[英]HTTPS with Flask-RESTful and mod_wsgi
I am trying to restrict a Google Apps API Python client to HTTPS, using Flask-RESTful and mod_wsgi. 我正在尝试使用Flask-RESTful和mod_wsgi将Google Apps API Python客户端限制为HTTPS。 The API itself appears to work, but I am running into errors when I point web browsers to the HTTPS url.
该API本身似乎可以正常工作,但是当我将Web浏览器指向HTTPS网址时遇到了错误。
I'm fairly new to Python, Flask, and mod_wsgi, but I have the following pared-down example code: 我对Python,Flask和mod_wsgi相当陌生,但是我有以下简化的示例代码:
/home/myself/testgoogle/testgoogle.py /home/myself/testgoogle/testgoogle.py
#!/usr/local/bin/python
import json
import os
import sys
from DirectoryServiceObject import DirectoryServiceObject
from flask import Flask, request
from flask.ext.restful import abort, Api, Resource
from apiclient import errors
from apiclient.discovery import build
directory_service_object = DirectoryServiceObject().service_object
app = Flask( __name__ )
app.debug = True
api = Api( app )
class OrgUnitsList( Resource ):
def get( self ):
all_org_units = {}
params = { "customerId": "my_customer" }
try:
all_org_units = directory_service_object.orgunits().list( **params ).execute()
except errors.HttpError, e:
error = json.loads(e.content)
return error
return all_org_units
api.add_resource( OrgUnitsList, "/orgunitslist" )
if __name__ == "__main__":
app.run( host="secured.example.com", port=5001 )
/home/myself/testgoogle/testgoogle.wsgi /home/myself/testgoogle/testgoogle.wsgi
import sys
sys.path.insert( 0, "/home/myself/testgoogle" )
from testgoogle import app as application
/path/to/apache/ssl.conf /path/to/apache/ssl.conf
<VirtualHost 256.256.256.256:5001>
ServerName secured.example.com:5001
WSGIScriptAlias / /home/myself/testgoogle/testgoogle.wsgi
ErrorLog /home/myself/error.log
LogLevel warn
CustomLog /home/myself/access.log combined
<Directory /home/myself/testgoogle>
WSGIProcessGroup testgoogle
WSGIApplicationGroup %{GLOBAL}
Order deny,allow
Allow from all
</Directory>
</VirtualHost>
When I point my web browser to https://secured.example.com:5001/orgunitslist
to get a list of my Google domain's organization units, I have the error "can't connect to the server 'secured.example.com'". 当我将网络浏览器指向
https://secured.example.com:5001/orgunitslist
以获得我的Google域的组织单位列表时,出现错误“无法连接到服务器'secured.example.com” ”。
If I first run "python testgoogle.py" the API starts, but using the web browser ends up with "code 400, message Bad request syntax", and the browser hangs. 如果我第一次运行“ python testgoogle.py”,那么该API会启动,但使用Web浏览器最终会显示“代码400,消息错误的请求语法”,浏览器将挂起。 I am assuming it is because the script is expecting HTTP.
我认为这是因为脚本需要HTTP。 Of course, as expected going to the same URL using HTTP works, and I get a list of the org units.
当然,正如预期的那样,使用HTTP可以访问相同的URL,并且我得到了组织单位的列表。
What am I missing? 我想念什么? What else do I need, or need to do differently, in order to restrict API calls to HTTPS?
为了限制对HTTPS的API调用,我还需要做些什么或需要做些不同的事情?
I appear to have fixed the issue by making the following changes: 我似乎通过以下更改解决了该问题:
from TestGoogleClient import app as application
. from TestGoogleClient import app as application
读取。 For some reason, having both .wsgi and .py files with the same name seemed to give me "app not found" errors. 由于某种原因,同时具有相同名称的.wsgi和.py文件似乎会给我“找不到应用”错误。
I also modified my Apache config: 我还修改了我的Apache配置:
Listen 256.256.256.256:5001
and WSGISocketPrefix /var/run/wsgi
outside of the <VirtualHost>
section. <VirtualHost>
部分之外添加了Listen 256.256.256.256:5001
和WSGISocketPrefix /var/run/wsgi
。 <VirtualHost>
: <VirtualHost>
内部添加了以下内容:
SSLEngine on
SSLCertificateFile /path/to/my/cert
SSLCertificateKeyFile /path/to/my/key
WSGIDaemonProcess TestGoogleClient python-path=/path/to/python/site-packages
WSGIProcessGroup TestGoogleClient
WSGIScriptAlias / /home/myself/testgoogle/TestGoogleWsgi.wsgi
And to top everything off, I needed my System Administrators to allow my app through the firewall. 最重要的是,我需要系统管理员允许我的应用通过防火墙。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.