时间戳

首页 > 解决方案 > 使用 SSL 连接在 Apache Server (Ubuntu) 中运行 Django 应用程序

python - 使用 SSL 连接在 Apache Server (Ubuntu) 中运行 Django 应用程序

问题描述

默认情况下,Apache 服务器定位www/html文件夹port:8080(默认为:80)。现在 Django 文件保存在 html/django 中运行端口:80 它正在运行http://example.com

现在添加 SSL 后,www/html/django显示所有文件结构。运行https://example.com时

现在没有任何解决方案如何使用

http://example.com
https://example.com

已经换了/etc/apache2/sites-enabled/django.conf

<VirtualHost *:443>

    #My site Name
    ServerName example.com


    SSLEngine on


    SSLCertificateFile  /etc/ssl/certs/ssl-c.pem
    SSLCertificateKeyFile /etc/ssl/private/ssl-c.key


    #Demon process for multiple virtual hosts
    WSGIDaemonProcess example.com threads=5

    #Pointing wsgi script to config file
    WSGIScriptAlias / /var/www/html/django/django.wsgi
    WSGIProcessGroup example.com

    #Your static files location
    Alias /static/ "/var/www/html/django/template/"
    <Location "/media">
        SetHandler None
    </Location>
    <LocationMatch "\.(jpg|gif|png|js|css)$">
        SetHandler None
    </LocationMatch>
    <Directory /var/www/html/django>
        WSGIProcessGroup example.com
        WSGIApplicationGroup %{GLOBAL}
        Order deny,allow
        Allow from all
    </Directory>
</VirtualHost>

标签: pythondjangoapachedeployment

解决方案

欢迎来到堆栈溢出。我这样做的方法是创建两个.conf文件,并避免覆盖 stock httpd.conf。首先,一个ssl.conf文件:

SSLCertificateFile /etc/ssl/certs/ssl-c.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-c.key
SSLCertificateChainFile /etc/ssl/private/InCommonRSAServerCA_2.pem
SSLCipherSuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA:HIGH:!aNULL:!MD5
SSLHonorCipherOrder on
SSLCompression off
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1

Listen 443

这将禁用不安全的旧协议并需要 TLS 1.2+。

然后我为我在服务器上托管的每个站点创建一个文件VirtualHost,例如mysite.conf

<VirtualHost my-site.example.com:80>
  ServerName my-site.example.com
  ServerAlias www.my-site.example.com
  Redirect permanent / https://my-site.example.com/
</VirtualHost>


<VirtualHost *:443>
  TimeOut 600
  SSLEngine On

  ServerName my-site.example.com
  ServerAlias www.my-site.example.com

  # Set to the lobal Application Group
  WSGIApplicationGroup %{GLOBAL}
  # Pass Authorizations through to the WSGI app for Django REST Framework Token Auth
  WSGIPassAuthorization On

  WSGIDaemonProcess my-site-https python-home=/var/django/my-site/sites/my-site/venv request-timeout=600 user=apache group=apache processes=1
  WSGIProcessGroup my-site-https
  WSGIScriptAlias / /var/django/my-site/sites/my-site/config/wsgi.py process-group=my-site-https
  <Directory /var/django/my-site/sites/my-site/config>
    Require all granted
  </Directory>
  Alias /static/ /var/django/my-site/sites/my-site/static/
  <Directory /var/django/my-site/sites/my-site/static>
    Require all granted
  </Directory>
</VirtualHost>

这里有一些额外的东西。首先,WSGIPassAuthorization打开,以防您使用 Django REST Framework 令牌身份验证。你可能不需要这个。

WSGIDaemonProcess包含几个您可能想要更改或不需要更改的显式设置,例如usergroupprocesses. 这允许您调整VirtualHost运行的 Apache Linux 进程的用户和组,并processes控制有多少进程。

需要这两个Directory指令来允许访问 Django 项目的.wsgi配置文件和静态文件。

祝你好运!配置起来很棘手,但一旦你做对了,它就mod_wsgi坚如磐石。

推荐阅读