Https during development

I’m looking to test integrating some services which require https. Are there any guides to help with using a self signed certificates on localhost for django and nginx?

I’m having trouble finding tutorials that work, even just for django. I’ve got a feeling there’s some implied steps that I haven’t worked out.

Some methods I’ve tried include:

pip install werkzeug
pip install pyOpenSSL

python runserver_plus --cert-file cert.crt

Apparently when the browser shows the security warning you can accept the self signed certificate. However this isn’t working for me on Chromium and Firefox ESR. I don’t get https with the padlock.

I tried the code “thisisunsafe” on the Chromium browser tab which loads the page but still not with https.

Another method I tried with my productions settings in localhost:

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout ssl/mysite.key -out ssl/mysite.crt

Then updating the nginx.conf to listen on 443. I get the same browser warnings.

I’ve gone through some videos on youtube that require DNS port forwarding or that use a different setup with apache that I wasn’t able to fully translate to my setup.

I’m kind of confused with https during development. I’ve seen some comments where people say it’s not possible or that getting https working on the development site is more effort than it’s worth. But then there are other quick tutorials for self signed certificates which just aren’t working for me when I proceed with the insecure warning.

Lets Encrypt recommends using certbot with either automated or manual setup, both seem to require some validation that the site belongs to me, which it doesn’t I’m just using it as my localhost.

Are there any guides people know of to get self signed certificates working on django to test services like Facebook authentication?.Thanks

I’m not quite following what you’re trying to do / test here.

I can say that I have never deployed a Django app where Django is in any way a part of the SSL layer.

Our standard architecture is currently either:

[browser] <---> [nginx] <---> [uwsgi] <---> [Django app]
or (in a small number of cases)
[browser] <---> [haproxy] <---> [nginx] <---> [uwsgi] <---> [Django app]

In the first case, it’s nginx that serves as the SSL termination point; haproxy in the second. (I think at one point I did some experimentation of terminating SSL in uwsgi, but that was years ago and I don’t remember any of the specifics.)

In any case, the SSL layer is transparent / not-visible to Django.

(Side note: Yes, LetsEncrypt requires you have sufficient access to the domain for which you are requesting a certificate before it will issue you one that the browsers are going to recognize. However, as long as you have sufficient access to that host, you can create multiple certificates to be used on different hosts - as long as the private keys are present on both.)

It has been a while since I’ve needed to use a self-signed cert - I know that browsers are getting more strict about that, and it’s a particular problem on Android apps.

I’m trying to add a valid OAuth redirect URL to facebook, twitter and google developer sites.

For exampe:

I know there are some developer sites which don’t require https for the redirect URL. I was able to do test stripe payments with http://localhost:8000/success/ as the redirect URL. But what do I do for sites that do require a https redirect.

I was able to use Werkzeug (via runserver_plus) and an https connection using a Werkzeug-created cert and key files.
The command I used was:
./ runserver_plus --key-file selftest-key --cert-file selftest-cert localhost:8443

This is without creating keys myself - allowing Werkzeug to create its own keys.

I can then connect to localhost using https, with the appropriate warning message.