Hello,
This is my very first post here, I did not know which category is the good one. I hope I am not so wrong.
I develop a Django application with a keycloack auth service. Both applications are behind a Traefik service which manage certificate. As such, I can develop with a local domain with https.
But at the time I develop, local domain certificate is blocked (unable to get local issuer certificate).
I tried several strategies:
create my own certificate with mkcert (but this is the same result as before)
add the certificate in the django docker image (update-ca-certificates, find which files contain the certificate for Python)
runsslserver extension
I have no succeed. My last try will be to use http only for development. Do you have any tips to find a solution and still work in https in development? Of course, for production env, I wonât get this issue as the certificate will be an official one.
Iâm not sure I understand what youâre needing to do here.
What is it that you are doing that requires Django to serve as your ssl endpoint?
As a general rule, I always recommend that you use something like nginx or haproxy as the web server for an application, and allow it to be your ssl endpoint.
How are you planning to run your application in production? (Hopefully using something like uwsgi or gunicorn and notrunserver.)
Anyway, to directly answer your question, you can either create your own certificate chain and import it into your browser. Or, you can get a free certificate from LetsEncrypt if you have sufficient authorization on a domain.
Thanks. I will deploy django in a docker image using gunicorn. Traefik is a proxy that manage Letâs encrypt certificate automaticly.
The issue is not browser side, but server side as Django need to confirm the keycloak token, it requests the keycloak service (using https). So I get the issue when django try to connect to keycloak.
One of my strategy was to create my own certificate, but I should import the certificate somewhere (where? How?) server side in order to my Python script accept (Python script could be as simple as resp = requests.get(âhttps://myurlâ).)
I know that I can tell the requests command not to verify certificate, but I donât know how to do this in a django app. I confirm that I want this settings only on my development env, not in integration and production where a valid ceritiface will be deployed.
Is it âDjangoâ trying to connect to something? Or is it a view (or management command) that you have written trying to do this using requests?
If itâs your code using requests, then see the requests docs for SSL Cert Verification for your options. (You can either supply your own certificate or you can tell requests to not validate the certificate.)
This is a django plugin (allauth). So I canât change anything there. I read this page but if there is no environment variable this is not useful in my use case I think I read something using requests.Session. I will try this.
I think I read something using requests.Session. I will try this.