[PYTHON] Domain registration and HTTPS conversion of Django application created with CodeStar with Route53

Create Django apps with CodeStar

Create a Django app by referring to this article. https://qiita.com/SatoshiGachiFujimoto/items/404e45796ac4e0d7bf81

Domain registration

Open Route 53 from the AWS Console.

Click "Register Domain" to register. image.png

Enter the domain name and add it to the cart. image.png

Enter your contact information. You will receive an email confirming your email address, so approve it. image.png

I accept the terms and enablement of automatic domain renewal. image.png

Domain registration is complete. image.png

This time it was completed in about 20 minutes. image.png

Associate this domain with EC2 of your Django application created with CodeStar. EC2 has an Elastic IP associated with it.

Select the domain name from the hosted zone and click Create Recordset. Enter the following and click Create. --Name: www --Type: IPv4 address --Value: Enter the Elastic IP associated with EC2

image.png

If you can access the Django app with your registered domain, you're done.

HTTPS conversion

Convert your Django app created with CodeStar to HTTPS.

SSH to EC2 with PuTTY. Install the django-sslserver library. Add it to Django's requirements / common.txt as well.

$ sudo su
$ source /home/ec2-user/environment/bin/activate
$ pip install django-sslserver

Edit ec2django / settings.py.

$ cd ec2django/
$ vi settings.py

I will add the following.

INSTALLED_APPS = [
  ...
    'sslserver',
]

SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
SECURE_SSL_REDIRECT = True
SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True

I will make a certificate.

$ openssl genrsa 2048 > server.key
$ openssl req -new -key server.key > server.csr
$ openssl x509 -days 3650 -req -signkey server.key < server.csr > server.crt

Edit supervisor.sonf.

command = /home/ec2-user/environment/bin/gunicorn -b 0.0.0.0:443 ec2django.wsgi --keyfile server.key --certfile server.crt

Add HTTPS to your EC2 security group inbound rules. image.png

After rebooting, you should see the Django app with your oleore certificate.

It seems good to replace the server.key and server.crt of the oleore certificate with the ones created by Let's Encrypt. Install certbot and run certbot-auto to get the certificate.

-Let's Encrypt certificate to https -What to do if you get a cryptography error when renewing a certificate with Lets Encrypt

However, I got various errors, so I made a trial and error. ..

-Get Let's Encrypt server certificate on Amazon Linux on AWS EC2

$ wget https://dl.eff.org/certbot-auto 
$ chmod +x certbot-auto 
$ ./certbot-auto --debug -v 

-Renew Let ’s Encrypt Certificate (EC2)

$ sudo /opt/eff.org/certbot/venv/bin/pip install cryptography
$ sudo /opt/eff.org/certbot/venv/bin/pip install interface
$ sudo /opt/eff.org/certbot/venv/bin/pip install zope
$ sudo /opt/eff.org/certbot/venv/bin/pip install parsedatetime==2.5

Sorry for the low reproducibility of the article. By trial and error, certbot-auto can now be run. When I run certbot-auto, I need to set the Django static file location so that the certificate authority can read the certificate file.

HTTPS server running Djnago with letsencrypt

I wasn't sure, so I put only apache (httpd) and ran certbot-auto to get the certificate.

Create a Django WEB server on AWS (Amazon Linux 2, HTTPS)

sudo yum -y install httpd24

I got an error that depends on httpd 2.2 series. .. I managed to install it by uninstalling it.

Add it under Listen 80 in /etc/httpd/conf/httpd.conf.

sudo vi /etc/httpd/conf/httpd.conf
<VirtualHost *:80>
    DocumentRoot "/var/www/html"
 ServerName "{domain name}"
 ServerAlias "www. {domain name}"
</VirtualHost>

Start apache.

sudo service httpd start

Run ./certbot-auto, replace the resulting .crt and .key, restart the Django app and you're done.

 $ sudo cp /etc/letsencrypt/live/www.domainname/fullchain.pem /home/ec2-user/server.crt
 $ sudo cp /etc/letsencrypt/live/www.domainname/privkey.pem /home/ec2-user/server.key
$ service helloworld restart

Thank you for your hard work. Also, when I do it from the beginning, I want to put it together neatly.

Recommended Posts

Domain registration and HTTPS conversion of Django application created with CodeStar with Route53
HTTPS with Django and Let's Encrypt
Do Django with CodeStar (Python3.6.8, Django2.2.9)
Do Django with CodeStar (Python3.8, Django2.1.15)
Web application creation with Django
To improve the reusability and maintainability of workflows created with Luigi
Test the application of migration files with Django + PostgreSQL (Evil Way)
Launched a web application on AWS with django and changed jobs