I am creating a Django application which will need SSL on all user-facing pages. On other projects where SSL was needed I have encounter complications when serving media files from the different virtual host on a single server. For example the page is: https://www.mysite.com but it is referencing http://media.mysite.com/css/screen.css, and also the browser subsequently shows security alerts towards the user.

My understanding is the fact that it's Django best practice to help keep static files on a minimum of their very own virtual host, which -- so far as I understand -- takes a subdomain like media.blahblah.com.

Clearly there's lots of Django applications on SSL, and so i should be missing something. Any suggestions about how this really is handled?

The overall response is that you will need to alter the URL you are using to reference your static files to 1 that utilizes HTTPS. Utilizing a relative path (/static/css/screen.css) rather than a complete URL (http://...) makes your media instantly switch from HTTP to HTTPS with respect to the mentioning page, but does pressure your hands when attempting for everyone based on guidelines referred to below.

If you are using Django 1.3 with contrib.staticfiles, it appears that you'd simply need to alter the STATIC_URL setting. Otherwise, you will need to update the pathways by hand (or nevertheless, you are indicating your static assets).

Guidelines for static media like CSS and JavaScript do dictate that you ought to serve them from the webserver (not only virtualhost) not the same as the main one serving your Django pages. The idea there's which you can use a minimal-footprint webserver for everyone individuals simple files very rapidly. Should you serve them in the same webserver that's running your Django site, then probably numerous extra modules are now being loaded although not employed for the demands where you are just serving a static file.

As you have for everyone guaranteed static files, you've got a handful of options:

  1. You'll either want to get another (or wildcard) SSL certificate for the static files webserver.
    • Disadvantage: expense for that certificate
    • Disadvantage: you will need to specify another domain (rather than the relative pathways referred to within the first paragraph) for everyone your static files from.
  2. Setup SSL on the reverse proxy that handles all the demands for the site. You are still serving your static files and Django pages from separate webservers, however the proxy knows which for connecting to in line with the URL or path (ex: proxy "/static" in the static webserver, everything else in the Django webserver).
    • Professional: Does permit you to use relative pathways for your media.
    • Disadvantage: Extra systems configuration.