Django Apache SSL [代码400,消息错误请求]

时间:2015-01-10 09:22:59

标签: python django apache ssl mod-ssl

我遇到Apache代理Web服务器和Django SSL的问题以下是用于SSL的Django settings.py和apache server.conf文件的错误, django版本1.6.8

  ----------------------------------------
  [10/Jan/2015 09:11:33] code 400, message Bad request syntax ('\x16\x03\x00\x00?
  Exception happened during processing of request from ('5.5.0.46', 38141)
  Traceback (most recent call last):
  File "/usr/lib/python2.7/SocketServer.py", line 593, in process_request_thread
   self.finish_request(request, client_address)
  File "/usr/lib/python2.7/SocketServer.py", line 334, in finish_request
   self.RequestHandlerClass(request, client_address, self)
  File "/usr/local/lib/python2.7/dist-packages/django/core/servers/basehttp.py", line 126, in __init__
   super(WSGIRequestHandler, self).__init__(*args, **kwargs)
  File "/usr/lib/python2.7/SocketServer.py", line 649, in __init__
   self.handle()
  File "/usr/lib/python2.7/wsgiref/simple_server.py", line 117, in handle
   if not self.parse_request(): # An error code has been sent, just exit
  File "/usr/lib/python2.7/BaseHTTPServer.py", line 286, in parse_request
    self.send_error(400, "Bad request syntax (%r)" % requestline)
  File "/usr/lib/python2.7/BaseHTTPServer.py", line 368, in send_error
    self.send_response(code, message)
  File "/usr/lib/python2.7/BaseHTTPServer.py", line 385, in send_response
    self.log_request(code)
  File "/usr/lib/python2.7/BaseHTTPServer.py", line 422, in log_request
    self.requestline, str(code), str(size))
  File "/usr/local/lib/python2.7/dist-packages/django/core/servers/basehttp.py", line 138, in log_message
   msg = "[%s] %s\n" % (self.log_date_time_string(), format % args)
  UnicodeDecodeError: 'ascii' codec can't decode byte 0xf9 in position 12: ordinal not in    range(128)
  ----------------------------------------

settings.py

   ...... 

   # secure proxy SSL header and secure cookies
   SECURE_SSL_REDIRECT = True
   SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
   SESSION_COOKIE_SECURE = True
   CSRF_COOKIE_SECURE = True

   # session expire at browser close
   SESSION_EXPIRE_AT_BROWSER_CLOSE = True

   # wsgi scheme
   os.environ['wsgi.url_scheme'] = 'https'
   ......

apache server.conf

 <IfModule mod_ssl.c>
    <VirtualHost *:80>
            ServerName mywebsite.com
            WSGIScriptAlias / /var/www/manage/manage/wsgi.py
    </VirtualHost>
    <VirtualHost _default_:443>
            ServerName mywebsite.com
            WSGIScriptAlias / /var/www/manage/manage/wsgi.py
            SSLEngine on
            SSLCertificateFile      /etc/apache2/ssl/apache.crt
            SSLCertificateKeyFile /etc/apache2/ssl/apache.key
            redirect permanent / https://5.5.0.38:8080
    </VirtualHost>
  </IfModule>

我也在django wsgi.py

中启用了HTTPS
  ......
  os.environ['HTTPS'] = "on"
  ..............

2 个答案:

答案 0 :(得分:1)

  

请求语法错误('\ x16 \ x03 \ x00 \ x00?

这是预期HTTP流量的HTTPS流量。我假设这是由apache.conf中的以下行引起的:

  

redirect permanent / https://5.5.0.38:8080

这指示浏览器访问给定的URL(可能是您的Django服务器)。它不会将请求转发到Django服务器(您可能想要的),而是指示浏览器发出新请求并直接从Django服务器获取资源,即前面没有apache。如果你想在另一台服务器前面使用apache,我认为你需要使用像ProxyPass或ProxyPassReverse这样的东西。

如果端口8080实际用于https,那将是非常罕见的,通常这仅用于http。因此,我假设您的Django服务器本身只是简单的http。

  

os.environ ['HTTPS'] =“on”

这不会使Django成为HTTPS服务器,但它只指示Django将所有链接创建为https链接。这支持了我的假设,即你的Django服务器本身只是简单的http。

答案 1 :(得分:1)

我认为正确答案如下:

  • 首先启用proxy_http模块,让apache将网址从https重新映射到http

    $ a2enmod proxy_http

  • 第二次删除https请求重定向到django

  • 添加ProxyPass和ProxyPassReverse,以便在http协议上将来自apache服务器的https请求传递给Django

    以下是我为apache.conf所做的事情

        <VirtualHost *:80>
                ServerName mywebsite.com
                WSGIScriptAlias / /var/www/manage/manage/wsgi.py
        </VirtualHost>
        <VirtualHost _default_:443>
                ServerName mywebsite.com
                WSGIScriptAlias / /var/www/manage/manage/wsgi.py
                SSLEngine on
                SSLCertificateFile      /etc/apache2/ssl/apache.crt
                SSLCertificateKeyFile /etc/apache2/ssl/apache-wp.key
                ProxyPass / http://myip:8080/
                ProxyPassReverse / http://myip:8080/
                #redirect permanent / https://myip:8080
        </VirtualHost>
    

还要确保所有http重写为https编辑 /etc/apache2/sites-enabled/000-default.conf apache文件,如下所示

<VirtualHost *:80>
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html
        RewriteEngine On
        RewriteCond %{HTTPS} !on
        RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>