How to run django local server over https
93
Introduction
Running a Django local server over HTTPS is a great way to develop web applications in a secure environment, ensuring that data transmitted between your browser and the server is encrypted. In this guide, we'll walk through the steps to set up a self-signed SSL certificate for your Django project and configure the local server to use HTTPS.
Please note that this approach is suitable for development purposes only. For production, you should obtain a valid SSL certificate from a trusted certificate authority.
Prerequisite
Before we start, ensure you have Django installed and your project set up.
LET'S BEGIN!!
Step 1 - Installink mkcert
First, we need to install mkcert on our local machine, checkout https://github.com/FiloSottile/mkcert for installation guide based on your platform (Windows, linux or mac)
Step 2 - Generate the certificate
We need to generate the certificate for our local host, go to your project folder (the folder where manage.py is) and run the command below
mkcert -cert-file cert.pem -key-file key.pem localhost 127.0.0.1
The certificate will be created in the folder. The certificate is at "cert.pem" and the key at "key.pem"
Step 3 - configure django
We would have to configure django to work with the certificates
pip install django-extensions Werkzeug pyOpenSSL
Open your settings file and add django_extensions to it
INSTALLED_APPS = [
# other installed apps
"django_extensions",
]
Step 3 - Run local server over https
Finally, we would run our development server over https
python manage.py runserver_plus --cert-file cert.pem --key-file key.pem
Open your browser and type the url
https://localhost:8000/ or https://127.0.0.1:8000/
Conclusion
While running a Django local server over HTTPS is beneficial for ensuring secure development and other reasons, it is crucial to bear in mind that this approach should not be implemented in a production environment.
Self-signed SSL certificates, as generated in this guide, are not validated by trusted certificate authorities, which can lead to security vulnerabilities. Therefore, for production,
it is recommended to obtain a valid SSL certificate from a trusted certificate authority to establish secure communication between clients and your server.