Добавление HTTPS в приложение django на VM (Windows OS) на уровне производства
Мы разрабатываем react native app с django в качестве бэкенда. Мы развернули django на VM (которую мы купили, она имеет Window OS) и там git вытащил и запустил django сервер просто uvicorn backend.asgi:application --host 0.0.0.0 --port 8000, мы хотим добавить https в нем, как мы можем сделать это? У нас нет домена только публичный IP адрес, пожалуйста, ответьте, если у вас есть полезная информация
For uvicorn,
To run uvicorn with https, a certificate and a private key are required. The recommended way to get them is using Let's Encrypt.
For local development with https, it's possible to use mkcert to generate a valid certificate and private key.$ uvicorn main:app --port 5000 --ssl-keyfile=./key.pem --ssl-certfile=./cert.pem
For django,
If you want the protection that HTTPS provides, and have enabled it on your server, there are some additional steps you may need:
If necessary, set SECURE_PROXY_SSL_HEADER, ensuring that you have understood the warnings there thoroughly. Failure to do this can result in CSRF vulnerabilities, and failure to do it correctly can also be dangerous!
Set SECURE_SSL_REDIRECT to True, so that requests over HTTP are redirected to HTTPS.
Please note the caveats under SECURE_PROXY_SSL_HEADER. For the case of a reverse proxy, it may be easier or more secure to configure the main web server to do the redirect to HTTPS.
Use ‘secure’ cookies.
If a browser connects initially via HTTP, which is the default for most browsers, it is possible for existing cookies to be leaked. For this reason, you should set your SESSION_COOKIE_SECURE and CSRF_COOKIE_SECURE settings to True. This instructs the browser to only send these cookies over HTTPS connections. Note that this will mean that sessions will not work over HTTP, and the CSRF protection will prevent any POST data being accepted over HTTP (which will be fine if you are redirecting all HTTP traffic to HTTPS).
Use HTTP Strict Transport Security (HSTS)
HSTS is an HTTP header that informs a browser that all future connections to a particular site should always use HTTPS. Combined with redirecting requests over HTTP to HTTPS, this will ensure that connections always enjoy the added security of SSL provided one successful connection has occurred. HSTS may either be configured with SECURE_HSTS_SECONDS, SECURE_HSTS_INCLUDE_SUBDOMAINS, and SECURE_HSTS_PRELOAD, or on the web server.