I have issue with Apache proxy web server and Django SSL the following is the error followed by the Django settings.py and apache server.conf file for SSL, django version 1.6.8
----------------------------------------
[10/Jan/2015 09:11:33] code 400, message Bad request syntax ('\x16\x03\x00\x00?
Exception happened during processing of request from ('5.5.0.46', 38141)
Traceback (most recent call last):
File "/usr/lib/python2.7/SocketServer.py", line 593, in process_request_thread
self.finish_request(request, client_address)
File "/usr/lib/python2.7/SocketServer.py", line 334, in finish_request
self.RequestHandlerClass(request, client_address, self)
File "/usr/local/lib/python2.7/dist-packages/django/core/servers/basehttp.py", line 126, in __init__
super(WSGIRequestHandler, self).__init__(*args, **kwargs)
File "/usr/lib/python2.7/SocketServer.py", line 649, in __init__
self.handle()
File "/usr/lib/python2.7/wsgiref/simple_server.py", line 117, in handle
if not self.parse_request(): # An error code has been sent, just exit
File "/usr/lib/python2.7/BaseHTTPServer.py", line 286, in parse_request
self.send_error(400, "Bad request syntax (%r)" % requestline)
File "/usr/lib/python2.7/BaseHTTPServer.py", line 368, in send_error
self.send_response(code, message)
File "/usr/lib/python2.7/BaseHTTPServer.py", line 385, in send_response
self.log_request(code)
File "/usr/lib/python2.7/BaseHTTPServer.py", line 422, in log_request
self.requestline, str(code), str(size))
File "/usr/local/lib/python2.7/dist-packages/django/core/servers/basehttp.py", line 138, in log_message
msg = "[%s] %s\n" % (self.log_date_time_string(), format % args)
UnicodeDecodeError: 'ascii' codec can't decode byte 0xf9 in position 12: ordinal not in range(128)
----------------------------------------
settings.py
......
# secure proxy SSL header and secure cookies
SECURE_SSL_REDIRECT = True
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True
# session expire at browser close
SESSION_EXPIRE_AT_BROWSER_CLOSE = True
# wsgi scheme
os.environ['wsgi.url_scheme'] = 'https'
......
apache server.conf
<IfModule mod_ssl.c>
<VirtualHost *:80>
ServerName mywebsite.com
WSGIScriptAlias / /var/www/manage/manage/wsgi.py
</VirtualHost>
<VirtualHost _default_:443>
ServerName mywebsite.com
WSGIScriptAlias / /var/www/manage/manage/wsgi.py
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/apache.crt
SSLCertificateKeyFile /etc/apache2/ssl/apache.key
redirect permanent / https://5.5.0.38:8080
</VirtualHost>
</IfModule>
Also i enabled HTTPS in django wsgi.py
......
os.environ['HTTPS'] = "on"
..............
Bad request syntax ('\\x16\\x03\\x00\\x00?
This is HTTPS traffic where HTTP traffic is expected. I assume this is caused by the following line in your apache.conf:
redirect permanent / https://5.5.0.38:8080
This instructs the browser to access the given URL (probably your Django server) instead. It does not forward the request to the Django server (what you've probably intended) but instead instructs the browser to make a new request and fetch the resource directly from the Django server, that is without apache in front. I think you need to use instead something like ProxyPass or ProxyPassReverse if you want to use apache in front of another server.
It would be very unusual if port 8080 is actually used for https, usually this is used for http only. Therefore I assume that your Django server itself is only speaking plain http.
os.environ['HTTPS'] = "on"
This does not make a HTTPS server out of Django, but it only instructs Django to create all links as https links. This supports my assumption that your Django server itself does only plain http.
I think the right answer is as following:
first enable the proxy_http module for apache to remap the url from https to http
$ a2enmod proxy_http
second remove the redirection of https requests to django
add ProxyPass and ProxyPassReverse to pass the https requests from apache server to Django on http protocol
the following is what i did for apache.conf
<VirtualHost *:80> ServerName mywebsite.com WSGIScriptAlias / /var/www/manage/manage/wsgi.py </VirtualHost> <VirtualHost _default_:443> ServerName mywebsite.com WSGIScriptAlias / /var/www/manage/manage/wsgi.py SSLEngine on SSLCertificateFile /etc/apache2/ssl/apache.crt SSLCertificateKeyFile /etc/apache2/ssl/apache-wp.key ProxyPass / http://myip:8080/ ProxyPassReverse / http://myip:8080/ #redirect permanent / https://myip:8080 </VirtualHost>
also make sure that all http rewrite to https edit the /etc/apache2/sites-enabled/000-default.conf apache file as shown below
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.