bhgrant8
commented
6 years ago There are a few things that could be causing this, that don't want to be too quick to experiment without looking at full repercussions.
Here is the Django 2.0 reference on SSL/HTTPS support:
https://docs.djangoproject.com/en/2.0/topics/security/#ssl-https
It seems there may be some extra configuration, if https is not being returned, specifically, this value that would be set in the settings.py:
https://docs.djangoproject.com/en/2.0/ref/settings/#std:setting-SECURE_PROXY_SSL_HEADER
Though there are some very big caveats, before using.
But this does seem to be a similar issue that was related here:
https://github.com/marcgibbons/django-rest-swagger/issues/363
We may have to look at any related settings in gunicorn as well, as they mention:
We will also need to pass the header from apache or nginx. I am using nginx and have the following line in my site nginx config.
- going to note here that a further step could be looking at whitenoise, if it affects https at all
Now that #170 has been implemented, all ECS services can answer at both http:// and https:// URLs.
However, we know that some of the APIs are sending out response data that include hard-coded http:// paths - making it hard for us to migrate immediately to all-https.
Examples were noted in PR 53, but many others throughout the APIs are likely lurking.