[PYTHON] Django Project HTTPS Server Settings: Let's Encrypt

background

I'm working on a second Django project. This time, using Django REST framework, new things such as back-and-back, completely separate implementation of front end, and https communication by ssl are possible. We are proceeding while taking on challenges.

This time, information was already shared by various people on the net,

  1. There is no way to configure it in the Django project
  2. It seems that it is quite easy to set these days, but there is no text about it For that reason, I'm posting about an HTTPS server configuration with a free certificate called Let's Encrypt.

conditions

First, in this setting, the following conditions must be met.

  1. Domain has been obtained from Provider (eg [AWS Route53](https://console.aws.amazon.com/route53/home#DomainRegistration :), Muumu Domain .com /) etc)
  2. The site configuration file is already set in Apache2

Specific method

Step 1. Install Lets encrypt

Regarding this, the offical page of Lets encrypt recommended using software called Certbot, but if you look it up, you can easily do it without doing it. It seems.

$ cd /usr/local
$ sudo git clone https://github.com/letsencrypt/letsencrypt

Step 2. Before creating the SSL certificate

In the reference text, I made it with the create command immediately after installing it above, but it didn't work. Actually, the following settings are required before that.

Step 2.1 Setting up a domain with www on your DNS server

I don't think the domain I bought from the provider has www, but I need to add it as an A record on the DNS server. An error will occur if the domain does not have www in the certificate creation phase of Lets Encrypt.

Domain: example.com
Additional part
Name: www.example.com
Type: A record
Value:Server ip address

Of course, don't forget to add the following items to the apache site configuration file.

ServerAlias www.example.com

Step 2.2 comment out mod_wsgi setting line

This part is limited to the Django project. You will need a software called mod_wsgi to deploy the Django project to apache2. As a matter of fact, after installing mod_wsgi, you will add the following items to the configuration file.

WSGIDaemonProcess django_wsgi pythonpath=/var/www/myproject:/usr/local/lib/python2.7/dist-packages	
WSGIProcessGroup django_wsgi
WSGIScriptAlias / /var/www/myproject/myproject/wsgi.py

Lets Encrypt will automatically create an ssl-compatible site prescriptive file after creating a certificate by referring to the existing configuration file, but if you do not comment out the above part, the following error will occur. I will.

Name duplicates previous WSGI daemon definition

Therefore, you can comment out the upper part first, create a certificate, set it, and then remove the comment out in the ssl-enabled site prescriptive file.

Step 3. Creating a certificate with Let's Encrypt

It's finally in the creation phase, but you can easily create it just by executing the following command. Moreover, the configuration file in apache is also created automatically.

cd letsencrypt/
sudo ./letsencrypt-auto --apache -d example.com -d www.example.com

Step 4. Don't forget to enable the mod_wsgi configuration line

For the Django project, you need to enable the mod_wsgi config line in the created apache config file.

Finally

You can now use the free ssl certificate for https communication. Last but not least, the expiration date of the certificate. The above method is valid for 3 months, so you need to renewal before it expires. There is a lot of information shared by other people about this, so I think you should refer to that.

Description about expiration date when created

   Your cert will expire on 2017-12-04. To obtain a new or tweaked
   version of this certificate in the future, simply run
   letsencrypt-auto again with the "certonly" option. To
   non-interactively renew *all* of your certificates, run
   "letsencrypt-auto renew"

Reference text

Setting up SSL on a Django App with Let's Encrypt - Ubuntu, Apache, and mod_wsgi

Recommended Posts

Django Project HTTPS Server Settings: Let's Encrypt
HTTPS with Django and Let's Encrypt
django default settings
Django Project Baseline
Django + MySQL settings
Django URL settings
Django project environment construction
Django --start project without start project
[Django] Rename the project
Django command completion settings
Start a Django project
Make HTTPS for free with Amazon Linux2 + Freenom + Let's Encrypt