2

./manage.py runserver 0.0.0.0:8000

I am using the line above as part of the code I borrowed from github (https://github.com/ribeiroit/boh-puppet) to run bag of holding installation.

So far so good on http but not https. How do I modify the line above to incorporate https? I have already obtained ssl certificate from Comodo and updated my nginx conf.d file but the website won't display in https. Any ideas please shoot my way.

Thank you

Adiza Baakoe
  • 115
  • 1
  • 3
  • 5
  • 3
    `runserver` is meant for development, you shouldn't use it in production. Nginx + gunicorn is a popular choice. – Alasdair Aug 29 '18 at 13:19
  • If you want your local django development server to handle https, then you will have to install and configure stunnel. For running a local https django server, checkout my answer https://stackoverflow.com/a/60667888/9384511 . For production, you will need to configure nginx, gunicorn and a process control system like supervisord. – ABN Aug 17 '21 at 08:58

2 Answers2

5

While cezar's recommendation of django-extensions is valid to run a server with https, neither runserver or runserver_plus should ever be used in a production setting.

Quoting Django's documentation:

DO NOT USE THIS SERVER IN A PRODUCTION SETTING. It has not gone through security audits or performance tests. (And that’s how it’s gonna stay. We’re in the business of making Web frameworks, not Web servers, so improving this server to be able to handle a production environment is outside the scope of Django.)

Quoting django-extensions' documentation:

WARNING: This should never be used in any kind of production environment. Not even for a quick problem check. I cannot emphasize this enough. The interactive debugger allows you to evaluate python code right against the server. You’ve been warned.

Now yes, this warning from the django-extensions documentation is in reference to a single feature, the interactive console, which will theoretically not be exposed if DEBUG is set to False. But this is precisely how Patreon got hacked, and probably others as well. Why even risk it?

Instead, it would be far better to deploy your application using one of the officially recommended WSGI servers such as gunicorn or uWSGI.

Joey Wilhelm
  • 5,729
  • 1
  • 28
  • 42
3

For this purpose I use the the third-party app django-extensions, which offers some nice additional functionalities.

One of those extras is RunServerPlus.

You can then start the server like this:

python manage.py runserver_plus --cert-file /path/to/your/certificate

and open https://localhost:8000 in your browser.

Alasdair
  • 298,606
  • 55
  • 578
  • 516
cezar
  • 11,616
  • 6
  • 48
  • 84
  • Do I have to have 1 line each like this? python manage.py runserver_plus --cert-file /path/to/your/certificate.crt ; python manage.py runserver_plus --cert-file /path/to/your/certificate.key; python manage.py runserver_plus 0.0.0.0:8000 – Adiza Baakoe Aug 29 '18 at 21:33
  • @AdizaBaakoe No, in that case you would try to start the server 3 times. You run just one command: `python manage.py runserver_plus --cert-file /path/to/cert 0.0.0.0:8000`. This should be used only for development. In production you use neither `runserver` nor `runserver_plus`. – cezar Aug 29 '18 at 22:07