Accessing Django Admin over HTTPS behind Nginx

2019-03-11 15:10发布

I've got django running in uwsgi behind nginx. When I try to access https://site/admin/ I get the expected login screen. Logging in via the form seems to succeed, however, I simply end up back at the login screen. Firebug shows a redirect to the plain http://site/admin/ url which is then redirectec by nginx to the https url.

Help! I'm confused as to how to force the admin app to use only https urls.

Note this seems to be a related, unanswered question: https://example.com/admin redirects to https://admin in Django Nginx and gunicorn

标签： django redirect https nginx admin

3条回答

一纸荒年 Trace。

2楼-- · 2019-03-11 15:36

Adding the following to nginx.conf fixed the issue for me.

location / {
    ...
    include                 uwsgi_params;
    uwsgi_param             HTTP_X_FORWARDED_PROTOCOL https;
    uwsgi_param             UWSGI_SCHEME   $scheme;
}

Along with adding the following to settings.py:

SESSION_COOKIE_SECURE = True
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTOCOL', 'https')
CSRF_COOKIE_SECURE = True

0人赞添加讨论(0) 举报

唯我独甜

3楼-- · 2019-03-11 15:39

Update for Django 1.8 settings.py:

SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True
SECURE_SSL_REDIRECT = True
SECURE_REDIRECT_EXEMPT = [r'^(?!admin/).*']

And for your developement rig you may want to overwrite SECURE_SSL_REDIRECT = False in your local settings.

0人赞添加讨论(0) 举报

乱世女痞

4楼-- · 2019-03-11 15:47

the following should be all you need to have all traffic to the admin app redirected to https

location /site/admin/ {
  rewrite ^ https://$host/$request_uri permanent;
}

If that doesn't work, can you post your actual nginx config bits? Can't really suggest more then that without your actual config to look at.

0人赞添加讨论(0) 举报

Accessing Django Admin over HTTPS behind Nginx

采纳回答

编辑标签

举报内容

检举类型

检举原因

检举说明(必填)

打开微信“扫一扫”，打开网页后点击屏幕右上角分享按钮

付费偷看金额在0.1-10元之间