Commit 262e5434 authored by Vladimir Mencl's avatar Vladimir Mencl Committed by Zenon Mousmoulas
Browse files

Revise secure URL settings

As per discussion in in #8 (primary mode of deployment is with mod_wsgi):

* Comment out the header setting at Django side and also move it from to (because it's now a customizable item).
* Change the header name to ````X-Forwarded-Protocol: https````
* Change the Apache recommendation to use the header name and take it out of
  the mod_uwsgi snippet - and instead add a new section describing
  mod_proxy_http as an option.
parent e4868581
......@@ -20,6 +20,11 @@ ALLOWED_HOSTS = []
# Make this unique, and don't share it with anybody.
SECRET_KEY = '<put something really random here, eg. %$#%@#$^2312351345#$%3452345@#$%@#$234#@$hhzdavfsdcFDGVFSDGhn>'
# Check for headers indicating the request was received on a secure SSL connection
# Uncomment this if you are running DjNRO behind an HTTP proxy that sets this
# header for SSL connections (and protects it for non-SSL connections).
# SECURE_PROXY_SSL_HEADER = ('X-Forwarded-Protocol', 'https')
'default': {
'ENGINE': 'django.db.backends.', # Add 'postgresql_psycopg2', 'mysql', 'sqlite3' or 'oracle'.
......@@ -210,9 +210,6 @@ KML_FILE = os.path.join(PROJECT_DIR, 'all.kml')
# Check for headers indicating the request was received on a secure SSL connection
SECURE_PROXY_SSL_HEADER = ('X-Forwarded-SSL', 'on')
# Request session cookies to be marked as secure
......@@ -228,6 +228,17 @@ We suggest using Apache and mod_wsgi. Below is an example configuration::
Alternatively, it is possible to use Apache with mod_proxy_http to pass the requests to uwsgi. In that case, the ````WSGIScriptAlias```` directive would be replaced with the following:
ProxyRequests off
ProxyPreserveHost on
ProxyPass / http://localhost:3031/
ProxyPassReverse / http://localhost:3031/
# tell DjNRO we have forwarded over SSL
RequestHeader set X-Forwarded-Protocol https
*Info*: It is strongly recommended to allow access to `/(admin|overview|alt-login)` *ONLY* from trusted subnets.
Once you are done, restart apache.
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment