[英]How do I get ssl certificate to work with my django app
I have purchased an ssl certificate and installed it on my ubuntu apache2 server as directed by the issuer. 我已经购买了ssl证书,并按照发行人的指示将其安装在我的ubuntu apache2服务器上。 I then then added the following to /etc/apache2/sites-available/ssl-[mysite]:
然后,我将以下内容添加到/ etc / apache2 / sites-available / ssl- [mysite]:
<VirtualHost *:443>
ServerAdmin [me]@[mysite]
ServerName www.[mysite]
ServerAlias [mysite]
# Indexes + Directory Root.
# DirectoryIndex index.html index.htm index.php
DocumentRoot [mysite htdocs]
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/[mysite].crt
SSLCertificateKeyFile /etc/apache2/ssl/[mysite].key
SSLCertificateChainFile /etc/apache2/ssl/sf_bundle.crt
WSGIScriptAlias /[myapp] /[myapp location]
</VirtualHost>
The ssl certificate is working like a dream for my base url, giving my the green lock symbol, but when I go to my app directory the lock symbol has a big red cross over it and I get this worrying message: ssl证书对我的基本URL像一个梦一样工作,给了我绿色的锁符号,但是当我进入我的应用程序目录时,锁符号上有一个很大的红叉,并且我得到以下令人担忧的消息:
Your connection to [mysite] is encrypted with 256-bit encryption.
您与[mysite]的连接已使用256位加密进行了加密。 However, this page includes other resources which are not secure.
但是,此页面包括其他不安全的资源。 These resources can be viewed by others while in transit, and can be modified by an attacker to change the behavior of the page.
这些资源可以在传输过程中被其他人查看,并且可以被攻击者修改以更改页面的行为。
This obviously will scare away practically anyone, is this an issue with Django or with my apache config or what? 显然,这几乎会吓跑任何人,这是Django还是我的apache配置问题还是什么?
I have know idea where to start with this, so suggestions are welcomed 我知道从哪里开始,所以欢迎提出建议
This warning means that you even though you are redirecting to an HTTPS link you are sending parts of your page over plain HTTP. 此警告意味着即使您重定向到HTTPS链接,您也将通过纯HTTP发送页面的一部分。
You should make sure that everything is over HTTPS to avoid this warning and pottential vulnerability. 您应该确保一切都通过HTTPS进行以避免该警告和潜在的漏洞。
I can't give you any hints on how to fix this since you haven't said much on your application and I don't know the apache2
configuration but hopefully you now have a starting point to see what to fix. 由于您对应用程序的讨论不多,而且我不了解
apache2
配置,因此我无法为您提供任何解决方法的提示,但希望您现在有一个起点来查看要解决的问题。
Usually you will see this warning on sites that have advertisments or embedded images 通常,您会在具有广告或嵌入图像的网站上看到此警告
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.