by

Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
Pete
@kasim1r
I successfully have ralph behind the nginx now, but against first impression, the URLs are not correct
I get http URLs instead of https, can I configure that somewhere? Like "the ralph base URL"?
damian1976
@damian1976
Did you configure server section in nginx configuration for port 80 to redirect to https as described above?
Pete
@kasim1r
>
upstream ralph-server {
server localhost:8000;
}
server {
listen 443;
server_name ralph.private.domain;
include /etc/nginx/private.ssl.conf;
include /etc/nginx/reverseproxy.conf;
access_log /var/log/nginx/ralph.access.log;
error_log /var/log/nginx/ralph.error.log;
location / {
proxy_pass http://ralph-server/;
proxy_set_header Host $host;
proxy_pass_header Server;
proxy_buffering off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_http_version 1.1;
}
}
Mateusz Kurek
@mkurek
@kasim1r try to put SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https') into your settings
Pete
@kasim1r
as an export variable?
similar to export DJANGO_SETTINGS_MODULE=ralph.settings.local_settings ?
or in nginx
Mateusz Kurek
@mkurek
no - to local_settings.py
Pete
@kasim1r
ok
no, didn't have an effect
easisest example is, when you browse to the root URL, https://ralph.private.domain/ it wants to redirect to /login/?next=/, and that is again an http URL
or add this section BEFORE existing server section http://dpaste.com/3GBR4Q0
Pete
@kasim1r
that did the trick
thx
cannot redirect from 80 to 443, port 80 not allowed :)
but the both proxy header options in nginx did it!
This message was deleted
damian1976
@damian1976
probably you have also apache running .check it. if so, stop it
Pete
@kasim1r
nah, no apache here.
damian1976
@damian1976
netstat -anp | grep 80
Pete
@kasim1r
you misunderstood me, probably. it makes no sense for me to redirect from 80 to 443, becuase in that network segment, port 80 is firewalled
like it should be in all good environments where credentials are transmitted :)
runs
damian1976
@damian1976
ok but when you type ralph address in the browser it tries to go http:// by default, so something should redrects you to 443 (https)
Pete
@kasim1r
that went away after i did the nginx settings you mentioned (linuxfaq)
which in my understanding means that nginx needs to tell the next instance (=ralph) that "hey, we're using ssl here"
so that ralph can return the correct URLs
so now, when i go to https://ralph.private.domain/, it correctly redirects me to https://ralph.private.domain/login/?next=/
and also the API URLs are correct
damian1976
@damian1976
ok
the message you had "cannot redirect from 80 to 443, port 80 not allowed" when starting nginx is because you started django also on port 80 (DJANGO_SETTINGS_MODULE=ralph.settings.local ralph runserver)
what I do (guys correct me if I'm wrong) is that I start django/ralph on 8000. then in nginx in "server 80" section redirect to 443 , and in "server 443" section "capture" 8000 port by
location / {
                proxy_pass http://address:8000;
        }
damian1976
@damian1976
so both 80 and 8000 calls are redirected to 443
Pete
@kasim1r
that's not a message from nginx, it was just what I told you
damian1976
@damian1976
ok
Pete
@kasim1r
because the target machine's port 80 is not reachable, it wouldn't make sense to redirect 80 to 443
Pete
@kasim1r
how can I populate the business_ownersand technical owners fields?
(in a virtual server)
Pete
@kasim1r
setting them via PATCH method doesn't change them
but also doesn't return an error
curl -k -H "Content-Type: application/json" -H "Authorization: Token f38a12d6b0dd3457b8c464789c90fad6fa5adfd0" -XPATCH "https://ralph.private.domain/api/virtual-servers/76/" -d '{"business_owners": "RonL"}'
Mateusz Kurek
@mkurek
this field is ignored in patch/put/post - it's taken from service owenrs
*owners
in other words, read serialization is different than write serialization
Pete
@kasim1r
would you mind posting a dump of your (working) LDAP settings?
Pete
@kasim1r
please?