I agree, but I think at the web server level is much better. Middlewares can break if Django core changes a lot, and since they are third-party hack code, so unless you are confident how to maintain it yourself, don't use them. Apache, Nginx configurations are widely used so they are easier to get help nowadays. That is not to say that many middlewares I've seen over the years are bad. I've used a few of those on snippets :) They are great.
And for many people, there is usually more than one Django site, or multiple applications deploy (custom backend, etc) which run as HTTP services too. So enabling SSL at server level is a lot easier to maintain. On Sunday, July 8, 2012 5:47:01 AM UTC-4, Thomas Orozco wrote: > > This comes down to a simple middleware that intercepts http requests and > redirects them to https. This is very to do in django. > > You can find plenty of such middleware on djangosnippets. > > Now, if your app is running behind a reverse proxy (e.g. nginx + gunicorn) > , things get a little bit more complicated as your proxy needs to tell the > django app whether the request was originally https of http. > > This is easy to do, but not very well documented in django. Look at the > settings reference for the appropriate ones. > > > Alternatively, you could achieve the same thing at webserver level. But > having worked with both setups, using a middleware is a lot easier to > setup. > > Now, you might find doing it at webserver level more appropriate, that's a > matter of personal preference. > Le 7 juil. 2012 11:26, "Timothy Makobu" <makobu.mwambir...@gmail.com> a > écrit : > >> I would think he would have areas that need to be logged in to all SSL. >> He already has the cert for SSL logins, and its prudent these days to have >> such apps all SSL, with tools making it straight forward to lift >> unencrypted traffic off a network. >> >> On Sat, Jul 7, 2012 at 11:28 AM, Melvyn Sopacua <m.r.sopa...@gmail.com>wrote: >> >>> On 7-7-2012 10:27, Timothy Makobu wrote: >>> > " I want to know how to use HTTPS to securely login ..." which >>> satisfies >>> > the first part of the question. This way it wont be possible to login >>> > without HTTPS enabled for the project. >>> >>> What use is logging in if you're logged out the minute the connection >>> becomes unencrypted? >>> >>> -- >>> Melvyn Sopacua >>> >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Django users" group. >>> To post to this group, send email to django-users@googlegroups.com. >>> To unsubscribe from this group, send email to >>> django-users+unsubscr...@googlegroups.com. >>> For more options, visit this group at >>> http://groups.google.com/group/django-users?hl=en. >>> >>> >> -- >> You received this message because you are subscribed to the Google Groups >> "Django users" group. >> To post to this group, send email to django-users@googlegroups.com. >> To unsubscribe from this group, send email to >> django-users+unsubscr...@googlegroups.com. >> For more options, visit this group at >> http://groups.google.com/group/django-users?hl=en. >> > -- You received this message because you are subscribed to the Google Groups "Django users" group. To view this discussion on the web visit https://groups.google.com/d/msg/django-users/-/SLdmJ-KSqN8J. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
