Hello,
This is my very first post here, I did not know which category is the good one. I hope I am not so wrong.
I develop a Django application with a keycloack auth service. Both applications are behind a Traefik service which manage certificate. As such, I can develop with a local domain with https.
But at the time I develop, local domain certificate is blocked (unable to get local issuer certificate).
I tried several strategies:
create my own certificate with mkcert (but this is the same result as before)
add the certificate in the django docker image (update-ca-certificates, find which files contain the certificate for Python)
runsslserver extension
I have no succeed. My last try will be to use http only for development. Do you have any tips to find a solution and still work in https in development? Of course, for production env, I won’t get this issue as the certificate will be an official one.
I’m not sure I understand what you’re needing to do here.
What is it that you are doing that requires Django to serve as your ssl endpoint?
As a general rule, I always recommend that you use something like nginx or haproxy as the web server for an application, and allow it to be your ssl endpoint.
How are you planning to run your application in production? (Hopefully using something like uwsgi or gunicorn and notrunserver.)
Anyway, to directly answer your question, you can either create your own certificate chain and import it into your browser. Or, you can get a free certificate from LetsEncrypt if you have sufficient authorization on a domain.
Thanks. I will deploy django in a docker image using gunicorn. Traefik is a proxy that manage Let’s encrypt certificate automaticly.
The issue is not browser side, but server side as Django need to confirm the keycloak token, it requests the keycloak service (using https). So I get the issue when django try to connect to keycloak.
One of my strategy was to create my own certificate, but I should import the certificate somewhere (where? How?) server side in order to my Python script accept (Python script could be as simple as resp = requests.get(“https://myurl”).)
I know that I can tell the requests command not to verify certificate, but I don’t know how to do this in a django app. I confirm that I want this settings only on my development env, not in integration and production where a valid ceritiface will be deployed.
Is it “Django” trying to connect to something? Or is it a view (or management command) that you have written trying to do this using requests?
If it’s your code using requests, then see the requests docs for SSL Cert Verification for your options. (You can either supply your own certificate or you can tell requests to not validate the certificate.)
This is a django plugin (allauth). So I can’t change anything there. I read this page but if there is no environment variable this is not useful in my use case I think I read something using requests.Session. I will try this.
I think I read something using requests.Session. I will try this.