Related

DigitalOcean App Platform Product

You bring your web app in a

  • GitHub repo
  • App Platform handles deployments and builds
  • DNS, HTTPS, CDN, DDoS Mitigation, Vertical Scaling, Horizontal Scaling, and more.
 More Info
nginx not starting after password reset. Question Question
Nginx unable to server static and media images Question Question

Question

Getting 403 with www on domain and SSL certificate configuration

Posted July 5, 2020 3.5k views
NginxDjango

I set up django app following the next tutorial Django app

I configured all DNS records and it works fine.

I set up lets encrypt sertificate.

So, the problem is that certificate works fine on link with www.domain.net, but I get 403 forbidden. In the same time domain.net(without www) works fine, but it hasn’t SSL. How can I fix that?

Would be very grateful if somebody can help.
Thanks.

Add a comment
lavrikrom2
By:
lavrikrom2

Related

DigitalOcean App Platform Product

You bring your web app in a

  • GitHub repo
  • App Platform handles deployments and builds
  • DNS, HTTPS, CDN, DDoS Mitigation, Vertical Scaling, Horizontal Scaling, and more.
 More Info
nginx not starting after password reset. Question Question
Nginx unable to server static and media images Question Question

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
1 answer
bobbyiliev July 5, 2020

Hi there @lavrikrom2,

It sounds like that your SSL Nginx Server block is not correct.

Can you share the content of both your Nginx Server Blocks for port 80 and 443 here so that I could advise you further on what the problem could be?

The two files are stored at the following folder:

/etc/nginx/sites-enabled

Regards,
Bobby

Reply Report
  • lavrikrom2 July 5, 2020

    @bobbyiliev Thanks for your reply!

    First file:

    server {
    listen 80;
    listen [::]:80;

    server_name 167.71.12.224 www.lavrikroman.net lavrikroman.net;
    include /etc/nginx/snippets/letsencrypt-acme-challenge.conf;


    location = /favicon.ico { access_log off; log_not_found off; }
    location /static/ {
        root /home/roma/blog/backend/;
    }

    location / {
        include proxy_params;
        proxy_pass http://unix:/home/roma/gunicorn.sock;
    }
}

    Default file:

       server {
        server_name www.lavrikroman.net;   
        index index.html index.htm index.nginx-debian.html;

        location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                try_files $uri $uri/ /index.html;
        }

    #listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/www.lavrikroman.net/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/www.lavrikroman.net/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
    edited by MattIPv4
    Reply Report
    • bobbyiliev July 6, 2020

      Hi there @lavrikrom2,

      Yes, so it looks like that your Nginx server block for port 443 does not have your Django reverse proxy configured.

      What you need to do is update your Nginx server block for port 443 to:

      server {

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/www.lavrikroman.net/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/www.lavrikroman.net/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot


    server_name 167.71.12.224 www.lavrikroman.net lavrikroman.net;
    include /etc/nginx/snippets/letsencrypt-acme-challenge.conf;


    location = /favicon.ico { access_log off; log_not_found off; }
    location /static/ {
        root /home/roma/blog/backend/;
    }

    location / {
        include proxy_params;
        proxy_pass http://unix:/home/roma/gunicorn.sock;
    }
}

      After that run a quick Nginx config test:

      • sudo nginx -t

      If you get Syntax OK message, then go ahead and restart Nginx:

      • sudo systemctl restart nginx

      Hope that this helps!
      Regards,
      Bobby

      Reply Report

Related

Looking for something else?

Ask a new question Search for more help