Hello, I recently changed one of my subdomains of my ssl certificate and created a new one. In the old situation all the domains worked. In the new situation, hub.perfotec.com (which is the new one) gives the following error:
ERROR 2024-03-14 10:27:52,433 exception Invalid HTTP_HOST header: ‘hub.perfotec.com’. You may need to add ‘hub.perfotec.com’ to ALLOWED_HOSTS.
Traceback (most recent call last):
File “/usr/local/lib/python3.8/site-packages/django/core/handlers/exception.py”, line 56, in inner
response = get_response(request)
File “/usr/local/lib/python3.8/site-packages/django/utils/deprecation.py”, line 135, in call
response = self.process_request(request)
File “/usr/local/lib/python3.8/site-packages/django/middleware/common.py”, line 48, in process_request
host = request.get_host()
File “/usr/local/lib/python3.8/site-packages/django/http/request.py”, line 152, in get_host
raise DisallowedHost(msg)
django.core.exceptions.DisallowedHost: Invalid HTTP_HOST header: ‘hub.perfotec.com’. You may need to add ‘hub.perfotec.com’ to ALLOWED_HOSTS.
WARNING 2024-03-14 10:27:52,434 log Bad Request: /
ERROR 2024-03-14 10:27:52,559 exception Invalid HTTP_HOST header: ‘hub.perfotec.com’. You may need to add ‘hub.perfotec.com’ to ALLOWED_HOSTS.
Traceback (most recent call last):
File “/usr/local/lib/python3.8/site-packages/django/core/handlers/exception.py”, line 56, in inner
response = get_response(request)
File “/usr/local/lib/python3.8/site-packages/django/utils/deprecation.py”, line 135, in call
response = self.process_request(request)
File “/usr/local/lib/python3.8/site-packages/django/middleware/common.py”, line 48, in process_request
host = request.get_host()
File “/usr/local/lib/python3.8/site-packages/django/http/request.py”, line 152, in get_host
raise DisallowedHost(msg)
django.core.exceptions.DisallowedHost: Invalid HTTP_HOST header: ‘hub.perfotec.com’. You may need to add ‘hub.perfotec.com’ to ALLOWED_HOSTS.
All the other domains are still working. These domains are also not in the ALLOWED_HOSTS. The server name in the nginx config is amap.perfotec.com and not changed in the new situation. Some other domains like clmsv2.perfotec.com are still working with this config.
Does anyone know the reasen for this error and how to solve it?
The specific and direct reason is that requests are being passed to Django with the hosts header set to “hub.perfotec.com”.
To try and answer “why”, we’d need more information. We could start with knowing how you are running your Django project, what your nginx configuration is that is forwarding the requests to Django, and what your current ALLOWED_HOSTS setting is.
To solve it, the first idea would be to add “hub.perfotec.com” to your ALLOWED_HOSTS setting.
I’m running my django project in docker contrainer on a Ubuntu server;
This is my Allowed hosts:
ALLOWED_HOSTS = os.environ.get(“DJANGO_ALLOWED_HOSTS”).split(" ")
this is my ngix config:
upstream clmsv2 {
server web:8000;
}
server {
listen 80;
server_name amap.perfotec.com;
location / {
return 301 https://$host$request_uri;
}
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
}
server {
listen 443 ssl;
server_name amap.perfotec.com;
location / {
proxy_pass http://clmsv2;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_redirect off;
client_max_body_size 1000M;
proxy_read_timeout 10800s;
proxy_connect_timeout 10800s;
}
location /static/ {
alias /usr/src/app/staticfiles/;
}
location /media/ {
alias /usr/src/app/mediafiles/;
client_max_body_size 1000M;
}
#subdomain gets -0001 suffix
ssl_certificate /etc/letsencrypt/live/amap.perfotec.com-0002/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/amap.perfotec.com-0002/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}
But how are you running it? Gunicorn? uWSGI? Something else?
Side note: This doesn’t answer the question. It shows where the value is coming from to populate that setting, but does not show what the setting is.
Side note 2: As it turns out, neither of those questions appear to be particularly critical at this time.
In your configuration you have:
This means that nginx is going to take the Host header as supplied by the browser, and pass that through to Django. In the case of a typical http request by a browser, that header will come from the url specified in the address bar, for example in this case, https://hub.perfotec.com/...
So yes, the answer here is to add "hub.perfotec.com" to your ALLOWED_HOSTS setting.
I’m running uWSGI.
Maybe a stupid question: where can I find my ALLOWED_HOSTS setting on the server?
I didn’t create this part of the app by myself
this is the hosts I can find on my PC but does not contain the working URL’s and is not used in my version control.
DJANGO_ALLOWED_HOSTS=localhost 127.0.0.1 192.168.20.106 146.185.129.161 [::1]
You’re looking for a setting for “DJANGO_ALLOWED_HOSTS” defined (possibly) in any of the Dockerfile, docker-compose.yaml file, in the docker build file, in the docker run command, set in the environment for the user account under which the container is run, in the process manager being used, in the command line that the docker run command uses, or possibly somewhere else as well. (There are many different places in which an environment can be set.) It all depends upon how the images are built and the containers are run.
It’s a little easier if you were running uWSGI directly - using docker greatly multiplies the number of places where an environment variable can be set.
I found the a .env file which contains the ALLOWED_HOSTS:
This contains the working url’s such as amap.perfotec.com but also the old url maphub.perfotec.com.
I changed maphub to hub and saved the file but when I restart the server, it is changed back to maphub.
Any idea how I can ensure hub.perfotec.com stays in the file after restart?
I can’t answer that. That’s something needing to be addressed in how you’re creating those containers.
I found a variable file in the gitlab CI/CD which includes maphub. I changed that to hub and it is working now.
Thank for your help!