Skip to content

Instantly share code, notes, and snippets.

@linuxkathirvel

linuxkathirvel/but-it-only-supports-http-in-django.md

Last active July 27, 2023 10:16
Show Gist options
  • Save linuxkathirvel/803de405c8b26c9953b743871e7d6847 to your computer and use it in GitHub Desktop.
Save linuxkathirvel/803de405c8b26c9953b743871e7d6847 to your computer and use it in GitHub Desktop.
Download ZIP
How to fix "You're accessing the development server over HTTPS, but it only supports HTTP." in Django?
Raw
but-it-only-supports-http-in-django.md

How to fix "You're accessing the development server over HTTPS, but it only supports HTTP." in Django?

Check the Django's site URL. It may have https.

Disable following variables in settings.py or .env

SECURE_CONTENT_TYPE_NOSNIFF = True
SECURE_BROWSER_XSS_FILTER = True
SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True
SECURE_SSL_REDIRECT = True
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
CSRF_TRUSTED_ORIGINS = ['yoursite.com']

Set DEBUG as True

DEBUG = True

Clear the Django site's(what you developed) cookies and sessions on the browser. For Google Chrome, steps are below.

Settings-> Privacy and Security -> Cookies and other site data -> See all cookies and site data -> Search your site name or IP and click 'Trash' icon.

Close the browser and reload the site now.

@dgerok
Copy link

dgerok commented Apr 4, 2023
edited
Loading

Sure
The below stack does not work locally.
I used Linode to deploy the app - they give a couple of months to try it for free. I created a Linode for Django with Linux
I had a temporary domain on azure.com

  1. open setting.py of your project and find your secrete key (below "# SECURITY WARNING: keep the secret key used in production secret!")
  • copy the secrete key into the text file, for example, 'key.txt'
  • remove a secret key from the settings.py and put the code instead:
    with open('key.txt') as f: SECRET_KEY = f.read().strip()
  • save this on the server
  1. get a domain name (which should not be IP). It can even be, for example, dev.my_domain.azure.com
  2. on the server side:
    source: https://realpython.com/django-nginx-gunicorn/
  • install Gunicorn (pip3 install gunicorn)
  • go to the application dir (in my case cd /var/www/DjangoApp)
  • create configuration files: mkdir -pv config/gunicorn;
  • fill in prod.py: vi gunicorn/prod.py
import multiprocessing

wsgi_app = "project.wsgi:application"                # Django WSGI application path in pattern MODULE_NAME:VARIABLE_NAME
workers = multiprocessing.cpu_count() * 2 + 1 # The number of worker processes for handling requests
bind = "0.0.0.0:8000"                                       # The socket to bind
accesslog = "/var/log/gunicorn/access.log"        # Write access and error info to /var/log
errorlog = "/var/log/gunicorn/error.log"
capture_output = True                                     # Redirect stdout/stderr to log file
pidfile = "/var/run/gunicorn/prod.pid"              # PID file so you can easily fetch process ID
daemon = True                                                # Daemonize the Gunicorn process (detach & enter background)
  • kill Django runserver, if it is running:
    ps -ef; kill XXXXX. where XXXXX - number of the process, which often looks like 192.168.111.111:80000 (IP is an example)
  • go to the application dir (in my case cd /var/www/DjangoApp)
  • show gunicorn the path to the Django secret key from the (1): source key.txt
    gunicorn -c config/gunicorn/prod.py
  1. install nginx (this is needed for HTTPS) on your server side
    sources: https://letsencrypt.org/getting-started/, https://certbot.eff.org/
    apt update; apt install nginx
  2. setup nginx
  • add your domain as a file into (file name is domain-like: "dev.my_domain.azure.com"):
cat > /etc/nginx/sites-available/dev.my_domain.azure.com
cat > /etc/nginx/sites-enabled/dev.my_domain.azure.com
  • add to /etc/nginx/sites-available/dev.my_domain.azure.com:
server_tokens             off;

# Use site-specific access and error logs
access_log                /var/log/nginx/supersecure.access.log;
error_log                 /var/log/nginx/supersecure.error.log;

# Return 444 status code & close connection if no Host header present
server {
  listen                  80 default_server;
  return                  444;
}

# Redirect HTTP to HTTPS
server {
  server_name            dev.my_domain.azure.com;
  listen                  80;
  return                  307 https://$host$request_uri;
}

server {

  # Pass on requests to Gunicorn listening at http://localhost:8000
  location / {
    proxy_pass            http://localhost:8000;
    proxy_set_header      Host $host;
    proxy_set_header      X-Forwarded-Proto $scheme;
    proxy_set_header      X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_redirect        off;
  }

  # Serve static files directly !!! USE YOUR STATIC PATH
  location /static {
    autoindex             on;
    alias                 /var/www/DjangoApp/my_app/static
  }
}
  • add into /etc/nginx/nginx.conf the following code:
    include /etc/nginx/sites-enabled/*;
  • check nginx configuration by running a command:
    service nginx configtest /etc/nginx/sites-available/dev.my_domain.azure.com
  1. get a certificate to run https with certbot
  • install snapd on the server side
apt install snapd;
snap install core;
snap refresh core;
  • install certbot on the server side:
    snap install --classic certbot
  • connect certbot to nginx:
    certbot --nginx
  • answer 'yes', where needed and choose your domain from the list. usually it is 1
  • restart nginx

@clebergriff
Copy link

Thank you very much @dgerok ! That helped me setting up on AWS EC2

@olawalejuwonm
Copy link

Still having this issue when setting up asgi

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment