updating nginx for SSL-only operation. closes #319

author Bryan <btbonval@gmail.com>

Sat, 8 Feb 2014 00:08:16 +0000 (19:08 -0500)

committer Bryan <btbonval@gmail.com>

Sat, 8 Feb 2014 00:08:16 +0000 (19:08 -0500)
author Bryan <btbonval@gmail.com>
Sat, 8 Feb 2014 00:08:16 +0000 (19:08 -0500)
committer Bryan <btbonval@gmail.com>
Sat, 8 Feb 2014 00:08:16 +0000 (19:08 -0500)
diff --git a/README.md b/README.md

index f02354f8cff53b5b5f3c162b027a34f0bcb3457c..c631795d616e5438747d0624f1172f14fb3e1dac 100644 (file)
--- a/README.md
+++ b/README.md
@@ -310,7 +310,13 @@ not generally be needed.
  
          server {
              listen 80;
-            listen 443 ssl;
+            server_name localhost;
+            return 301 https://$host$request_uri
+        }
+
+        server {
+            listen 443;
+            ssl on;
              server_name localhost;
              client_max_body_size 20M;
          
@@ -318,13 +324,7 @@ not generally be needed.
                  # pass traffic through to gunicorn
                  proxy_pass http://127.0.0.1:8000;
                  # pass HTTP(S) status through to Django
-                if ($scheme ~ http) {
-                    set $ssl 'off';
-                }
-                if ($scheme ~ https) {
-                    set $ssl 'on';
-                }
-                proxy_set_header X-Forwarded-SSL $ssl;
+                proxy_set_header X-Forwarded-SSL $https;
                  proxy_set_header X-Forwarded-Protocol $scheme;
                  proxy_set_header X-Forwarded-Proto $scheme;
                  # pass nginx site back to Django
diff --git a/Vagrantfile b/Vagrantfile

index 07725ed9ff817ff5d43df44203674d101df08eda..c5089d764986beacb9772b667c0b965865a11191 100644 (file)
--- a/Vagrantfile
+++ b/Vagrantfile
@@ -106,7 +106,13 @@ chown vagrant:vagrant karmaworld/$SECRETPATH/*.py
  cat > /etc/nginx/sites-available/karmaworld <<CONFIG
  server {
      listen 80;
-    listen 443 ssl;
+    server_name localhost;
+    return 301 https://\\\$host:6659\\\$request_uri;
+}
+
+server {
+    listen 443;
+    ssl on;
      # don't do virtual hosting, handle all requests regardless of header
      server_name localhost;
      client_max_body_size 20M;
@@ -117,13 +123,7 @@ server {
          # pass traffic through to gunicorn
          proxy_pass http://127.0.0.1:8000;
          # pass HTTP(S) status through to Django
-        if (\\\$scheme ~ http) {
-            set \\\$ssl 'off';
-        }
-        if (\\\$scheme ~ https) {
-            set \\\$ssl 'on';
-        }
-        proxy_set_header X-Forwarded-SSL \\\$ssl;
+        proxy_set_header X-Forwarded-SSL \\\$https;
          proxy_set_header X-Forwarded-Protocol \\\$scheme;
          proxy_set_header X-Forwarded-Proto \\\$scheme;
          # pass nginx site back to Django
author	Bryan <btbonval@gmail.com>
	Sat, 8 Feb 2014 00:08:16 +0000 (19:08 -0500)
committer	Bryan <btbonval@gmail.com>
	Sat, 8 Feb 2014 00:08:16 +0000 (19:08 -0500)
README.md		patch \| blob \| history
Vagrantfile		patch \| blob \| history