[GH-ISSUE #678] Support for HTTPS without reverse proxy #489

New issue

Closed

opened 2026-02-25 23:42:38 +03:00 by kerem · 6 comments

kerem commented 2026-02-25 23:42:38 +03:00

Owner

Copy link

Originally created by @stevenengland on GitHub (Jul 26, 2022).
Original GitHub issue: https://github.com/healthchecks/healthchecks/issues/678

Hi,

is there a recommended way to enable HTTPS without using a reverse proxy?

I fiddled around altering the uwsgi.ini like this:

#http-socket = :8000
https = :8000,cert.pem,cert-key.pem

But that won't finally start a server instance. I end up in a loop that is as follows:

[uWSGI] getting INI configuration from uwsgi.ini
[uwsgi-static] added mapping for /static => static-collected
*** Starting uWSGI 2.0.19.1 (64bit) on [Tue Jul 26 13:34:37 2022] ***
compiled with version: 10.3.1 20210424 on 05 April 2021 18:18:03
os: Linux-5.13.19-6-pve #1 SMP PVE 5.13.19-14 (Thu, 10 Mar 2022 16:24:52 +0100)
nodename: 7a8c062a0d19
machine: x86_64
clock source: unix
pcre jit disabled
detected number of CPU cores: 2
current working directory: /app/healthchecks
detected binary path: /usr/sbin/uwsgi
your processes number limit is 31157
your memory page size is 4096 bytes
detected max file descriptor number: 524288
building mime-types dictionary from file /etc/mime.types...1311 entry found
lock engine: pthread robust mutexes
thunder lock: disabled (you can enable it with --thunder-lock)

Python version: 3.9.5 (default, Nov 24 2021, 21:19:13)  [GCC 10.3.1 20210424]
Python main interpreter initialized at 0x7f1bedb67c00
python threads support enabled

your mercy for graceful operations on workers is 60 seconds

*** Operational MODE: no-workers ***
running "exec:/usr/bin/python3 ./manage.py collectstatic --noinput" (pre app)...
[uwsgi-daemons] spawning "/usr/bin/python3 ./manage.py sendalerts" (uid: 911 gid: 911)

0 static files copied to '/app/healthchecks/static-collected', 319 unmodified.
running "exec:/usr/bin/python3 ./manage.py compress" (pre app)...

SystemCheckError: System check identified some issues:

ERRORS:
?: (4_0.E001) As of Django 4.0, the values in the CSRF_TRUSTED_ORIGINS setting must start with a scheme (usually http:// or https://) but found . See the release notes for details.

CommandError: Compressor is disabled. Set the COMPRESS_ENABLED setting or use --force to override.
command "/usr/bin/python3 ./manage.py compress" exited with non-zero code: 1
Tue Jul 26 13:34:44 2022 - FATAL hook failed, destroying instance
SIGINT/SIGQUIT received...killing workers...
WSGI app 0 (mountpoint='') ready in 3 seconds on interpreter 0x7f1bedb67c00 pid: 555 (default app)
spawned uWSGI master process (pid: 555)
goodbye to uWSGI.

switching back from https to http-socket brings up the server again.
I am fairly new to the combination of uwsgi, django etc. so I am not sure where to start my HTTPS journey.

Thanks in advance!

