I am looking at switching to python/django for my web development. For some of the application I would need to port I have admin sections of the site being served over SSL while the main interface is not.
Is there a way to serve up say the admin portion of a django app over SSL while the rest of the site is over HTTP?
Its definitely possible. If you are using nginx, this how you would do it:
Under /etc/nginx/sites-available/default, add the following below your server tag and configure the files appropriately:
#SSL Support added
listen 443 ssl;
ssl_certificate /etc/ssl/ssl/nginx/server.crt;
ssl_certificate_key /etc/ssl/ssl/nginx/server.key;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
Then in your middleware.py,
class SecureRequiredMiddleware(object):
def __init__(self):
self.paths = getattr(settings, 'SECURE_REQUIRED_PATHS')
self.enabled = self.paths and getattr(settings, 'HTTPS_SUPPORT')
def process_request(self, request):
if self.enabled and not request.is_secure():
for path in self.paths:
if request.get_full_path().startswith(path):
request_url = request.build_absolute_uri(request.get_full_path())
secure_url = request_url.replace('http://', 'https://')
print self.paths, request_url, secure_url
return HttpResponsePermanentRedirect(secure_url)
return None
Then in settings.py,
....
MIDDLEWARE_CLASSES = (
'django.middleware.common.CommonMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
# Uncomment the next line for simple clickjacking protection:
'django.middleware.clickjacking.XFrameOptionsMiddleware',
'djo.middleware.SecureRequiredMiddleware',
....
HTTPS_SUPPORT = True
SECURE_REQUIRED_PATHS = (
r'/admin/',
)
That should get you started.
