django - Apache 不在 443 (aws) 上为 Django 提供服务
问题描述
我有一个 django 应用程序,我正在尝试通过 HTTPS 提供服务并苦苦挣扎。我不擅长 Apache 配置并试图将其拼凑在一起。希望有人能指出看似简单的疏忽。
我的证书已设置,当我访问我的网站时,http://
它会重定向到https://
亚马逊颁发的有效证书。所以,这似乎是正确的。
我的问题
我只看到一个页面:
指数 /
编辑#1:
更多的实验表明,没有任何附加.conf
文件,我可以http
按https
预期运行 django。如果我只启用*.80
重定向,我总是https
按预期获得,但只是上面提到的 apache 索引页面,没有 django。
这是我用容器命令编写的配置:
/etc/httpd/conf.d/wsgi.conf(每次部署都由 aws 重写)
LoadModule wsgi_module modules/mod_wsgi.so
WSGIPythonHome /opt/python/run/baselinenv
WSGISocketPrefix run/wsgi
WSGIRestrictEmbedded On
<VirtualHost *:80>
Alias /static/ /opt/python/current/app/www/static/
<Directory /opt/python/current/app/www/static/>
Order allow,deny
Allow from all
</Directory>
WSGIScriptAlias / /opt/python/current/app/proof/proof/wsgi.py
<Directory /opt/python/current/app/>
Require all granted
</Directory>
WSGIDaemonProcess wsgi processes=3 threads=20 display-name=%{GROUP} \
python-home=/opt/python/run/venv/ \
python-path=/opt/python/current/app user=wsgi group=wsgi \
home=/opt/python/current/app
WSGIProcessGroup wsgi
</VirtualHost>
LogFormat "%h (%{X-Forwarded-For}i) %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
/etc/httpd/conf.d/virtualhost_http.conf
<VirtualHost *:80>
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} =http
RewriteRule .* https://%{HTTP:Host}%{REQUEST_URI} [L,R=permanent]
</VirtualHost>
/etc/httpd/conf.d/virtualhost_https.conf(可选。无论有没有这个文件,我都会得到相同的结果)
<VirtualHost *:443>
Alias /static/ /opt/python/current/app/www/static/
<Directory /opt/python/current/app/www/static/>
Order allow,deny
Allow from all
</Directory>
WSGIScriptAlias / /opt/python/current/app/proof/proof/wsgi.py process-group=wsgi
<Directory /opt/python/current/app/>
Require all granted
</Directory>
</VirtualHost>
编辑#2:
这是我掌握的关于 VHost 正在发生的事情的最佳证据
[ec2-user@ip-000-00-00-000 conf.d]$ ls -l
total 16
-rw-r--r-- 1 root root 1024 May 16 06:56 enable_mod_deflate.conf
-rw-r--r-- 1 root root 162 May 15 23:10 healthd.conf
-rw-r--r-- 1 root root 104 May 15 23:10 mod_reqtimeout.conf
-rw-r--r-- 1 root root 783 May 16 06:56 wsgi.conf
[ec2-user@ip-000-00-00-000 conf.d]$ apachectl -S
[Thu May 16 07:22:36.788065 2019] [so:warn] [pid 24579] AH01574: module wsgi_module is already loaded, skipping
VirtualHost configuration:
*:80 is a NameVirtualHost
default server ip-000-00-00-000.us-west-2.compute.internal (/etc/httpd/conf.d/virtualhost_http.conf:1)
port 80 namevhost ip-000-00-00-000.us-west-2.compute.internal (/etc/httpd/conf.d/virtualhost_http.conf:1)
port 80 namevhost ip-000-00-00-000.us-west-2.compute.internal (/etc/httpd/conf.d/wsgi.conf:7)
ServerRoot: "/etc/httpd"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/etc/httpd/logs/error_log"
Mutex authdigest-opaque: using_defaults
Mutex watchdog-callback: using_defaults
Mutex proxy-balancer-shm: using_defaults
Mutex rewrite-map: using_defaults
Mutex authdigest-client: using_defaults
Mutex lua-ivm-shm: using_defaults
Mutex proxy: using_defaults
Mutex authn-socache: using_defaults
Mutex default: dir="/var/run/httpd/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex cache-socache: using_defaults
PidFile: "/var/run/httpd/httpd.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="apache" id=48 not_used
Group: name="apache" id=48 not_used
这是证书正在运行但未连接到 Django 的证据
(v-env) My-MacBook-Pro$ curl -v https://www.proofapp.io
* Rebuilt URL to: https://www.proofapp.io/
* Trying 50.112.160.41...
* TCP_NODELAY set
* Connected to www.proofapp.io (50.112.160.41) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/ssl/cert.pem
CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server did not agree to a protocol
* Server certificate:
* subject: CN=www.proofapp.io
* start date: May 15 00:00:00 2019 GMT
* expire date: Jun 15 12:00:00 2020 GMT
* subjectAltName: host "www.proofapp.io" matched cert's "www.proofapp.io"
* issuer: C=US; O=Amazon; OU=Server CA 1B; CN=Amazon
* SSL certificate verify ok.
> GET / HTTP/1.1
> Host: www.proofapp.io
> User-Agent: curl/7.54.0
> Accept: */*
>
< HTTP/1.1 200 OK
< Content-Type: text/html;charset=ISO-8859-1
< Date: Thu, 16 May 2019 07:28:17 GMT
< Server: Apache/2.4.39 (Amazon) mod_wsgi/3.5 Python/3.6.8
< Vary: Accept-Encoding,User-Agent
< Content-Length: 161
< Connection: keep-alive
<
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title>Index of /</title>
</head>
<body>
<h1>Index of /</h1>
<ul></ul>
</body></html>
* Connection #0 to host www.proofapp.io left intact
解决方案
斯科特,不确定你是否已经解决了这个问题,但如果你还没有解决这个问题,我会分享额外的观点和策略——或者为未来的读者。
解决此问题的一种便捷方法是使用负载均衡器来终止 SSL。这意味着无需在应用程序级别进行复杂的配置,还将通过将 HTTPS 加密/解密过程卸载到其他 AWS 资源来提高性能(并可能节省成本)。
您可以在下面的链接中阅读有关这些策略和实施的更多信息。如果您还有其他问题,我很乐意提供有关具体步骤的更多详细信息。
推荐阅读
- javascript - 如何一键获取不同的值?
- vba - 如何使用 Connect_Net 的密码连接到 zk ua300?
- audio - WM8904 和 SAMV71 重复电路问题
- aws-lambda - 无服务器功能可以部署在 AWS 上,在本地调用,但在 AWS 上找不到
- jquery - 如何增加触摸屏复选框的可点击区域
- python - 如何使用自定义文本创建具有多种选择的模型?
- python - NumPy 数组元素在被选中时会发生奇怪的变化
- php - 如何让我的 php 登录页面实际登录?
- asp.net-core - 如果 HTTP 请求成功则停止函数执行 ASP.NET Core
- java - 在 mySQL 中忽略插入查询中的空值