[Django]-How can I test https connections with Django as easily as I can non-https connections using 'runserver'?

I would recommend using the django-sslserver package.

The current package on PyPI only supports up to Django version 1.5.5 but a patch has been committed via 5d4664c. With this fix the system runs well and is a pretty simple and straightforward solution for testing https connections.

UPDATE:
Since I posted my answer the commit above has been merged into the master branch and a new release has been pushed to PyPI. So there shouldn’t be any need to specify the 5d4664c commit for that specific fix.

just install

sudo pip install django-sslserver

include sslserver in installed aps

INSTALLED_APPS = (...
"sslserver",
...
)

now you can run

 python manage.py runsslserver 0.0.0.0:8888

Similar to django-sslserver you could use RunServerPlus from django-extensions

It has dependencies on Werkzeug (so you get access to the excellent Werkzeug debugger) and pyOpenSSL (only required for ssl mode) so to install run:

pip install django-extensions Werkzeug pyOpenSSL

Add it to INSTALLED_APPS in your projects settings.py file:

INSTALLED_APPS = (
    ...
    'django_extensions',
    ...
)

Then you can run the server in ssl mode with:

./manage.py runserver_plus --cert /tmp/cert

This will create a cert file at /tmp/cert.crt and a key file at /tmp/cert.key which can then be reused for future sessions.

There is a bunch of extra stuff included in django-extensions that you may find of use so it is worth having a quick flick through the docs.

Signup to https://ngrok.com/. You can use https to test. This might help people who just want to quickly test https.

One way is using ngrok.

1. Install ngrok.
   download link: https://ngrok.com/download

2. Issue following command on terminal

   ngrok http 8000
   

It will start ngrok session. It will list two urls. One is mapped to http://localhost:8000. Second is mapped to https://localhost:8000. Please check the screenshot below. Use either url. It will map to your local server.

Second method is as per the the solution provided by @EvanGrim. Link – https://stackoverflow.com/a/8025645/9384511

First method is preferred if you need to test https url just couple of times. But if your requirement says https is mandatory then it would be better if you follow second method.
I faced following issues with @EvanGrim solution

1. When accessing https url via requests, you will get subAltNames
   missing warning. This should not be a problem. Your url should work
   fine.
2. You will not be able to access https url via android volley. It will
   throw error – your ip or localhost is not verified. Something like
   that.

I solved these issues by adding subAltname to ssl certificate. Below is the steps I followed to run a local https server without the above two issues.

1. Install stunnel. stunnel version used is version4(/usr/bin/stunnel4) For ubuntu execute

    sudo apt-get install stunnel
   

2. Create directory stunnel in your Django Project.

3. Copy openssl.cnf from /etc/ssl/openssl.cnf or /usr/lib/ssl/openssl.cnf to stunnel. Avoid editing them directly unless you know what you are doing.

   1. Search for [ req ] or [req] section.In req section set

       x509_extensions = v3_ca 
       req_extensions = v3_req 
      

      x509_extensions and req_extensions should be present. If not, add it. If commented, uncomment it.

   2. Search for [v3_req] section. In this section add

       subjectAltName = @alt_names
      

   3. Search for [v3_ca] section. In this section add

       subjectAltName = @alt_names
      

   4. We need to add a new section alt_names. This can be added any where. I added after [v3_ca] section.
      For local host and your ip address add as follows:

       [alt_names]
       DNS.1 = localhost
       IP.1 = x.x.x.x
       IP.2 = 127.0.0.1
      

4. To create key execute

    openssl genrsa 1024 > stunnel.key
   

5. To create DER encoded certificate execute either first or second command

   1. If you have directly edited /etc/ssl/openssl.cnf or /usr/lib/ssl/openssl.cnf

       openssl req -new -x509 -nodes -sha1 -days 365 -key stunnel.key > stunnel.cert
      

   2. If you have made copy of openssl.cnf in stunnel directory.

       openssl req -new -x509 -nodes -sha256 -days 365 -key stunnel.key -config openssl.cnf > stunnel.cert
      

