> Hi,
>
> My site serves both http and https requests. The app decides what to serve
> over http/https, and redirects accordingly.
>
> When I open the non-ssl site, it works fine, and redirects to the ssl site
> when needed, but the ssl site does not show up, even the nginx and uwsgi
> logs are mute after the redirect.
>
> Do I need to run separate app instances on different ports?
> Do I need to set up https certificates in the ini file too?
>
> I run uwsgi through a socket. My ini file is:
> [uwsgi]
> socket = 127.0.0.1:8080
> chdir = /home/appserver/example
> home = /home/appserver/.virtualenvs/example
> env = DJANGO_SETTINGS_MODULE=example.settings
> module = example.wsgi:application
> processes = 4
> threads = 2
> memory-report = true
> stats = 127.0.0.1:9191
> lazy-apps = true
> master-fifo = /tmp/example.fifo
> log-master = true
> logto = /home/appserver/logs/uwsgi.log
>
> The nginx config is:
> server {
> listen 80 default_server;
> server_name my.example.com;
>
> root /home/appserver/example/static;
> index index.html index.htm;
>
> location / {
> include uwsgi_params;
> uwsgi_pass 127.0.0.1:8080;
>
> proxy_next_upstream error timeout invalid_header http_500 http_502
> http_503 http_504;
> proxy_redirect off;
> proxy_set_header X-Forwarded-Host $server_name;
> proxy_set_header Host $host;
> proxy_set_header X-Real-IP $remote_addr;
> proxy_set_header X-Forwarded-For
> $proxy_add_x_forwarded_for;
> proxy_pass_header Server;
> proxy_set_header X-Scheme $scheme;
> }
> }
>
> server {
> listen 443;
> server_name my.example.com;
> ssl on;
> ssl_certificate /path/to/example.crt;
> ssl_certificate_key /path/to/example.key;
> # no security problem here, since / is alway passed to upstream
> root /home/appserver/example/static;
> location / {
> include uwsgi_params;
> uwsgi_pass 127.0.0.1:8080;
>
> proxy_next_upstream error timeout invalid_header http_500 http_502
> http_503 http_504;
> proxy_redirect off;
> proxy_set_header X-Forwarded-Host $server_name;
> proxy_set_header Host $host;
> proxy_set_header X-Real-IP $remote_addr;
> proxy_set_header X-Forwarded-For
> $proxy_add_x_forwarded_for;
> proxy_pass_header Server;
> proxy_set_header X-Scheme $scheme;
> proxy_ignore_client_abort on;
> }
> }
> _______________________________________________
> uWSGI mailing list
> [email protected]
> http://lists.unbit.it/cgi-bin/mailman/listinfo/uwsgi
>
Check you do not have some kind of firewall, because even on error nginx
should show you something.
In addition to this the "proxy_set_header" directives are useless.
With the 'uwsgi' protocol you directly pass CGI vars, and most of them
(like real-ip) are not needed as nginx will pass the standard REMOTE_ADDR
variable.
--
Roberto De Ioris
http://unbit.it
_______________________________________________
uWSGI mailing list
[email protected]
http://lists.unbit.it/cgi-bin/mailman/listinfo/uwsgi
