[英]How to redirect http://www.example.com to https://example.com with middleware
I got lost in deployment of my first django-application.我在部署我的第一个 django 应用程序时迷路了。 The task I'm standing in front of is to redirect http://www to bare https://.
我面前的任务是将 http://www 重定向到裸 https://。 The following is already working:
以下已经在工作:
https://www » bare https:// https://www » 裸 https://
bare http:// » bare https://裸 http:// » 裸 https://
But if I just type in www.
但是如果我只是输入
www.
I land on the standard Ubuntu/Apache site.我登陆了标准的 Ubuntu/Apache 站点。
middleware.py中间件.py
from django.http import HttpResponsePermanentRedirect
class WwwRedirectMiddleware:
def __init__(self, get_response):
self.get_response = get_response
def __call__(self, request):
host = request.get_host().partition(':')[0]
if host == "www.example.com":
return HttpResponsePermanentRedirect(
"https://example.com" + request.path
)
else:
return self.get_response(request)
example.conf例子.conf
1 <VirtualHost *:80>
10 ServerName example.com
11 ServerAdmin marcel@example.com
12 DocumentRoot /var/www/html
31 RewriteEngine on
32 RewriteCond %{SERVER_NAME} =example.com
33 RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
34 </VirtualHost>
example-le-ssl.conf示例-le-ssl.conf
1 <IfModule mod_ssl.c>
2 <VirtualHost *:443>
11 ServerName example.com
12 ServerAdmin marcel@example.com
13 DocumentRoot /var/www/html
60 SSLCertificateFile /etc/letsencrypt/live/example.com-0001/fullchain.pem
61 SSLCertificateKeyFile /etc/letsencrypt/live/example.com-0001/privkey.pem
62 Include /etc/letsencrypt/options-ssl-apache.conf
63 </VirtualHost>
64 </IfModule>
This is what I get with curl这就是我用curl得到的
~$ curl -I http://example.com
HTTP/1.1 301 Moved Permanently
Date: Wed, 02 Dec 2020 08:03:02 GMT
Server: Apache/2.4.46 (Ubuntu)
Location: https://example.com/
Content-Type: text/html; charset=iso-8859-1
~$ curl -I http://www.example.com
HTTP/1.1 200 OK
Date: Wed, 02 Dec 2020 08:03:21 GMT
Server: Apache/2.4.46 (Ubuntu)
Last-Modified: Wed, 11 Nov 2020 22:26:44 GMT
ETag: "2aa6-5b3dc4a55bcd4"
Accept-Ranges: bytes
Content-Length: 10918
Vary: Accept-Encoding
Content-Type: text/html
~$ curl -I https://www.example.com
curl: (60) SSL: no alternative certificate subject name matches target host name 'www.example.com'
More details here: https://curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
But the certificates seem to be correct:但证书似乎是正确的:
~$ sudo certbot --apache -d example.com -d www.example.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Cert not yet due for renewal
You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.
(ref: /etc/letsencrypt/renewal/example.com.conf)
These may be two problems, but I do not know how to untangle them or if just one change could solve both...这可能是两个问题,但我不知道如何解决它们,或者如果只有一个更改可以解决这两个问题......
This is something that apache will do before the django app needs to, one does not need add django middleware.这是 apache 在 django 应用程序需要之前会做的事情,不需要添加 django 中间件。
<VirtualHost *:80>
ServerName example.com
ServerAlias www.example.com
ServerAdmin marcel@example.com
DocumentRoot /var/www/html
RewriteEngine on
RewriteCond %{HTTP_HOST} ^www\.
RewriteRule ^ https://example.com%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
As a second layer, in the settings.py set SECURE_SSL_REDIRECT = True
作为第二层,在 settings.py 中设置
SECURE_SSL_REDIRECT = True
There is also the ./manage.py check --deploy
management command to check and show all built in security settings.还有
./manage.py check --deploy
管理命令来检查和显示所有内置的安全设置。
*edit to show removal of the www
in domain name. *编辑以显示域名中
www
的删除。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.