6. To create PEM ecoded certificate execute.

    cat stunnel.key stunnel.cert > stunnel.pem
   

7. Create a config file for stunnel called dev_https.config with the following contents.

    #not to use pid
    pid=
    #path of certificate file
    cert = stunnel/stunnel.pem
    #version of SSL to use
    sslVersion = TLSv1.1
    foreground = yes
    #log output path
    output = stunnel.log
   
    [https]
    #listen on port 8443
    accept=8443
    #tunnel the connection to port 8001
    connect=8001
    # and close connection automatically after one second
    TIMEOUTclose=1
   

   Please note sslVersion is based on OpenSSL version used by python interpreter. Mine is OpenSSL 1.1.1. For this version use TLSv1.1. Find out your openssl version and add corresponding version.
   You can find out the OpenSSL version by executing

    python -c "import ssl; print(ssl.OPENSSL_VERSION)"
   

8. Create a script called runserver and add below contents. This script should reside in same directory as manage.py
   This script will run two stunnel and two django environment. One for http connections and one for https connections.
   The issue of runserver not exiting cleanly(As mentioned by Evan) is solved by trap statement in which cleanup function is called.

    stunnel4 stunnel/dev_https.config &
    stunnel_pid=$!
    echo "stunnel pid: $stunnel_pid"
    python manage.py runserver 0.0.0.0:8000 &
    py_server_bg=$!
    echo "BG py server pid: $py_server_bg"
    HTTPS=1 python manage.py runserver 0.0.0.0:8001
   
    function cleanup()
    {
      echo "Cleaning up"
      kill $stunnel_pid
      kill $py_server_bg
      echo "Cleaned"
    }
   
    trap cleanup EXIT
   

9. Execute

    chmod a+x runserver
   

10. From you django project execute

    ./runserver
    

11. Now if you execute a python requests command, subjectAltNames missing warning will not be displayed. Also your android volley https request will execute fine.

    data = {'login_id':'someid'}
    headers = {'content-type': 'application/json'}
    url = "https://localhost:8443/myauth/check-id/"
    r=requests.post(url, data=json.dumps(data), headers=headers,verify='stunnel/stunnel.pem')
    

I would like to thank @EvanGrim for the solution. And Thanks to @Friek, @Utku and @dr. Sybren. Based on their comments I implemented cleanup function.

It can be done in one line with socat:

socat openssl-listen:8443,fork,reuseaddr,cert=server.pem,verify=0 tcp:localhost:8000

, where 8443 is a port to listen for incoming HTTPS connections, server.pem is a self-signed server certificate and localhost:8000 is a debug HTTP server launched as usual.

More details: http://www.dest-unreach.org/socat/doc/socat-openssltunnel.html

For those looking for a foregrounded version of the stunnel option for debugging purposes:

stunnel.pem is a certificate generated as in Evan Grimm’s top voted answer.

Listen on all local interfaces on port 443 and forward to port 80 on localhost

sudo stunnel -f -p stunnel.pem -P ~/stunnel.pid -r localhost:80 -d 443

sudo is only necessary for incoming ports (-d [host:]port) under 1024

Handle SSL/TLS with a proxy such as Nginx rather than Django. Nginx can be set up to listen on port 443 and then forward requests to your Django dev server (typically http://127.0.0.1:8000). An Nginx configuration for this might look like the following:

server {
    listen 443 ssl;
    server_name django-dev.localhost;

    ssl_certificate /etc/ssl/certs/nginx_chain.pem;
    ssl_certificate_key /etc/ssl/private/nginx.pem;    

    location / {
        proxy_pass http://127.0.0.1:8000/;
        proxy_set_header Host $host;
    }
}

You’ll also need to map django-dev.localhost to 127.0.0.1 and add django-dev.localhost to ALLOWED_HOSTS in settings.py. On Linux, you’ll need to add the following line to /etc/hosts:

