On Sep 1, 11:30 pm, Alex Robbins <alexander.j.robb...@gmail.com>
wrote:
> Graham,
>
> I'm interested in understanding what you just said. It seems like you
> are saying you can get the X-Forwarded-SSL environment variable to
> automatically be set, without needing the django middleware. Seems
> simple enough.
X-Forwarded-SSL is not an environment variable, it is a HTTP request
header set from nginx when pushing through the request. You still need
to configure nginx to do that.
What that SetEnvIf directive in Apache is doing is detected the
presence of that special header as set by nginx front end and in turn
setting a CGI subprocess environment variable called HTTPS. That would
normally be passed in process environment of CGI scripts, but they
also get passed in WSGI per request environment. The mod_wsgi module
also automatically notes that HTTPS CGI subprocess environment has
been set and will fixup wsgi.url_scheme as passed in WSGI environment
to be correct value based on what nginx accepted connection as, rather
than what Apache accepted it as. Django internally consults
wsgi.url_scheme in its check to determine if connection was secure.
So, for case where need correct detection of whether HTTP or HTTPS was
used an nginx, you can use that one line configuration in Apache
configuration in place of the WSGI middleware. Using the Apache
configuration will work for any WSGI application as such applications
are supposed to always check wsgi.url_scheme.
> The middleware also handles redirects, so that someone accidentally
> going tohttp://mysite/credit_card_form/will be redirected to https://....
> I'm guessing that overriding the wsgi.url_scheme is meant to handle
> that, but I don't understand how.
I should have clarified that I was only referring to the is_secure
check of the WSGI middleware. If you want the redirect, although that
also can be done in various ways using Apache as well, then yes, you
would still require it.
Graham
> Thanks,
> Alex
>
> On Aug 31, 6:02 pm, Graham Dumpleton <graham.dumple...@gmail.com>
> wrote:
>
>
>
> > On Sep 1, 3:39 am, Francis <f.du...@gmail.com> wrote:
>
> > > We setup a Nginx proxy in front of Apache/WSGI and got Nginx to handle
> > > the SSL cert and simply pass on a flag to WSGI if the connection was
> > > coming through http or https.
>
> > > Next you'll want a SSL middleware, we
> > > use:http://www.djangosnippets.org/snippets/240/
>
> > > Now its a matter of configuring which views you want SSL (follow
> > > example in the middleware)
>
> > You don't need a SSL middleware. Just add to your Apache
> > configuration:
>
> > SetEnvIf X-Forwarded-SSL on HTTPS=1
>
> > Apache/mod_wsgi will allow overriding of wsgi.url_scheme based on
> > HTTPS variable. The HTTPS variable can be set to 'On' or '1'. Case
> > ignored in comparison.
>
> > Thus, you can use mod_setenvif to check for header being set and what
> > value and then set HTTPS.
>
> > Graham
>
> > > On Aug 28, 11:04 pm, Vitaly Babiy <vbabi...@gmail.com> wrote:
>
> > > > Hey guys,
> > > > What is the best way to deploy an app that uses mod_wsgi that some
> > > > parts of
> > > > it need to be behind SSL?
>
> > > > Thanks,
> > > > Vitaly Babiy
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en
-~----------~----~----~----~------~----~------~--~---
