Geek Answers Handbook

How to use SSL with a Django application (deployed using mod_wsgi and virtualenv)

Disclaimer: I really don't know what I'm doing, so I may have mis-formulated things. I have also never asked / answered a question before!

I have a Django application running on Apache that I deployed using mod_wsgi and virtualenv. I want some parts of the application to use SSL, however, when I install the SSL certificate, the https URL goes to the index.html file from my public_html folder instead of the application (which is outside of public_html)

For example, visit https://tradekandi.com . This URL is just a basic HTML file: public_html / index.html Then visit http://tradekandi.com . This is my Django page (in maintenance mode).

I searched stackoverflow and google all day. I tried to delete the documentroot file from the virtual hosts file but did nothing. I tried adding the line SetEnvIf X-Forwarded-Proto https HTTPS = 1 to it, but did nothing.

My virtual hosts file has the following lines:

SSLEngine on SSLCertificateFile /etc/ssl/certs/tradekandi.com.crt SSLCertificateKeyFile /etc/ssl/private/tradekandi.com.key SSLCACertificateFile /etc/ssl/certs/tradekandi.com.cabundle

Whenever I make any changes, I restart apache and “touch” the wsgi application file.

How to get https url to load Django app? Any help is appreciated. Thanks.

More httpd configuration:

 <VirtualHost 69.65.42.153:80> ServerName tradekandi.com ServerAlias www.tradekandi.com DocumentRoot /home/trade/public_html ServerAdmin webmaster@tradekandi.com UseCanonicalName Off CustomLog /usr/local/apache/domlogs/tradekandi.com combined CustomLog /usr/local/apache/domlogs/tradekandi.com-bytes_log "%{%s}t %I .\n%{%s}t %O ." ## User trade # Needed for Cpanel::ApacheConf <IfModule mod_suphp.c> suPHP_UserGroup trade trade </IfModule> <IfModule !mod_disable_suexec.c> SuexecUserGroup trade trade </IfModule> ScriptAlias /cgi-bin/ /home/trade/public_html/cgi-bin/ Include "/usr/local/apache/conf/userdata/*.conf" Include "/usr/local/apache/conf/userdata/*.owner-root" Include "/usr/local/apache/conf/userdata/std/*.conf" Include "/usr/local/apache/conf/userdata/std/*.owner-root" Include "/usr/local/apache/conf/userdata/std/2/*.conf" Include "/usr/local/apache/conf/userdata/std/2/*.owner-root" Include "/usr/local/apache/conf/userdata/std/2/trade/*.conf" Include "/usr/local/apache/conf/userdata/std/2/trade/tradekandi.com/*.conf" </VirtualHost> <VirtualHost 69.65.42.153:443> ServerName tradekandi.com ServerAlias www.tradekandi.com DocumentRoot /home/trade/public_html ServerAdmin webmaster@tradekandi.com UseCanonicalName Off CustomLog /usr/local/apache/domlogs/tradekandi.com combined CustomLog /usr/local/apache/domlogs/tradekandi.com-bytes_log "%{%s}t %I .\n%{%s}t %O ." ## User nobody # Needed for Cpanel::ApacheConf <IfModule mod_suphp.c> suPHP_UserGroup nobody nobody </IfModule> ScriptAlias /cgi-bin/ /home/trade/public_html/cgi-bin/ SSLEngine on SSLCertificateFile /etc/ssl/certs/tradekandi.com.crt SSLCertificateKeyFile /etc/ssl/private/tradekandi.com.key SSLCACertificateFile /etc/ssl/certs/tradekandi.com.cabundle CustomLog /usr/local/apache/domlogs/tradekandi.com-ssl_log combined SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown <Directory "/home/trade/public_html/cgi-bin"> SSLOptions +StdEnvVars </Directory> Include "/usr/local/apache/conf/userdata/*.conf" </VirtualHost>

If relevant, this is a dedicated server running CentOS, and I also use it to host a single PHP-based site.

Wsgi file:

 import os import sys sys.stdout = sys.stderr from os.path import abspath, dirname, join from site import addsitedir sys.path.append('/home/trade/sites/tradekandi.com.env/lib/python2.7/site-packages') sys.path.insert(0, abspath(join(dirname(__file__), "../../"))) from django.conf import settings os.environ["DJANGO_SETTINGS_MODULE"] = "trade.settings" sys.path.insert(0, join(settings.PROJECT_ROOT, "apps")) from django.core.handlers.wsgi import WSGIHandler application = WSGIHandler()

extra.conf with mod_wsgi directives:

 Alias /static/ /home/trade/public_html/static/ <Directory /home/trade/public_html/static> Order deny,allow Allow from all </Directory> WSGIDaemonProcess trade python-path=/home/trade/sites/tradekandi.com.env/lib/python2.7/site-packages WSGIProcessGroup trade WSGIScriptAlias / /home/trade/sites/tradekandi.com.env/site/trade/deploy/pinax.wsgi <Directory /home/trade/sites/tradekandi.com.env/site/trade/deploy> Order deny,allow Allow from all </Directory>
+7
source share
1 answer

Answering my own question in favor of anyone who might run into this:

I added the following lines:

 WSGIProcessGroup tradek WSGIScriptAlias / /home/trade/sites/tradekandi.com.env/site/trade/deploy/pinax.wsgi

to the .conf file located in / usr / local / apache / conf / userdata / ssl / 2 / trade / tradekandi.com, then the command / scripts / proof _vhost_includes --user = trade is used

(I also managed to change the name of ProcessGroup)

It seems to have done the trick, although now I need to get rid of the insecure elements on the page! Thanks to Graham because it was one of your answers to someone else that helped me figure this out.

+1
source

More articles:


All Articles