127.0.0.1   django-dev.localhost

You’ll then be able to reach your dev site by going to https://django-dev.localhost in your browser (you will need to bypass your browser’s security warning).

go to sslforfree.com and download certificate file

download 3246328748324897329847324234.txt file for verify

you need to add this in views.py

from django.http import HttpResponse

def read_file(request):
    f = open('7263713672163767218367687767.txt', 'r')
    file_content = f.read()
    f.close()
    return HttpResponse(file_content, content_type="text/plain")

after
add

urls.py

    path('.well-known/pki-validation/', read_file)

install

pip install django-extensions
pip install pyOpenSSL
pip install werkzeug

./manage.py runserver_plus 0:443 --cert-file certificate.crt  --key-file private.key

I have very simple solution for this, just follow below steps and you will be able to run your django project/app on https:// secure server.

step.1 install openssl on your system. you can get the executable file for installation at https://slproweb.com/products/Win32OpenSSL.html. I recommended you to install Win64 OpenSSL v1.1.1L (version) it is stable compare to 3.0.0

step.2 after successful installation navigate to C:\Program Files\OpenSSL-Win64\bin in our example. you can navigate to your installed directory where u have installed openssl, here you can find out openssl.exe run it as administrator.

step.3 Enter the following command to begin generating a certificate and private key:
req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout privateKey.key -out certificate.crt

step 4: You will then be prompted to enter applicable Distinguished Name (DN) information, totaling seven fields, as you can see in below screenshot:

step 5: Once completed, you will find the certificate.crt and privateKey.key files created under the \OpenSSL\bin\ directory, like this

step 6: install django-sslserver in your system.

stpe 7: execute below command on your IDLE terminal:
python manage.py runsslserver –certificate C:/Program Files/OpenSSL-Win64/bin/cer
tificate.crt –key C:/Program Files/OpenSSL-Win64/bin/privateKey.key 127.0.0.1:8000

Congratulations now your django project is running on https.

I hope this will help you, if u face any difficulty feel free to ask.

Tried to add a comment to this answer, where he asks about killing the processes but the code formatting in comments is limited. Here is my modified runserver.bash

#!/bin/bash 

# Script to kill previous instances of dev servers,
# then start the 2 dev servers, one of which is https.
#

cd "$(dirname "$0")"
echo $PWD

. bin/activate

if [[ "$1" =~ "kill" ]]; then
    if [[ -n `ps -ef | egrep 'python manage.py runserver [1-9,\.]*' | grep -v grep | awk '{ print $2}'`  ]]; then
        kill -15 `ps -ef | egrep 'python manage.py runserver [1-9,\.]*' | grep -v grep | awk '{ print $2}'`
    fi
else
    if [[ -n `ps -ef | egrep 'python manage.py runserver [1-9,\.]*' | grep -v grep | awk '{ print $2}'`  ]]; then
        kill -15 `ps -ef | egrep 'python manage.py runserver [1-9,\.]*' | grep -v grep | awk '{ print $2}'`
    fi
    if [[ -z `ps -ef | egrep 'stunnel4 stunnel/dev_https' | grep -v grep | awk '{ print $2}'` ]]; then
        stunnel4 stunnel/dev_https &
    fi
    python manage.py runserver 192.168.1.183:8006 &
    HTTPS=1 python manage.py runserver 192.168.1.183:8001
fi

Based on Ryabchenko Alexander answer, this is how I do it in Django for local tests:

token_url = '{}/o/token/'.format(settings.BOQ_APP_URL)
oauth = OAuth2Session(
   client=LegacyApplicationClient(client_id=settings.BOQ_APP_CLIENT_ID),
)

# disable cert verification for local tests
if settings.DEBUG:
    oauth.verify = False

token = oauth.fetch_token(
   token_url=token_url,
   username=settings.BOQ_APP_USERNAME,
   password=settings.BOQ_APP_PASSWORD,
   client_secret=settings.BOQ_APP_CLIENT_SECRET,
)

print(token)