FastCGI application behind NGINX is unable to detect that HTTPS secure connection is used

django nginx fastcgi
Aneil Mallavarapu picture Aneil Mallavarapu · Jan 31, 2011 · Viewed 15.1k times · Source

I'm running FastCGI behind Nginx, and need to detect when the url is accessed via HTTPS. However, my Django web application always reports that the connection is HTTP (request.is_secure() == False). However, SSL is setup correctly, and I've verified my https:// urls are secure with an SSL checker.

How can I get Django to correctly detect when the request is from an HTTPS url?

My Nginx settings are:

http {
    include       mime.types;
    default_type  application/octet-stream;

    sendfile        on;
    keepalive_timeout  65;

    gzip  on;

    server {
        listen       80;
        listen       443 default ssl;
        ssl_certificate   /home/webapp/ssl.crt
        ssl_certificate_key /home/webapp/ssl.key

        server_name  myapp.com;
        access_log /home/webapp/access.log
        error_log  /home/webapp/error.log

        root   /home/mywebapp;

        location / {
               # host and port to fastcgi server                      
           fastcgi_pass 127.0.0.1:8801;
           fastcgi_param PATH_INFO $fastcgi_script_name;
           fastcgi_param REQUEST_METHOD $request_method;
           fastcgi_param QUERY_STRING $query_string;
           fastcgi_param SERVER_NAME $server_name;
           fastcgi_param SERVER_PORT $server_port;
           fastcgi_param SERVER_PROTOCOL $server_protocol;
           fastcgi_param CONTENT_TYPE $content_type;
           fastcgi_param CONTENT_LENGTH $content_length;
           fastcgi_pass_header Authorization;
           fastcgi_intercept_errors off;
        }
    }
}

I start the Django FastCGI process with:

python /home/webapp/manage.py runfcgi method=threaded host=127.0.0.1 port=8801 pidfile=/home/webapp/fastcgi.pid

Answer

Aneil Mallavarapu picture Aneil Mallavarapu · Jan 31, 2011

Thanks to Yuji for the answer. I've updated my server block to conditionally inject HTTPS on or HTTPS off, depending on $server_port:

{

server {
    listen       80;
    listen       443 default ssl;

    if ($server_port = 443) { set $https on; }
    if ($server_port = 80) { set $https off; }

    ssl_certificate   /home/webapp/ssl.crt
    ssl_certificate_key /home/webapp/ssl.key

    server_name  myapp.com;
    access_log /home/webapp/access.log
    error_log  /home/webapp/error.log

    root   /home/mywebapp;

    location / {
           # host and port to fastcgi server                      
       fastcgi_pass 127.0.0.1:8801;
       fastcgi_param PATH_INFO $fastcgi_script_name;
       fastcgi_param REQUEST_METHOD $request_method;
       fastcgi_param QUERY_STRING $query_string;
       fastcgi_param SERVER_NAME $server_name;
       fastcgi_param SERVER_PORT $server_port;
       fastcgi_param SERVER_PROTOCOL $server_protocol;
       fastcgi_param CONTENT_TYPE $content_type;
       fastcgi_param CONTENT_LENGTH $content_length;
       fastcgi_pass_header Authorization;
       fastcgi_intercept_errors off;

       fastcgi_param HTTPS $https;
    }
}

}

Related questions

Where can I find the error logs of nginx, using FastCGI and Django?

I'm using Django with FastCGI + nginx. Where are the logs (errors) stored in this case?

Read More
Apache or Nginx to serve Django applications?

I want to deploy a Django web application, and hence I need to choose a web server to serve the Python files. I should mention that my production site will be on a single server, which will host the database …

Read More
How to gracefully restart django running fcgi behind nginx?

I'm running a django instance behind nginx connected using fcgi (by using the manage.py runfcgi command). Since the code is loaded into memory I can't reload new code without killing and restarting the django fcgi processes, thus interrupting the …

Read More