Originally created by @stevenengland on GitHub (Jul 26, 2022). Original GitHub issue: https://github.com/healthchecks/healthchecks/issues/678 Hi, is there a recommended way to enable HTTPS without using a reverse proxy? I fiddled around altering the uwsgi.ini like this: ``` #http-socket = :8000 https = :8000,cert.pem,cert-key.pem ``` But that won't finally start a server instance. I end up in a loop that is as follows: ``` [uWSGI] getting INI configuration from uwsgi.ini [uwsgi-static] added mapping for /static => static-collected *** Starting uWSGI 2.0.19.1 (64bit) on [Tue Jul 26 13:34:37 2022] *** compiled with version: 10.3.1 20210424 on 05 April 2021 18:18:03 os: Linux-5.13.19-6-pve #1 SMP PVE 5.13.19-14 (Thu, 10 Mar 2022 16:24:52 +0100) nodename: 7a8c062a0d19 machine: x86_64 clock source: unix pcre jit disabled detected number of CPU cores: 2 current working directory: /app/healthchecks detected binary path: /usr/sbin/uwsgi your processes number limit is 31157 your memory page size is 4096 bytes detected max file descriptor number: 524288 building mime-types dictionary from file /etc/mime.types...1311 entry found lock engine: pthread robust mutexes thunder lock: disabled (you can enable it with --thunder-lock) Python version: 3.9.5 (default, Nov 24 2021, 21:19:13) [GCC 10.3.1 20210424] Python main interpreter initialized at 0x7f1bedb67c00 python threads support enabled your mercy for graceful operations on workers is 60 seconds *** Operational MODE: no-workers *** running "exec:/usr/bin/python3 ./manage.py collectstatic --noinput" (pre app)... [uwsgi-daemons] spawning "/usr/bin/python3 ./manage.py sendalerts" (uid: 911 gid: 911) 0 static files copied to '/app/healthchecks/static-collected', 319 unmodified. running "exec:/usr/bin/python3 ./manage.py compress" (pre app)... SystemCheckError: System check identified some issues: ERRORS: ?: (4_0.E001) As of Django 4.0, the values in the CSRF_TRUSTED_ORIGINS setting must start with a scheme (usually http:// or https://) but found . See the release notes for details. CommandError: Compressor is disabled. Set the COMPRESS_ENABLED setting or use --force to override. command "/usr/bin/python3 ./manage.py compress" exited with non-zero code: 1 Tue Jul 26 13:34:44 2022 - FATAL hook failed, destroying instance SIGINT/SIGQUIT received...killing workers... WSGI app 0 (mountpoint='') ready in 3 seconds on interpreter 0x7f1bedb67c00 pid: 555 (default app) spawned uWSGI master process (pid: 555) goodbye to uWSGI. ``` switching back from https to http-socket brings up the server again. I am fairly new to the combination of uwsgi, django etc. so I am not sure where to start my HTTPS journey. Thanks in advance!

kerem closed this issue 2026-02-25 23:42:38 +03:00

kerem commented 2026-02-25 23:42:39 +03:00

Author

Owner

Copy link

@cuu508 commented on GitHub (Jul 26, 2022):

Can you share your complete uwsgi.ini?

<!-- gh-comment-id:1195840701 --> @cuu508 commented on GitHub (Jul 26, 2022): Can you share your complete uwsgi.ini?

kerem commented 2026-02-25 23:42:39 +03:00

Author

Owner

Copy link

@stevenengland commented on GitHub (Jul 26, 2022):

Hi, thank you for coming back to me.

I must admit that I use the linuxserver.io image based on yours.

Therefore I use the uWSGI ini from there:
https://github.com/linuxserver/docker-healthchecks/blob/master/root/defaults/uwsgi.ini

With the slight difference I mentioned above (https instead of http-socket).

I thought it might be a good idea to ask here first if there is a recommended way to use HTTPS directly (without another webserver in front of uWSGI).

<!-- gh-comment-id:1195958835 --> @stevenengland commented on GitHub (Jul 26, 2022): Hi, thank you for coming back to me. I must admit that I use the linuxserver.io image based on yours. Therefore I use the uWSGI ini from there: https://github.com/linuxserver/docker-healthchecks/blob/master/root/defaults/uwsgi.ini With the slight difference I mentioned above (https instead of http-socket). I thought it might be a good idea to ask here first if there is a recommended way to use HTTPS directly (without another webserver in front of uWSGI).

kerem commented 2026-02-25 23:42:39 +03:00

Author

Owner

Copy link

@cuu508 commented on GitHub (Jul 27, 2022):

To be honest, I didn't know uwsgi can terminate TLS. As a quick experiment, I took the linuxserver uwsgi.ini and edited it like so:

[uwsgi]
#http-socket = :8000
https = :8000,/home/username/certs/servername.crt,/home/username/certs/servername.pass.key
buffer-size = 32768
enable-threads
plugin = python3
module = hc.wsgi:application
static-map = /static=static-collected
static-gzip-dir = static-collected/CACHE
hook-pre-app = exec:./manage.py collectstatic --noinput
hook-pre-app = exec:./manage.py compress
attach-daemon = ./manage.py sendalerts

I placed it in the project directory (next to manage.py) and then ran it with:

uwsgi ls-uwsgi.ini

The output for me was:

