[PYTHON] Domain registration and HTTPS conversion of Django application created with CodeStar with Route53
Create Django apps with CodeStar
Create a Django app by referring to this article. https://qiita.com/SatoshiGachiFujimoto/items/404e45796ac4e0d7bf81
Domain registration
Open Route 53 from the AWS Console.
Click "Register Domain" to register.
Enter the domain name and add it to the cart.
Enter your contact information. You will receive an email confirming your email address, so approve it.
I accept the terms and enablement of automatic domain renewal.
Domain registration is complete.
This time it was completed in about 20 minutes.
Associate this domain with EC2 of your Django application created with CodeStar. EC2 has an Elastic IP associated with it.
Select the domain name from the hosted zone and click Create Recordset. Enter the following and click Create. --Name: www --Type: IPv4 address --Value: Enter the Elastic IP associated with EC2
If you can access the Django app with your registered domain, you're done.
HTTPS conversion
Convert your Django app created with CodeStar to HTTPS.
SSH to EC2 with PuTTY. Install the django-sslserver library. Add it to Django's requirements / common.txt as well.
$ sudo su
$ source /home/ec2-user/environment/bin/activate
$ pip install django-sslserver
Edit ec2django / settings.py.
$ cd ec2django/
$ vi settings.py
I will add the following.
INSTALLED_APPS = [
...
'sslserver',
]
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
SECURE_SSL_REDIRECT = True
SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True
I will make a certificate.
$ openssl genrsa 2048 > server.key
$ openssl req -new -key server.key > server.csr
$ openssl x509 -days 3650 -req -signkey server.key < server.csr > server.crt
Edit supervisor.sonf.
command = /home/ec2-user/environment/bin/gunicorn -b 0.0.0.0:443 ec2django.wsgi --keyfile server.key --certfile server.crt
Add HTTPS to your EC2 security group inbound rules.
After rebooting, you should see the Django app with your oleore certificate.
It seems good to replace the server.key and server.crt of the oleore certificate with the ones created by Let's Encrypt. Install certbot and run certbot-auto to get the certificate.
-Let's Encrypt certificate to https -What to do if you get a cryptography error when renewing a certificate with Lets Encrypt
However, I got various errors, so I made a trial and error. ..
-Get Let's Encrypt server certificate on Amazon Linux on AWS EC2
$ wget https://dl.eff.org/certbot-auto
$ chmod +x certbot-auto
$ ./certbot-auto --debug -v
-Renew Let ’s Encrypt Certificate (EC2)
$ sudo /opt/eff.org/certbot/venv/bin/pip install cryptography
$ sudo /opt/eff.org/certbot/venv/bin/pip install interface
$ sudo /opt/eff.org/certbot/venv/bin/pip install zope
$ sudo /opt/eff.org/certbot/venv/bin/pip install parsedatetime==2.5
Sorry for the low reproducibility of the article. By trial and error, certbot-auto can now be run. When I run certbot-auto, I need to set the Django static file location so that the certificate authority can read the certificate file.
HTTPS server running Djnago with letsencrypt
I wasn't sure, so I put only apache (httpd) and ran certbot-auto to get the certificate.
Create a Django WEB server on AWS (Amazon Linux 2, HTTPS)
sudo yum -y install httpd24
I got an error that depends on httpd 2.2 series. .. I managed to install it by uninstalling it.
Add it under Listen 80 in /etc/httpd/conf/httpd.conf.
sudo vi /etc/httpd/conf/httpd.conf
<VirtualHost *:80>
DocumentRoot "/var/www/html"
ServerName "{domain name}"
ServerAlias "www. {domain name}"
</VirtualHost>
Start apache.
sudo service httpd start
Run ./certbot-auto, replace the resulting .crt and .key, restart the Django app and you're done.
$ sudo cp /etc/letsencrypt/live/www.domainname/fullchain.pem /home/ec2-user/server.crt
$ sudo cp /etc/letsencrypt/live/www.domainname/privkey.pem /home/ec2-user/server.key
$ service helloworld restart
Thank you for your hard work. Also, when I do it from the beginning, I want to put it together neatly.
Recommended Posts