Deploy Django to DreamCompute on Ubuntu with Apache – Part 5

Written by and posted on Jun 7, 2019

Django, Ubuntu, and Apache logos side by side.

In the final part of this tutorial, we will talk about how to set up a secure HTTPS connection for our Django project on Apache as well as install a free SSL certificate provided by Let’s Encrypt.


Generating The SSL Certificate

Installing Certbot

To generate our certificate, we’re going to need Certbot. Boot up PuTTY and log into the system’s Shell and run the following commands to install Certbot.

[email protected]_name:~$ sudo wget https://dl.eff.org/certbot-auto -O /usr/sbin/certbot-auto
[email protected]_name:~$ sudo chmod a+x /usr/sbin/certbot-auto

That’s it! Certbot is now on our system.

Generating The Certificate

With Certbot now installed, we can proceed to generate our certificate.

First, we’d need to shut down Apache momentarily to generate our certificate. Since Certbot runs off of port 80, we’d want to make sure there are no conflicts. To shut down Apache use the following command:

[email protected]_name:~$ sudo service apache2 stop

Once down, run the following command to begin generating our certificate:

[email protected]_name:~$ sudo certbot-auto certonly --standalone -d domain.com -d www.domain.com

Replace domain.com and www.domain.com with your domain.

You’ll be prompted to answer a few questions and enter your email. After you’ve completed this step, your SSL certificate will be generated.

Your SSL certificate can be found at the following path:

/etc/letsencrypt/live/domain.com

You’ll notice four files got created.

  • cert.pem
  • chain.pem
  • fullchain.pm
  • Privkey.pm

Configuring The VirtualHost

Back in Part 4 of this tutorial, Deploy Django to DreamCompute on Ubuntu with Apache – Part 4, we’ve edited a file called 000-default.conf to set up our VirtualHost for our Django project to run on HTTP port 80. This time around we’re going to do the following:

  • Redirect all traffic coming in through our HTTP version of the site to HTTPS
  • Set up our HTTPS connection with our SSL certificate

To do that, edit the 000-default.conf file by running:

/etc/letsencrypt/live/domain.com

Delete everything within the file and use the new template below:

<VirtualHost *:80>
    ServerName domain.com
    ServerAdmin [email protected]

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

   RewriteEngine On
   RewriteCond %{SERVER_PORT} !^443$
   RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]
</VirtualHost>

<VirtualHost *:443>
    SSLEngine on
    SSLCertificateFile /etc/letsencrypt/live/domain.com/cert.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/domain.com/privkey.pem
    SSLCertificateChainFile /etc/letsencrypt/live/domain.com/chain.pem

    Alias /assets /home/ubuntu/domain.com/public/assets
   <Directory /home/ubuntu/domain.com/public/assets>
       Require all granted
   </Directory>

   <Directory /home/ubuntu/domain.com/projectname/projectname>
       <Files wsgi.py>
           Require all granted
       </Files>
   </Directory>

   WSGIDaemonProcess projectname python-path=/home/ubuntu/domain.com/projectname python-home=/home/ubuntu/domain.com/env
   WSGIProcessGroup projectname
   WSGIScriptAlias / /home/ubuntu/domain.com/projectname/projectname/wsgi.py
</VirtualHost>

Press Ctrl + X, Y, then Enter to save.

You’ll notice we’ve moved around a few things and added a new VirtualHost rule for port 443 for our HTTPS connection.

Before we can turn Apache back on, there are two things we have to enabled to have Apache running without errors. That is Apache’s SSL mod and the Rewrite mod. To do that run the following:

[email protected]_name:~$ sudo a2enmod ssl
[email protected]_name:~$ sudo a2enmod rewrite

That’s it; both mods are installed. All we have left to do is start our Apache server again by running:

[email protected]_name:~$ sudo service apache2 start

If you load up your website using HTTP, it should now redirect to the HTTPS version.

Auto Renewing The Certificate

With our SSL certificate now installed and our HTTPS connection currently working, the last thing we’d want to set up is a way for the SSL certificates to auto-renew because Let’s Encrypt certificates are only valid for 90 days.

To renew our certificate, we’ll be leveraging cron jobs. To edit our cron jobs run the following:

[email protected]_name:~$ crontab -e

Note: If this is your first time running the above command, you may be prompt to choose a way to open the file.

Once you are in the file, navigate to the bottom and enter the following:

0 0,12 * * * sudo /usr/sbin/certbot-auto -q renew

Press Ctrl + X,Y, then Enter to save.

Note: The above will make Certbot run at noon and midnight every day.

That’s it!

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

About Me

Person standing with coffee mug with dog by his leg

My name is Tony, and I am an Experience Designer. I love creating games, websites, and interactive experiences. Best of all, I love to teach and provide others the tool they need to ignite their passion.

More About Me