Created
September 29, 2015 13:57
-
-
Save revolunet/9d30dc72e02754f0d580 to your computer and use it in GitHub Desktop.
Nginx, gunicorn + ssl (django)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| upstream myapp_prod { | |
| server unix:/home/apps/project/wsgi/gunicorn.sock fail_timeout=0; | |
| } | |
| server { | |
| listen 80 default_server; | |
| server_name .project.com; | |
| return 301 https://www.project.com$request_uri; | |
| } | |
| server { | |
| listen 443 default_server ssl; | |
| server_name www.project.com; | |
| ssl_certificate /home/apps/project/data/ssl/bundle.pem; | |
| ssl_certificate_key /home/apps/project/data/ssl/private.pem; | |
| ssl_prefer_server_ciphers On; | |
| ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; | |
| ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS; | |
| client_max_body_size 10M; | |
| access_log /home/apps/project/logs/nginx-access.log; | |
| error_log /home/apps/project/logs/nginx-error.log; | |
| error_page 500 501 502 503 504 /maintenance.html; | |
| location /maintenance.html { | |
| internal; | |
| alias /home/apps/project/maintenance.html; | |
| } | |
| location /static/ { | |
| alias /home/apps/project/static/; | |
| access_log off; | |
| gzip on; | |
| gzip_min_length 1000; | |
| gzip_types application/x-javascript text/css; | |
| if ($request_filename ~* \.(ico|css|js|gif|jpe?g|png)$) { | |
| expires 72h; | |
| } | |
| } | |
| location / { | |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
| proxy_set_header Host $http_host; | |
| proxy_redirect off; | |
| if (!-f $request_filename) { | |
| proxy_pass http://myapp_prod; | |
| break; | |
| } | |
| } | |
| } |
Hello!
I stumbled upon your post. I'm trying to make nginx + Gunicorn + Let's Encrypt work. I've spent the last 2 days trying to make it work but for the life of me I just can't! I have researched every corner on the internet looking for an answer. Can't find any solution. I'm baffled. Nothing happens after redirecting from 80 to 443. How did you configure gunicorn? Could you please give me any ideas or pointers? Thank you!
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi, I use SSL like you but I often find emails saying:
Invalid HTTP_HOST header: 'MY-IP'. You may need to add u'MY-IP' to ALLOWED_HOSTS.
(as requester coming by IP seems to be malicious scripts, I don't think I want to listen to django's advice)
Did you find a workaround this issue in nginx config? (I tried to set an other server block as listen 443 default_server but it breaks my domain)
PS: sorry, it may not be the place to ask this kind of question, but I don't see any good stackexchange answer out there…
PS2: I should have searched more, if someone find this: http://stackoverflow.com/a/17477436/267364