Boston Django developer – Setting up SSL (nginx+Django)

Start with generating the SSL (here is a self-sign for development only):

Independent Django Developer in Boston MA area Contact OT PROJECTS.

Note: I use /home/user/ssl/ for the certification location – change accordingly




Topic:	SSL - django
Description:	create SSL #1
Sample:	openssl genrsa -des3 -out server.key 1024
------------------------------------------------------

Topic:	SSL - django
Description:	create SSL #1.1
Sample:	enter the pass: testssl
------------------------------------------------------

Topic:	SSL - django
Description:	Generate a CSR (Certificate Signing Request)  #2
Sample:	openssl req -new -key server.key -out server.csr
------------------------------------------------------

Topic:	SSL - django
Description:	Generate a CSR (Certificate Signing Request)  #2.1
Sample:	pass: testssl
------------------------------------------------------

Topic:	SSL - django
Description:	Generate a CSR (Certificate Signing Request)  #2.2
Sample:	Country: US
------------------------------------------------------

Topic:	SSL - django
Continue with writing accordingly:
Description:	Generate a CSR (Certificate Signing Request)  #2.3
Sample:	Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:massachusetts
Locality Name (eg, city) []:boston
Organization Name (eg, company) [Internet Widgits Pty Ltd]:OT PROJECTS
Organizational Unit Name (eg, section) []:development
Common Name (e.g. server FQDN or YOUR name) []:testssl
Email Address []:f@testssl.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:testssl
An optional company name []:testssl

------------------------------------------------------

Topic:	SSL
Description:	Remove Passphrase from Key #2.4
Sample:	        cp server.key server.key.org
                openssl rsa -in server.key.org -out server.key
------------------------------------------------------

Topic:	SSL
Description:	Generating a Self-Signed Certificate  #2.5
Sample:	        openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
------------------------------------------------------

Topic:	SSL
Description:	Installing the Private Key and Certificate  #2.6
Sample:	        cp server.crt /home/user/ssl/conf/server.crt
                cp server.key /home/user/ssl/server.key
------------------------------------------------------



Now setup Nginx conf file:
if you use ubuntu: place a custom conf file here: /etc/nginx/conf.d
e.g.: /etc/nginx/conf.d/otp.conf:



server {
    listen          80;
    server_name     localhost;
    rewrite ^/(.*)  https://localhost/$1 permanent;
}

server {
    listen          4443 ssl;
    server_name     localhost;
    #rewrite ^/(.*)  https://localhost:4443/$1 permanent;
    access_log      /home/user/env/access.log combined;
    error_log       /home/user/env/error.log error;

    ssl_certificate         /home/user/ssl/server.crt;
    ssl_certificate_key     /home/user/ssl/server.key;

    location /static/ {
        alias /static/;
    }

    location /media/ {
        alias /media/;
    }

    location / {
        proxy_pass         http://localhost:8000/;
        proxy_redirect     off;

        proxy_set_header   Host              $http_host;
        proxy_set_header   X-Real-IP         $remote_addr;
        proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
    }

}






Independent Django Developer in Boston MA area Contact OT PROJECTS.

Restart nginx



 sudo /etc/init.d/nginx restart



Add to settings.py




SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True
SESSION_EXPIRE_AT_BROWSER_CLOSE=True




Now instead of localhost:8000 use localhost:4443

Finally, add this to your wsgi.py




os.environ['wsgi.url_scheme'] = 'https'



Should be the same, unless you used HTTP in your code/HTML or JS. Change accordingly.

Independent Django Developer in Boston MA area Contact OT PROJECTS.

Helpful Things You Need to Know about Server Security and Penetration Prevention

Server security and penetration prevention are two important things you need to ensure in safeguarding your website and overall investment. There is a world of difference between ethical hacking and penetration testing, but these terms are often interchangeable.

Server Security/Penetration Prevention Overview

Ensure the security of your server through a comprehensive knowledge of penetration testing and ethical hacking. Penetration testing deals with finding certain errors in your target environment, focusing on the defenses and compromising systems of your target organization. It is also aimed at getting information access.

Ethical hacking, on the other hand, is a more expansive term that covers hacking and computer attack techniques with the purpose of finding security flaws. Ethical hacking requires the target’s permission and aims to improve the security of the organization while penetration testing focuses on determining the environment’s vulnerabilities.

Looking for Server Security and Penetration Prevention in Boston MA area? Contact OT PROJECTS.