DEVHIDE
Login Or Sign up

Web server with NGINX, Gunicorn (with workers > 1), and Djagno fails to save JWT in a cookie at server side

36 Views Asked by At

I have a WSGI Django application, with Gunicorn before it and Nginx as a web server. The Django Application is a Stateless DRF API.

Django Related Configs

REST_AUTH = {
'USE_JWT': True,
'JWT_AUTH_COOKIE': 'wird-jwt-auth',
'JWT_AUTH_REFRESH_COOKIE': 'wird-jwt-refresh',
'JWT_AUTH_RETURN_EXPIRATION': True,
'JWT_AUTH_HTTPONLY': False,
"SESSION_LOGIN": False,
"USER_DETAILS_SERIALIZER": "core.serializers.PersonSerializer",
"PASSWORD_RESET_SERIALIZER": "core.util_classes.PasswordResetSerializer"
}
SECURE_HSTS_PRELOAD = True
SECURE_HSTS_INCLUDE_SUBDOMAINS = True
SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https")
SECURE_HSTS_SECONDS = 2_592_000
SECURE_REFERRER_POLICY = "strict-origin-when-cross-origin"
# Application definition

SECURE_BROWSER_XSS_FILTER = True
SECURE_CONTENT_TYPE_NOSNIFF = True
X_FRAME_OPTIONS = 'DENY'
PERMISSIONS_POLICY = {"fullscreen": "*", }

INSTALLED_APPS = [
'django.contrib.auth',
'django.contrib.contenttypes',
"django.contrib.postgres",
'member_panel.apps.StudentConfig',
'admin_panel.apps.AdminPanelConfig',
'core.apps.CoreConfig',
'rest_framework',
"rest_framework.authtoken",
'django.contrib.sites',
'allauth',
'allauth.account',
'dj_rest_auth.registration',
'django_filters',
'corsheaders',
'polymorphic',
'drf_yasg',
"cachalot",
]

MIDDLEWARE = [
    'corsheaders.middleware.CorsMiddleware',  
    'django.middleware.security.SecurityMiddleware',  
    'whitenoise.middleware.WhiteNoiseMiddleware', 
    'django.middleware.common.CommonMiddleware',  
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware', 
    "django_permissions_policy.PermissionsPolicyMiddleware", 
    'django.middleware.locale.LocaleMiddleware',  
    'allauth.account.middleware.AccountMiddleware',  
]

Nginx Configs

upstream app {
    server localhost:8200;  
}

server {
    server_name .;
    location / {
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_pass http://app;  
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_redirect off;
}

 location /static/ {
    alias .;
    try_files $uri $uri/ =404;
}

location /media/ {
    alias .;
    try_files $uri $uri/ =404;
}


listen 443 ssl; # managed by Certbot
# ssl files 

}

When Gunicorn's workers are >1 the JWT Token I save at Client side disappear after the first refresh. When workers=1 it's fine, without changing any other config.

What can be the issue?

django nginx jwt gunicorn django-rest-framework-jwt
Original Q&A
0

There are 0 best solutions below

Related Questions in DJANGO

Related Questions in NGINX

Related Questions in JWT

Related Questions in GUNICORN

Related Questions in DJANGO-REST-FRAMEWORK-JWT

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Popular Questions

.

Copyright © 2021 Jogjafile Inc.