uwsgi ls-uwsgi.ini 
[uWSGI] getting INI configuration from ls-uwsgi.ini
open("./python3_plugin.so"): No such file or directory [core/utils.c line 3732]
!!! UNABLE to load uWSGI plugin: ./python3_plugin.so: cannot open shared object file: No such file or directory !!!
Enter PEM pass phrase:
[uwsgi-static] added mapping for /static => static-collected
*** Starting uWSGI 2.0.20 (64bit) on [Wed Jul 27 11:02:18 2022] ***
compiled with version: 11.2.0 on 27 May 2022 09:57:28
os: Linux-5.15.0-41-generic #44-Ubuntu SMP Wed Jun 22 14:20:53 UTC 2022
nodename: oreo
machine: x86_64
clock source: unix
pcre jit disabled
detected number of CPU cores: 8
current working directory: /home/username/repos/healthchecks
detected binary path: /home/username/venvs/healthchecks/bin/uwsgi
your processes number limit is 126609
your memory page size is 4096 bytes
detected max file descriptor number: 1024
building mime-types dictionary from file /etc/mime.types...1516 entry found
lock engine: pthread robust mutexes
thunder lock: disabled (you can enable it with --thunder-lock)
uWSGI http bound on :8000 fd 4
uwsgi socket 0 bound to TCP address 127.0.0.1:40275 (port auto-assigned) fd 3
Python version: 3.10.4 (main, Jun 29 2022, 12:14:53) [GCC 11.2.0]
Python main interpreter initialized at 0x55e459eaa6e0
python threads support enabled
your server socket listen backlog is limited to 100 connections
your mercy for graceful operations on workers is 60 seconds
mapped 203184 bytes (198 KB) for 1 cores
*** Operational MODE: single process ***
running "exec:./manage.py collectstatic --noinput" (pre app)...

0 static files copied to '/home/username/repos/healthchecks/static-collected', 324 unmodified.
running "exec:./manage.py compress" (pre app)...
Compressing... done
Compressed 23 block(s) from 124 template(s) for 1 context(s).
WSGI app 0 (mountpoint='') ready in 0 seconds on interpreter 0x55e459eaa6e0 pid: 843600 (default app)
*** uWSGI is running in multiple interpreter mode ***
spawned uWSGI master process (pid: 843600)
spawned uWSGI worker 1 (pid: 843610, cores: 1)
spawned uWSGI http 1 (pid: 843611)
[uwsgi-daemons] spawning "./manage.py sendalerts" (uid: 1000 gid: 1000)
sendalerts is now running
[pid: 843610|app: 0|req: 1/1] 127.0.0.1 () {50 vars in 1088 bytes} [Wed Jul 27 08:03:06 2022] GET / => generated 8130 bytes in 152 msecs (HTTP/1.1 200) 9 headers in 449 bytes (1 switches on core 0)

And it did work in the browser (I was getting warnings about using a self-signed certificate, but that's expected).

It's not immediately clear to me what's causing the failure in the linuxserver image.

<!-- gh-comment-id:1196404887 --> @cuu508 commented on GitHub (Jul 27, 2022): To be honest, I didn't know uwsgi can terminate TLS. As a quick experiment, I took the linuxserver uwsgi.ini and edited it like so: ``` [uwsgi] #http-socket = :8000 https = :8000,/home/username/certs/servername.crt,/home/username/certs/servername.pass.key buffer-size = 32768 enable-threads plugin = python3 module = hc.wsgi:application static-map = /static=static-collected static-gzip-dir = static-collected/CACHE hook-pre-app = exec:./manage.py collectstatic --noinput hook-pre-app = exec:./manage.py compress attach-daemon = ./manage.py sendalerts ``` I placed it in the project directory (next to manage.py) and then ran it with: uwsgi ls-uwsgi.ini The output for me was: ``` uwsgi ls-uwsgi.ini [uWSGI] getting INI configuration from ls-uwsgi.ini open("./python3_plugin.so"): No such file or directory [core/utils.c line 3732] !!! UNABLE to load uWSGI plugin: ./python3_plugin.so: cannot open shared object file: No such file or directory !!! Enter PEM pass phrase: [uwsgi-static] added mapping for /static => static-collected *** Starting uWSGI 2.0.20 (64bit) on [Wed Jul 27 11:02:18 2022] *** compiled with version: 11.2.0 on 27 May 2022 09:57:28 os: Linux-5.15.0-41-generic #44-Ubuntu SMP Wed Jun 22 14:20:53 UTC 2022 nodename: oreo machine: x86_64 clock source: unix pcre jit disabled detected number of CPU cores: 8 current working directory: /home/username/repos/healthchecks detected binary path: /home/username/venvs/healthchecks/bin/uwsgi your processes number limit is 126609 your memory page size is 4096 bytes detected max file descriptor number: 1024 building mime-types dictionary from file /etc/mime.types...1516 entry found lock engine: pthread robust mutexes thunder lock: disabled (you can enable it with --thunder-lock) uWSGI http bound on :8000 fd 4 uwsgi socket 0 bound to TCP address 127.0.0.1:40275 (port auto-assigned) fd 3 Python version: 3.10.4 (main, Jun 29 2022, 12:14:53) [GCC 11.2.0] Python main interpreter initialized at 0x55e459eaa6e0 python threads support enabled your server socket listen backlog is limited to 100 connections your mercy for graceful operations on workers is 60 seconds mapped 203184 bytes (198 KB) for 1 cores *** Operational MODE: single process *** running "exec:./manage.py collectstatic --noinput" (pre app)... 0 static files copied to '/home/username/repos/healthchecks/static-collected', 324 unmodified. running "exec:./manage.py compress" (pre app)... Compressing... done Compressed 23 block(s) from 124 template(s) for 1 context(s). WSGI app 0 (mountpoint='') ready in 0 seconds on interpreter 0x55e459eaa6e0 pid: 843600 (default app) *** uWSGI is running in multiple interpreter mode *** spawned uWSGI master process (pid: 843600) spawned uWSGI worker 1 (pid: 843610, cores: 1) spawned uWSGI http 1 (pid: 843611) [uwsgi-daemons] spawning "./manage.py sendalerts" (uid: 1000 gid: 1000) sendalerts is now running [pid: 843610|app: 0|req: 1/1] 127.0.0.1 () {50 vars in 1088 bytes} [Wed Jul 27 08:03:06 2022] GET / => generated 8130 bytes in 152 msecs (HTTP/1.1 200) 9 headers in 449 bytes (1 switches on core 0) ``` And it did work in the browser (I was getting warnings about using a self-signed certificate, but that's expected). It's not immediately clear to me what's causing the failure in the linuxserver image.

