Welcome to Part 12 of our Django tutorial series, in this part we're going to be discussing how to enable SSL for HTTPS using Lets Encrypt on our nginx server. Doing this with Lets Encrypt is completely free.
Run:
sudo apt-get update
sudo apt-get upgrade
sudo apt-get install git
cd /home/django/django_project/
Next, we want to grab the Lets Encrypt files and set things up:
git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt
./letsencrypt-auto --help
Next, we're going to grab our certificate:
service nginx stop
./letsencrypt-auto certonly --standalone -d example.com
...replacing example.com with your website.
This will just give you the certificate, but it will not configure your server to actually use that certificate. Thus, next:
sudo nano /etc/nginx/sites-available/django
At the top, you want to comment out the two lines about listening on port 80, then add the following:
server { #listen 80 default_server; #listen [::]:80 default_server ipv6only=on; listen 443 ssl; server_name psyber.io; ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
Next, scroll down to the bottom of the file, and add another sever statement:
server { listen 80; server_name example.com; return 301 https://$host$request_uri; }
What this does for us is redirects all traffic to be HTTPS traffic. This is not necessary, but I have no idea why you would elect not to do this. In some cases, things like advertisements may not have a secure delivery option, thus breaking the ads on your page, so forcing HTTPS could mean you lose money. I do not find this to be a worthy reason to not force HTTPS, but you may consider that differently. Note that while your Google Adsense account may initially suffer for this reason, your Google organic search results will benefit from your website being a secure website.
Replacing example.com with your domain, save these changes, restart nginx: service nginx restart
Loading your domain now should yield you the green lock symbol and HTTPS.