I've got django running in uwsgi behind nginx. When I try to access https://site/admin/
I get the expected login screen. Logging in via the form seems to succeed, however, I simply end up back at the login screen. Firebug shows a redirect to the plain http://site/admin/
url which is then redirectec by nginx to the https url.
Help! I'm confused as to how to force the admin app to use only https urls.
Note this seems to be a related, unanswered question: https://example.com/admin redirects to https://admin in Django Nginx and gunicorn
Adding the following to nginx.conf fixed the issue for me.
location / {
...
include uwsgi_params;
uwsgi_param HTTP_X_FORWARDED_PROTOCOL https;
uwsgi_param UWSGI_SCHEME $scheme;
}
Along with adding the following to settings.py:
SESSION_COOKIE_SECURE = True
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTOCOL', 'https')
CSRF_COOKIE_SECURE = True
the following should be all you need to have all traffic to the admin app redirected to
https
location /site/admin/ {
rewrite ^ https://$host/$request_uri permanent;
}
If that doesn't work, can you post your actual nginx config bits? Can't really suggest more then that without your actual config to look at.
Update for Django 1.8 settings.py:
SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True
SECURE_SSL_REDIRECT = True
SECURE_REDIRECT_EXEMPT = [r'^(?!admin/).*']
And for your developement rig you may want to overwrite SECURE_SSL_REDIRECT = False
in your local settings.