thanks pbreit !
server {
server_name _;
location / {
uwsgi_pass 127.0.0.1:9001;
include uwsgi_params;
uwsgi_param UWSGI_SCHEME $scheme;
}
location /user {
rewrite ^ https://$http_host$request_uri? permanent;
}
Hi pbreit,
Thanks for your input.
Is it possible that you share your Nginx config with respect to https for
/user and /admin?.
Does it do an automatic redirect if coming from regular http, or should I
manually redirect from within web2py?.
Carlos
I ended up configuring this in Nginx so that /user and /admin are all https
and everything else is http. It's probably not totally necessary but some
users like it. Cookies are attached to a domain or sub-domain and seem to
work OK. GoDaddy has cheap certs for new cert buyers (<$15). If you use
Hi,
Questions when in production mode ...
Should I be using https (ssl) for all auth_user actions that transmit
sensitive data (password), e.g. login and register?.
Note that I will be using regular http (no ssl) in all other cases across my
apps.
Does web2py provide specific tools to accompl
You must configure apache to do it but I have a security objection.
If you go on the clear (http) for all the other pages you are passing
the session cookie in the clear. If an attacker has the session
cookie, he can access the change_password page via https.
This is not a web2py specific issue.
6 matches
Mail list logo