kerem commented 2026-02-25 23:42:39 +03:00

Author

Owner

Copy link

@stevenengland commented on GitHub (Jul 27, 2022):

Thank you very much. Then I will try your Dockerfile, create an image respectively and try this combination by myself. If I am not successful I will open another issue for linuxserver. Can this issue here be left open if anything else occurs?

<!-- gh-comment-id:1196525660 --> @stevenengland commented on GitHub (Jul 27, 2022): Thank you very much. Then I will try your Dockerfile, create an image respectively and try this combination by myself. If I am not successful I will open another issue for linuxserver. Can this issue here be left open if anything else occurs?

kerem commented 2026-02-25 23:42:39 +03:00

Author

Owner

Copy link

@cuu508 commented on GitHub (Jul 27, 2022):

Sure, if the issue you reported turns out to be something that must be fixed in Healthchecks, we can handle it here.

If you run into a different problem, please create a separate ticket for it. And if you need advice on how to do something, please use discussions!

<!-- gh-comment-id:1196533620 --> @cuu508 commented on GitHub (Jul 27, 2022): Sure, if the issue you reported turns out to be something that must be fixed in Healthchecks, we can handle it here. If you run into a different problem, please create a separate ticket for it. And if you need advice on how to do something, please use [discussions](https://github.com/healthchecks/healthchecks/discussions)!

kerem commented 2026-02-25 23:42:39 +03:00

Author

Owner

Copy link

@stevenengland commented on GitHub (Jul 31, 2022):

Well... Pulled your image, added the certs, altered the uwsgi.ini to use the certs and it works like a charm out of the box. So the problem most likely is on the linuxserver.io side... :(

Thank you for helping me out!!!

<!-- gh-comment-id:1200361235 --> @stevenengland commented on GitHub (Jul 31, 2022): Well... Pulled your image, added the certs, altered the uwsgi.ini to use the certs and it works like a charm out of the box. So the problem most likely is on the linuxserver.io side... :( Thank you for helping me out!!!

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

py2

v4.1.1

v4.1

v4.0

v3.13

v3.12

v3.11.2

v3.11.1

v3.11

v3.10

v3.9

v3.8.2

v3.8.1

v3.8

v3.7

v3.6

v3.5.2

v3.5.1

v3.5

v3.4

v3.3

v3.2

v3.1

v3.0.1

v3.0

v2.10

v2.9.2

v2.9.1

v2.9

v2.8.1

v2.8

v2.7

v2.6.1

v2.6

v2.5

v2.4.1

v2.4

v2.3

v2.2.1

v2.2

v2.1

v2.0.1

v2.0

v1.25.0

v1.24.1

v1.24.0

v1.23.1

v1.23.0

v1.22.0

v1.21.0

v1.20.0

v1.19.0

v1.18.0

v1.17.0

v1.16.0

v1.15.0

v1.14.0

v1.13.0

v1.12.0

v1.11.0

v1.10.0

v1.9.0

v1.8.0

v1.7.0

v1.6.0

v1.5.0

v1.4.0

v1.3.0

v1.2.0

v1.1.0

v1.0.4

v1.0.3

v1.0.2

1.0.2

v1.0.1

v1.0

Labels

Clear labels   

bug

  

bug

  

bug

  

feature

  

good-first-issue

  

new integration

  

pull-request

Mirrored from GitHub Pull Request

  

question

No labels

bug

bug

bug

feature

good-first-issue

new integration

pull-request

question

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/healthchecks#489

No description provided.