search

unfoldingWord-dev / translationDatabaseWeb

https://td.unfoldingword.org
8 stars 7 forks source link

Enable SECURE_SSL_REDIRECT if env var is present #782

Closed jacobwegner closed 2 years ago

jacobwegner commented 2 years ago

Adding SECURE_SSL_REDIRECT=1 to the application environment will enable Django's Secure SSL Redirect feature:

https://docs.djangoproject.com/en/1.8/topics/security/#ssl-https

Requires django.middleware.security.SecurityMiddleware to be enabled.

jacobwegner commented 2 years ago

Verified:


curl -IvL http://td.unfoldingword.org/
*   Trying 52.20.78.240...
* TCP_NODELAY set
* Connected to td.unfoldingword.org (52.20.78.240) port 80 (#0)
> HEAD / HTTP/1.1
> Host: td.unfoldingword.org
> User-Agent: curl/7.64.1
> Accept: */*
>
< HTTP/1.1 301 Moved Permanently
HTTP/1.1 301 Moved Permanently
< Connection: keep-alive
Connection: keep-alive
< Server: gunicorn/19.9.0
Server: gunicorn/19.9.0
< Date: Fri, 15 Oct 2021 14:37:00 GMT
Date: Fri, 15 Oct 2021 14:37:00 GMT
< Vary: Origin
Vary: Origin
< Location: https://td.unfoldingword.org/
Location: https://td.unfoldingword.org/
< Content-Type: text/html; charset=utf-8
Content-Type: text/html; charset=utf-8
< X-Frame-Options: SAMEORIGIN
X-Frame-Options: SAMEORIGIN
< Via: 1.1 vegur
Via: 1.1 vegur

<
* Connection #0 to host td.unfoldingword.org left intact
* Issue another request to this URL: 'https://td.unfoldingword.org/'
*   Trying 52.20.78.240...
* TCP_NODELAY set
* Connected to td.unfoldingword.org (52.20.78.240) port 443 (#1)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/cert.pem
  CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server did not agree to a protocol
* Server certificate:
*  subject: CN=td.unfoldingword.org
*  start date: Oct 15 00:00:00 2021 GMT
*  expire date: Nov 15 23:59:59 2022 GMT
*  subjectAltName: host "td.unfoldingword.org" matched cert's "td.unfoldingword.org"
*  issuer: C=GB; ST=Greater Manchester; L=Salford; O=Sectigo Limited; CN=Sectigo RSA Domain Validation Secure Server CA
*  SSL certificate verify ok.
> HEAD / HTTP/1.1
> Host: td.unfoldingword.org
> User-Agent: curl/7.64.1
> Accept: */*
>
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
< Connection: keep-alive
Connection: keep-alive
< Server: gunicorn/19.9.0
Server: gunicorn/19.9.0
< Date: Fri, 15 Oct 2021 14:37:01 GMT
Date: Fri, 15 Oct 2021 14:37:01 GMT
< Vary: Cookie, Origin
Vary: Cookie, Origin
< Content-Type: text/html; charset=utf-8
Content-Type: text/html; charset=utf-8
< X-Frame-Options: SAMEORIGIN
X-Frame-Options: SAMEORIGIN
< Set-Cookie: csrftoken=ppnK0ffblPmtS3c64HSbOfwUcQJBflhE; expires=Fri, 14-Oct-2022 14:37:01 GMT; Max-Age=31449600; Path=/
Set-Cookie: csrftoken=ppnK0ffblPmtS3c64HSbOfwUcQJBflhE; expires=Fri, 14-Oct-2022 14:37:01 GMT; Max-Age=31449600; Path=/
< Via: 1.1 vegur
Via: 1.1 vegur

<
* Connection #1 to host td.unfoldingword.org left intact
* Closing connection 1
* Closing connection 0
* ```