added ssl config

autoblue_django/settings/prod.py

@@ -26,3 +26,12 @@
     },    
 }
 
+SESSION_COOKIE_SECURE = True
+CSRF_COOKIE_SECURE = True
+SECURE_SSL_REDIRECT = True
+
+SECURE_HSTS_SECONDS = 31536000  # 1 year
+SECURE_HSTS_PRELOAD = True
+SECURE_HSTS_INCLUDE_SUBDOMAINS = True
+
+SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')

nginx.conf

@@ -18,17 +18,29 @@ http {
     gzip on;
     gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
 
-    upstream autoblue {
-        server web:8000;
+    server {
+        listen 80;
+        server_name autoblue.yassinecodes.dev;
+
+        # Redirect all HTTP requests to HTTPS
+        return 301 https://$host$request_uri;
     }
 
     server {
         listen 80;
-        server_name autoblue.yassinecodes.dev www.autoblue.yassinecodes.dev;
+        server_name autoblue.yassinecodes.dev;
+
+        listen 443 ssl;
+        ssl_certificate /etc/letsencrypt/live/autoblue.yassinecodes.dev/fullchain.pem;
+        ssl_certificate_key /etc/letsencrypt/live/autoblue.yassinecodes.dev/privkey.pem;
+
+        # SSL settings
+        ssl_protocols TLSv1.2 TLSv1.3;
+        ssl_prefer_server_ciphers on;
 
         # Proxy pass to Django (Gunicorn)
         location / {
-            proxy_pass http://autoblue;
+            proxy_pass https://web;
             proxy_set_header Host $host;
             proxy_set_header X-Real-IP $remote_addr;
             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@@ -40,6 +52,11 @@ http {
             alias /staticfiles/;
         }
 
+        # Redirect www to non-www
+        # if ($host = www.autoblue.yassinecodes.dev) {
+        #     return 301 https://autoblue.yassinecodes.dev$request_uri;
+        # }
+
         # Security headers
         add_header X-Content-Type-Options "nosniff";
         add_header X-Frame-Options "DENY";