Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
T
T
timur142018-06-04 13:55:42
Django
timur14, 2018-06-04 13:55:42

Why doesn't submitting a form via https work when nginx is configured to only serve connections via https?

Nginx is configured like this:

# Default server
server {
    server_name _;
    return 404;
}

server {
  listen 80 default_server;
  listen [::]:80 default_server;
  server_name example.com www.example.com;
  if ($scheme = http) {
        return 301 https://$server_name$request_uri;
    }
}

server {
    listen 443 ssl;
    keepalive_timeout 60;
    server_name example.com www.example.com;
    charset utf-8;
    access_log /dev/stdout;
    error_log /dev/stdout info;

    # ssl cache settings
    ssl_session_cache shared:SSL:20m;
    ssl_session_timeout 180m;

    ssl_stapling on;
    ssl_certificate /letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /letsencrypt/live/example.com/privkey.pem;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DHE+AES128:!ADH:!AECDH:!MD5;

    location /uploads/ {
        autoindex on;
        alias /uploads/;
    }

    location / {
        # prevent access for some bots
        if ($http_user_agent ~ (libwww|Wget|LWP|damnBot|BBBike|java|spider|crawl) ) {
            return 403;
        }

        proxy_pass http://localhost:5000;
        proxy_set_header Host $host:$server_port;
        proxy_set_header X-Forwarded-Host $server_name;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

But with this setting, submitting the form does not work, the following error is returned:
400 Bad Request. The plain HTTP request was sent to HTTPS port

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
T
timur14, 2018-06-05
@timur14

As a result of the discussion, we found out (thanks to Alexey Ten ) that the problem was in the application itself. As it turned out, it was necessary to enable support on the django side (version 1.8):
specify in settings:
SECURE_SSL_REDIRECT = True
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
and add security middleware:
django.middleware.security.SecurityMiddleware

Report
R
Reversaidx, 2018-06-04
@Reversaidx

localhost:5000 >> https://localhost:5000 change

Similar questions
D
doitagain2019-11-11 23:34:40
Checking the classification accuracy of labeled subsets of various lengths (with a limit) on a continuous two-dimensional series? 3Reply
A
artchis2020-12-30 12:55:40
Can I use GET in displaying data? 1Reply
K
kutase2014-11-26 19:48:09
How to use django to create a single page ajax app? 4Reply
M
meowmere2020-12-30 16:53:32
Django Inline not outputting my qset, how to output? 1Reply
R
Romua1d2016-11-25 22:30:57
Nested Django menu items? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question