Nginx to serve Django
Posted by brice | Filed under django , nginx , proxy , web server
Nginx, a fast, if not the fastest, solution to serve your static file and act as a proxy to your django application. On top of it, it allows you to manage right access to static file. Here is a short demonstration on howto setup Nginx on ubuntu.
Lets get started, we first need to install nginx. Being on Ubuntu, the task will easy for me (I let you deal with your own OS ):
brice@pdb:~$ sudo apt-get install nginx
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
nginx
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
...
Unpacking nginx (from .../nginx_0.5.33-1ubuntu0.1_amd64.deb) ...
Setting up nginx (0.5.33-1ubuntu0.1) ...
brice@pdb:~$
We will now need to generate the CSR certificate to be able to sign ou SSL certificate. We will use openssl:
brice@pdb:~$ sudo apt-get install openssl
[sudo] password for brice:
Reading package lists... Done
Building dependency tree
...
Setting up openssl (0.9.8g-4ubuntu3.8) ...
brice@pdb:~$ openssl req -new -newkey rsa:2048 -nodes -out pdb_xxxxx_com.csr \
> -keyout pdb_xxxxx_com.key -subj \
> "/C=US/ST=California/L=Hawthorne/O=xxxxx Co. Inc./CN=pdb.xxxxx.com"
Generating a 2048 bit RSA private key
........................................................................................................................................+++
....................+++
writing new private key to 'pdb_xxxxx_com.key'
-----
brice@pdb:~$
Once generated, I generated the SSL cerficate through godaddy and validated it by checking it@xxxxx.com (official xxxxx.com mail). The next step was the generation of the web certificate and placing it at the right place on the server config directory
brice@pdb:~$ sudo su
[sudo] password for brice:
root@pdb:/home/brice# cat pdb.xxxxx.com.crt gd_bundle.crt > /etc/nginx/pdb.xxxxx.com.crt
root@pdb:/home/brice# cp pdb_xxxxx_com.key /etc/nginx/
Now we will setup nginx site to enable the ssl.
root@pdb:/home/brice# rm /etc/nginx/sites-enabled/default
root@pdb:/home/brice# vi /etc/nginx/sites-available/pdb.xxxxx.com
and here is the configuration for pdb.xxxxx.com. You will see that the first server request is redirecting all the HTTP (port 80) request to HTTPS (443) which make user life easier !
server {
# redirect every HTTP request to HTTPS
listen 80;
server_name pdb.xxxxx.com;
location / {
rewrite ^ https://pdb.xxxxx.com$request_uri? permanent;
}
}
server {
listen 443;
ssl on;
ssl_certificate /etc/nginx/pdb.xxxxx.com.crt;
ssl_certificate_key /etc/nginx/pdb_xxxxx_com.key;
server_name pdb.xxxxx.com;
access_log /var/log/nginx/pdb.xxxxx.com.access.log;
error_log /var/log/nginx/pdb.xxxxx.com.error.log;
#add_header Front-End-Https on;
proxy_set_header X-Url-Scheme $scheme;
location / {
proxy_pass http://127.0.0.1:9000/;
proxy_set_header X-Forwarded-Protocol "https";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
client_max_body_size 3000m;
}
location /media/ {
alias /home/brice/productdatabase/media/;
}
location /static/ {
alias /home/brice/productdatabase/static/;
}
location /adminmedia/ {
alias /usr/lib/python2.5/site-packages/django/contrib/admin/media/;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /var/www/nginx-default;
}
}
Then we have to:
- Activate the website
- create the log folder (if it doesn't exist)
- restart nginx
root@pdb:/home/brice# ln -s /etc/nginx/sites-available/pdb.xxxxx.com /etc/nginx/sites-enabled/pdb.xxxxx.com
root@pdb:/home/brice# ls -l /etc/nginx/sites-enabled/
total 0
lrwxrwxrwx 1 root root 41 Oct 15 21:10 pdb.xxxxx.com -> /etc/nginx/sites-available/pdb.xxxxx.com
root@pdb:/home/brice# mkdir /var/log/nginx
root@pdb:/home/brice# /etc/init.d/nginx stop
Stopping nginx: nginx.
root@pdb:/home/brice# /etc/init.d/nginx start
Starting nginx: nginx.
May 12, 2011 a.m.31 12:48 a.m.
Haha. I woke up down today. You?ve ceheerd me up!
December 26, 2011 a.m.31 3:22 a.m.
freelance writer