Trouble getting SSL to work with django + nginx + wsgi

I've followed a couple of examples for Django + nginx + wsgi + ssl, but I can't get them to work. I simply get an error in my browser than I can't connect.

I'm running two websites off the host. The config files are identical except for the ip addresses, server names, and directories.

When neither use SSL, they work fine. When I try to listen on 443 with one of them, I can't connect to either.

My config files are below, and any suggestions would be appreciated.

server{
listen xxx.xxx.xxx.xxx:80;
server_name sub.domain.com;

access_log /home/django/logs/nginx_customerdb_http_access.log;
error_log /home/django/logs/nginx_customerdb_http_error.log;

location / { 
    proxy_pass  http://127.0.0.1:8080; 
    proxy_redirect          off;
    proxy_set_header        Host            $host;
    proxy_set_header        X-Real-IP       $remote_addr;
    proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
    client_max_body_size    10m;
    client_body_buffer_size 128k;
    proxy_connect_timeout   90; 
    proxy_send_timeout      90; 
    proxy_read_timeout      90; 
    proxy_buffers           32 4k; 
}   

location /site_media/ {
    alias /home/django/customerdb_site_media/;
}   

location /admin-media/ {
    alias /home/django/django_admin_media/;
}   
}

server{
listen xxx.xxx.xxx.xxx:443;
server_name sub.domain.com;

access_log /home/django/logs/nginx_customerdb_http_access.log;
error_log /home/django/logs/nginx_customerdb_http_error.log;

ssl on; 
ssl_certificate sub.domain.com.crt;
ssl_certificate_key sub.domain.com.key;
ssl_prefer_server_ciphers   on; 


location / { 
    proxy_pass              http://127.0.0.1:8080; 
    proxy_redirect          off;
    proxy_set_header        Host            $host;
    proxy_set_header        X-Real-IP       $remote_addr;
    proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header        X-Forwarded-Protocol    https;
    client_max_body_size    10m;
    client_body_buffer_size 128k;
    proxy_connect_timeout   90;
    proxy_send_timeout      90;
    proxy_read_timeout      90;
    proxy_buffers           32 4k;
}

location /site_media/ {
    alias /home/django/customerdb_site_media/;
}

location /admin-media/ {
    alias /home/django/django_admin_media/;
}
}


<VirtualHost *:8080>
ServerName xxx.xxx.xxx.xxx
ServerAlias xxx.xxx.xxx.xxx

LogLevel warn
ErrorLog /home/django/logs/apache_customerdb_error.log
CustomLog /home/django/logs/apache_customerdb_access.log combined

WSGIScriptAlias / /home/django/customerdb/apache/django.wsgi
WSGIDaemonProcess customerdb_wsgi processes=4 threads=5
WSGIProcessGroup customerdb_wsgi

SetEnvIf X-Forwarded-Protocol "^https$" HTTPS=on

</VirtualHost>

UDPATE: the existence of two sites 开发者_运维知识库(on separate IPs) on the host is the issue. if i delete the other site, the setting above mostly work. doing so also brings up another issue: chrome doesn't accept the site as secure saying that some content is not encrypted.

[This should actually be a comment ...]

You should also set

proxy_set_header X-Forwarded-Protocol $scheme

To indicate to Django when connections are secure, otherwise your https links will get redirected to http, which is bad.

This will set http when it actually is http, and https when it's https.

I changed the server that listens on 80 to rewrite to https removed all the other directives.