server is used, which is a copy of the > > production server but for testing how the site behaves under certain > > conditions or with new features, etc. > > > > [0] http://en.wikipedia.org/wiki/Staging_site > > > > -- > > Gonzalo Delgado > > > > -- > > You received this message because you are subscribed to the Google Groups > "Django users" group. > > To post to this group, send email to django-us...@googlegroups.com. > > To unsubscribe from this group, send email to > django-users+unsubscr...@googlegroups.com > . > > For more options, visit this group at > http://groups.google.com/group/django-users?hl=en. > > > > > > > > -- > === > 株式会社ビープラウド イアン・ルイス > 〒150-0012 > 東京都渋谷区広尾1-11-2アイオス広尾ビル604 > email: ianmle...@beproud.jp > TEL:03-5795-2707 > FAX:03-5795-2708 > http://www.beproud.jp/ > === > > -- > You received this message because you are subscribed to the Google Groups > "Django users" group. > To post to this group, send email to django-us...@googlegroups.com. > To unsubscribe from this group, send email to > django-users+unsubscr...@googlegroups.com > . > For more options, visit this group at > http://groups.google.com/group/django-users?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-us...@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
Re: Serving https with runserver
I can think of a number of reasons why you would want to test SSL behavior on your local machine before running it on a production server. Setup can be pretty annoying for one. I wrote a blog post on how to do this very thing a while back. I used stunnel, as Janusz mentioned, to test SSL redirect behavior on the development server. You need to run two dev servers one for http and one for https. You also need to make sure that you set HTTPS=on as an environment variable so that request.is_secure() returns true properly. http://www.ianlewis.org/en/testing-https-djangos-development-server Ian On Mon, Mar 1, 2010 at 7:43 PM, Gonzalo Delgadowrote: > El 01/03/10 07:07, cool-RR escribió: >> Adnan, I'm really baffled by your response. No, my reasons for using >> SSL here is not because I'm afraid someone will sniff my data, We are >> talking here about `runserver`, which is the development server which >> is never used for production. The goal of `runserver` is to be able to >> easily test how your Django project behaves before you upload it to >> the real server. > > While it may sound so, the development server isn't really intended to > test *exactly* how a Django project behaves before uploading it to a > production server. There are a couple of cases where it will always fall > short, like serving static media or using SSL. It also can't help you > much to test how a site behaves with a big number of requests per second. > For those cases a staging[0] server is used, which is a copy of the > production server but for testing how the site behaves under certain > conditions or with new features, etc. > > [0] http://en.wikipedia.org/wiki/Staging_site > > -- > Gonzalo Delgado > > -- > You received this message because you are subscribed to the Google Groups > "Django users" group. > To post to this group, send email to django-us...@googlegroups.com. > To unsubscribe from this group, send email to > django-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/django-users?hl=en. > > -- === 株式会社ビープラウド イアン・ルイス 〒150-0012 東京都渋谷区広尾1-11-2アイオス広尾ビル604 email: ianmle...@beproud.jp TEL:03-5795-2707 FAX:03-5795-2708 http://www.beproud.jp/ === -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-us...@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
Re: Serving https with runserver
El 01/03/10 07:07, cool-RR escribió: > Adnan, I'm really baffled by your response. No, my reasons for using > SSL here is not because I'm afraid someone will sniff my data, We are > talking here about `runserver`, which is the development server which > is never used for production. The goal of `runserver` is to be able to > easily test how your Django project behaves before you upload it to > the real server. While it may sound so, the development server isn't really intended to test *exactly* how a Django project behaves before uploading it to a production server. There are a couple of cases where it will always fall short, like serving static media or using SSL. It also can't help you much to test how a site behaves with a big number of requests per second. For those cases a staging[0] server is used, which is a copy of the production server but for testing how the site behaves under certain conditions or with new features, etc. [0] http://en.wikipedia.org/wiki/Staging_site -- Gonzalo Delgado-- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-us...@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
Re: Serving https with runserver
Adnan, I'm really baffled by your response. No, my reasons for using SSL here is not because I'm afraid someone will sniff my data, We are talking here about `runserver`, which is the development server which is never used for production. The goal of `runserver` is to be able to easily test how your Django project behaves before you upload it to the real server. So the purpose of me wanting to use https on `runserver` are NOT because I think someone will hack into my local machine. It's because I want to test the behavior of the site. For example, I may have some complex redirection scheme, where some http pages on the site redirect you to https, and vice versa. So I would like to be able to test them out on the development machine before uploading to the server. I checked out Stunnel. I'd prefer to avoid it. It's another program I will have to install and configure, and then I'll have to install and configure an SSL library, and then these things will have to be connected with `runserver`, which may result in problems and headache. The whole motivation to use `runserver` is how easy and painless it is, so I'd prefer it include these things out of the box. Ram. On Mon, Mar 1, 2010 at 2:53 AM, Adnan Sadzak <sad...@gmail.com> wrote: > If it's on your local machine there is no big sense to use ssl unles you > are paranoid. If someone can sniff local traffic, then ssl is useless. > Anyway, as Janusz said http://www.stunnel.org/ > > > On Mon, Mar 1, 2010 at 1:06 AM, Janusz Harkot <janusz.har...@gmail.com>wrote: > >> So you can use stunnel: http://www.stunnel.org/ >> >> J. >> >> -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-us...@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
Re: Serving https with runserver
If it's on your local machine there is no big sense to use ssl unles you are paranoid. If someone can sniff local traffic, then ssl is useless. Anyway, as Janusz said http://www.stunnel.org/ On Mon, Mar 1, 2010 at 1:06 AM, Janusz Harkotwrote: > So you can use stunnel: http://www.stunnel.org/ > > J. > > -- > You received this message because you are subscribed to the Google Groups > "Django users" group. > To post to this group, send email to django-us...@googlegroups.com. > To unsubscribe from this group, send email to > django-users+unsubscr...@googlegroups.com > . > For more options, visit this group at > http://groups.google.com/group/django-users?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-us...@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
Re: Serving https with runserver
So you can use stunnel: http://www.stunnel.org/ J. -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-us...@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
Re: Serving https with runserver
I'm not using Apache on my development machine and I don't want to use it. I enjoy the low headache factor of runserver. But it'll be nicer if it served through https as well. On Mar 1, 12:53 am, Andrejwrote: > because you need to load apache ssl gear. Set up your normal virtual > host and then use reverse proxy: > > ProxyPass /http://localhost:8000/ > ProxyPassReverse /http://localhost:8000/ > > On Feb 28, 5:09 pm, cool-RR wrote: > > > > > Why doesn't runserver automatically serve in https as well as http? It > > would have been useful. > > > Ram. -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-us...@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
Re: Serving https with runserver
because you need to load apache ssl gear. Set up your normal virtual host and then use reverse proxy: ProxyPass / http://localhost:8000/ ProxyPassReverse / http://localhost:8000/ On Feb 28, 5:09 pm, cool-RRwrote: > Why doesn't runserver automatically serve in https as well as http? It > would have been useful. > > Ram. -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-us...@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
Serving https with runserver
Why doesn't runserver automatically serve in https as well as http? It would have been useful. Ram. -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-us...@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.