我遇到Apache代理Web服务器和Django SSL的问题以下是用于SSL的Django settings.py和apache server.conf文件的错误, django版本1.6.8
----------------------------------------
[10/Jan/2015 09:11:33] code 400, message Bad request syntax ('\x16\x03\x00\x00?
Exception happened during processing of request from ('5.5.0.46', 38141)
Traceback (most recent call last):
File "/usr/lib/python2.7/SocketServer.py", line 593, in process_request_thread
self.finish_request(request, client_address)
File "/usr/lib/python2.7/SocketServer.py", line 334, in finish_request
self.RequestHandlerClass(request, client_address, self)
File "/usr/local/lib/python2.7/dist-packages/django/core/servers/basehttp.py", line 126, in __init__
super(WSGIRequestHandler, self).__init__(*args, **kwargs)
File "/usr/lib/python2.7/SocketServer.py", line 649, in __init__
self.handle()
File "/usr/lib/python2.7/wsgiref/simple_server.py", line 117, in handle
if not self.parse_request(): # An error code has been sent, just exit
File "/usr/lib/python2.7/BaseHTTPServer.py", line 286, in parse_request
self.send_error(400, "Bad request syntax (%r)" % requestline)
File "/usr/lib/python2.7/BaseHTTPServer.py", line 368, in send_error
self.send_response(code, message)
File "/usr/lib/python2.7/BaseHTTPServer.py", line 385, in send_response
self.log_request(code)
File "/usr/lib/python2.7/BaseHTTPServer.py", line 422, in log_request
self.requestline, str(code), str(size))
File "/usr/local/lib/python2.7/dist-packages/django/core/servers/basehttp.py", line 138, in log_message
msg = "[%s] %s\n" % (self.log_date_time_string(), format % args)
UnicodeDecodeError: 'ascii' codec can't decode byte 0xf9 in position 12: ordinal not in range(128)
----------------------------------------
settings.py
......
# secure proxy SSL header and secure cookies
SECURE_SSL_REDIRECT = True
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True
# session expire at browser close
SESSION_EXPIRE_AT_BROWSER_CLOSE = True
# wsgi scheme
os.environ['wsgi.url_scheme'] = 'https'
......
apache server.conf
<IfModule mod_ssl.c>
<VirtualHost *:80>
ServerName mywebsite.com
WSGIScriptAlias / /var/www/manage/manage/wsgi.py
</VirtualHost>
<VirtualHost _default_:443>
ServerName mywebsite.com
WSGIScriptAlias / /var/www/manage/manage/wsgi.py
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/apache.crt
SSLCertificateKeyFile /etc/apache2/ssl/apache.key
redirect permanent / https://5.5.0.38:8080
</VirtualHost>
</IfModule>
我也在django wsgi.py
中启用了HTTPS ......
os.environ['HTTPS'] = "on"
..............
答案 0 :(得分:1)
请求语法错误('\ x16 \ x03 \ x00 \ x00?
这是预期HTTP流量的HTTPS流量。我假设这是由apache.conf中的以下行引起的:
redirect permanent / https://5.5.0.38:8080
这指示浏览器访问给定的URL(可能是您的Django服务器)。它不会将请求转发到Django服务器(您可能想要的),而是指示浏览器发出新请求并直接从Django服务器获取资源,即前面没有apache。如果你想在另一台服务器前面使用apache,我认为你需要使用像ProxyPass或ProxyPassReverse这样的东西。
如果端口8080实际用于https,那将是非常罕见的,通常这仅用于http。因此,我假设您的Django服务器本身只是简单的http。
os.environ ['HTTPS'] =“on”
这不会使Django成为HTTPS服务器,但它只指示Django将所有链接创建为https链接。这支持了我的假设,即你的Django服务器本身只是简单的http。
答案 1 :(得分:1)
我认为正确答案如下:
首先启用proxy_http模块,让apache将网址从https重新映射到http
$ a2enmod proxy_http
第二次删除https请求重定向到django
添加ProxyPass和ProxyPassReverse,以便在http协议上将来自apache服务器的https请求传递给Django
以下是我为apache.conf所做的事情
<VirtualHost *:80>
ServerName mywebsite.com
WSGIScriptAlias / /var/www/manage/manage/wsgi.py
</VirtualHost>
<VirtualHost _default_:443>
ServerName mywebsite.com
WSGIScriptAlias / /var/www/manage/manage/wsgi.py
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/apache.crt
SSLCertificateKeyFile /etc/apache2/ssl/apache-wp.key
ProxyPass / http://myip:8080/
ProxyPassReverse / http://myip:8080/
#redirect permanent / https://myip:8080
</VirtualHost>
还要确保所有http重写为https编辑 /etc/apache2/sites-enabled/000-default.conf apache文件,如下所示
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>