Outside of the various guides for implementing SSL using various combinations like Apache/Nginx/uWSGI/GNUnicorn etc., there are only a few other things I would watch out for:
Ensure that your server (or hosting provider) has been patched against the Heartbleed vulnerability (CVE-2014-0160) in the recent versions of OpenSSL (almost all providers use Linux for their hosts, and all of those probably rely on OpenSSL libraries to handle the TLS encryption). If you don't know what I'm talking about, you probably shouldn't be running your own server (i.e. a VPS), yet. Any halfway decent hosting provider is already well aware and has implemented the proper patches for you.
Make sure that your site is generating internal links correctly, i.e., generating relative links rather than absolute URL's. If you are consistent in using the {% url %} tag, and none of your href= attributes start with "http://", it should be a seamless transition. Same goes for JavaScript calls or references to CDN's, etc.
Also, if your site may/can use different domain names, make sure to list all possibilities either in the CN or SAN fields in your CSR when requesting the certificate. Note that example.com and www.example.com are different domains when it comes to SSL certificates. Stay away from wildcard domain certificates if possible (i.e. *.example.com), be explicit. If you use a separate subdomain for static content (recommended), even on the same server, include that as well.
Good luck!
-James
On Thu, Apr 24, 2014 at 6:25 AM, Venkatraman S <venkat83@gmail.com> wrote:
And I prefer being on nginx + uWSGI.On Thu, Apr 24, 2014 at 1:05 PM, Venkatraman S <venkat83@gmail.com> wrote:
Hi,Am an SSL newbie and am trying to understand various facets of moving a webapp to ssl. Are there any learnings that the group can share w.r.t moving a django site to ssl? Any pitfalls or things to be careful about. Or is it a totally independent activity with no side effects on the application design and deployment.Am referring to Philips's guide for now, but any other recommendations?Regards,Venkat--To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAN7tdFTq3Ly5YzgxaJCasSDc39T8eA3RUjMV2sNs-H-m01EfgQ%40mail.gmail.com.
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CA%2Be%2BciUuDW02ACPWR3cnaktJrc8Czpx6cruwaqEsMggVVfKkZg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
No comments:
Post a Comment