Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
T
T
timur142018-06-04 13:55:42
Django
timur14, 2018-06-04 13:55:42

Why doesn't submitting a form via https work when nginx is configured to only serve connections via https?

Nginx is configured like this:

# Default server
server {
    server_name _;
    return 404;
}

server {
  listen 80 default_server;
  listen [::]:80 default_server;
  server_name example.com www.example.com;
  if ($scheme = http) {
        return 301 https://$server_name$request_uri;
    }
}

server {
    listen 443 ssl;
    keepalive_timeout 60;
    server_name example.com www.example.com;
    charset utf-8;
    access_log /dev/stdout;
    error_log /dev/stdout info;

    # ssl cache settings
    ssl_session_cache shared:SSL:20m;
    ssl_session_timeout 180m;

    ssl_stapling on;
    ssl_certificate /letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /letsencrypt/live/example.com/privkey.pem;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DHE+AES128:!ADH:!AECDH:!MD5;

    location /uploads/ {
        autoindex on;
        alias /uploads/;
    }

    location / {
        # prevent access for some bots
        if ($http_user_agent ~ (libwww|Wget|LWP|damnBot|BBBike|java|spider|crawl) ) {
            return 403;
        }

        proxy_pass http://localhost:5000;
        proxy_set_header Host $host:$server_port;
        proxy_set_header X-Forwarded-Host $server_name;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

But with this setting, submitting the form does not work, the following error is returned:
400 Bad Request. The plain HTTP request was sent to HTTPS port

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
T
timur14, 2018-06-05
@timur14

As a result of the discussion, we found out (thanks to Alexey Ten ) that the problem was in the application itself. As it turned out, it was necessary to enable support on the django side (version 1.8):
specify in settings:
SECURE_SSL_REDIRECT = True
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
and add security middleware:
django.middleware.security.SecurityMiddleware

Report
R
Reversaidx, 2018-06-04
@Reversaidx

localhost:5000 >> https://localhost:5000 change

Similar questions
S
spellman0032019-09-12 08:08:45
What routes to add to Windows Server to route to another network? 3Reply
N
nurzhannogerbek2017-04-23 15:40:44
How to do multiple selection? 1Reply
I
Ingerniated2016-10-11 19:35:20
What hosting for Django do you recommend? 4Reply
E
Eugene-1232020-12-01 15:38:00
What does '/' in 'NAME': BASE_DIR/'db.sqlite3' mean in Django? 1Reply
M
mr_drinkens892016-10-12 10:16:41
How to connect https to Django? 3Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question