在Nginx后面通过HTTPS访问Django Admin

时间:2022-03-01 18:59:55

I've got django running in uwsgi behind nginx. When I try to access https://site/admin/ I get the expected login screen. Logging in via the form seems to succeed, however, I simply end up back at the login screen. Firebug shows a redirect to the plain http://site/admin/ url which is then redirectec by nginx to the https url.

我在dginx后面的uwsgi中运行django。当我尝试访问https:// site / admin /时,我得到了预期的登录屏幕。通过表单登录似乎成功,但是,我只是回到登录屏幕。 Firebug显示重定向到普通的http:// site / admin / url,然后通过nginx将redirectec重定向到https网址。

Help! I'm confused as to how to force the admin app to use only https urls.

帮帮我!我很困惑如何强制管理应用程序只使用https网址。

Note this seems to be a related, unanswered question: https://example.com/admin redirects to https://admin in Django Nginx and gunicorn

请注意,这似乎是一个相关的,未回答的问题:https://example.com/admin重定向到https://管理员在Django Nginx和gunicorn

3 个解决方案

#1

9  

Adding the following to nginx.conf fixed the issue for me.

将以下内容添加到nginx.conf中为我解决了这个问题。

location / {
    ...
    include                 uwsgi_params;
    uwsgi_param             HTTP_X_FORWARDED_PROTOCOL https;
    uwsgi_param             UWSGI_SCHEME   $scheme;
}

Along with adding the following to settings.py:

除了将以下内容添加到settings.py:

SESSION_COOKIE_SECURE = True
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTOCOL', 'https')
CSRF_COOKIE_SECURE = True

#2

2  

the following should be all you need to have all traffic to the admin app redirected to https

以下应该是将管理员应用程序的所有流量重定向到https所需的全部内容

location /site/admin/ {
  rewrite ^ https://$host/$request_uri permanent;
}

If that doesn't work, can you post your actual nginx config bits? Can't really suggest more then that without your actual config to look at.

如果这不起作用,你可以发布你的实际nginx配置位吗?如果没有你的实际配置,那么真的不能建议更多。

#3

0  

Update for Django 1.8 settings.py:

更新Django 1.8 settings.py:

SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True
SECURE_SSL_REDIRECT = True
SECURE_REDIRECT_EXEMPT = [r'^(?!admin/).*']

And for your developement rig you may want to overwrite SECURE_SSL_REDIRECT = False in your local settings.

对于您的开发工具,您可能希望在本地设置中覆盖SECURE_SSL_REDIRECT = False。

#1

9  

Adding the following to nginx.conf fixed the issue for me.

将以下内容添加到nginx.conf中为我解决了这个问题。

location / {
    ...
    include                 uwsgi_params;
    uwsgi_param             HTTP_X_FORWARDED_PROTOCOL https;
    uwsgi_param             UWSGI_SCHEME   $scheme;
}

Along with adding the following to settings.py:

除了将以下内容添加到settings.py:

SESSION_COOKIE_SECURE = True
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTOCOL', 'https')
CSRF_COOKIE_SECURE = True

#2

2  

the following should be all you need to have all traffic to the admin app redirected to https

以下应该是将管理员应用程序的所有流量重定向到https所需的全部内容

location /site/admin/ {
  rewrite ^ https://$host/$request_uri permanent;
}

If that doesn't work, can you post your actual nginx config bits? Can't really suggest more then that without your actual config to look at.

如果这不起作用,你可以发布你的实际nginx配置位吗?如果没有你的实际配置,那么真的不能建议更多。

#3

0  

Update for Django 1.8 settings.py:

更新Django 1.8 settings.py:

SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True
SECURE_SSL_REDIRECT = True
SECURE_REDIRECT_EXEMPT = [r'^(?!admin/).*']

And for your developement rig you may want to overwrite SECURE_SSL_REDIRECT = False in your local settings.

对于您的开发工具,您可能希望在本地设置中覆盖SECURE_SSL_REDIRECT = False。

标签:

相关文章