带有Flask-RESTful和mod_wsgi的HTTPS

Question

I am trying to restrict a Google Apps API Python client to HTTPS, using Flask-RESTful and mod_wsgi. The API itself appears to work, but I am running into errors when I point web browsers to the HTTPS url.

I'm fairly new to Python, Flask, and mod_wsgi, but I have the following pared-down example code:

/home/myself/testgoogle/testgoogle.py

#!/usr/local/bin/python
import json
import os
import sys

from DirectoryServiceObject import DirectoryServiceObject
from flask import Flask, request
from flask.ext.restful import abort, Api, Resource
from apiclient import errors
from apiclient.discovery import build

directory_service_object = DirectoryServiceObject().service_object

app = Flask( __name__ )
app.debug = True
api = Api( app )

class OrgUnitsList( Resource ):
    def get( self ):
        all_org_units = {}

        params = { "customerId": "my_customer" }

        try:
            all_org_units = directory_service_object.orgunits().list( **params ).execute()
        except errors.HttpError, e:
            error = json.loads(e.content)
            return error

        return all_org_units

api.add_resource( OrgUnitsList, "/orgunitslist" )

if __name__ == "__main__":
    app.run( host="secured.example.com", port=5001 )

/home/myself/testgoogle/testgoogle.wsgi

import sys
sys.path.insert( 0, "/home/myself/testgoogle" )
from testgoogle import app as application

/path/to/apache/ssl.conf

<VirtualHost 256.256.256.256:5001>
ServerName secured.example.com:5001

WSGIScriptAlias / /home/myself/testgoogle/testgoogle.wsgi

ErrorLog /home/myself/error.log
LogLevel warn
CustomLog /home/myself/access.log combined

<Directory /home/myself/testgoogle>
  WSGIProcessGroup testgoogle
  WSGIApplicationGroup %{GLOBAL}
  Order deny,allow
  Allow from all
</Directory>

</VirtualHost>

When I point my web browser to https://secured.example.com:5001/orgunitslist to get a list of my Google domain's organization units, I have the error "can't connect to the server 'secured.example.com'".

If I first run "python testgoogle.py" the API starts, but using the web browser ends up with "code 400, message Bad request syntax", and the browser hangs. I am assuming it is because the script is expecting HTTP. Of course, as expected going to the same URL using HTTP works, and I get a list of the org units.

What am I missing? What else do I need, or need to do differently, in order to restrict API calls to HTTPS?

Answer 1

I appear to have fixed the issue by making the following changes:

• testgoogle.py renamed to TestGoogleClient.py .
• testgoogle.wsgi renamed to TestGoogleWsgi.wsgi and I modified the last line to read from TestGoogleClient import app as application .

For some reason, having both .wsgi and .py files with the same name seemed to give me "app not found" errors.

I also modified my Apache config:

• Added Listen 256.256.256.256:5001 and WSGISocketPrefix /var/run/wsgi outside of the <VirtualHost> section.
• Added the following inside <VirtualHost> :
  • SSLEngine on
  • SSLCertificateFile /path/to/my/cert
  • SSLCertificateKeyFile /path/to/my/key
  • WSGIDaemonProcess TestGoogleClient python-path=/path/to/python/site-packages
  • WSGIProcessGroup TestGoogleClient
  • WSGIScriptAlias / /home/myself/testgoogle/TestGoogleWsgi.wsgi

And to top everything off, I needed my System Administrators to allow my app through the firewall.