[英]Django Apache SSL [code 400, message bad request]
我的Apache代理Web服务器和Django SSL出现问题,以下是错误,其次是Django 版本1.6.8的 SSL的Django settings.py和apache server.conf文件
----------------------------------------
[10/Jan/2015 09:11:33] code 400, message Bad request syntax ('\x16\x03\x00\x00?
Exception happened during processing of request from ('5.5.0.46', 38141)
Traceback (most recent call last):
File "/usr/lib/python2.7/SocketServer.py", line 593, in process_request_thread
self.finish_request(request, client_address)
File "/usr/lib/python2.7/SocketServer.py", line 334, in finish_request
self.RequestHandlerClass(request, client_address, self)
File "/usr/local/lib/python2.7/dist-packages/django/core/servers/basehttp.py", line 126, in __init__
super(WSGIRequestHandler, self).__init__(*args, **kwargs)
File "/usr/lib/python2.7/SocketServer.py", line 649, in __init__
self.handle()
File "/usr/lib/python2.7/wsgiref/simple_server.py", line 117, in handle
if not self.parse_request(): # An error code has been sent, just exit
File "/usr/lib/python2.7/BaseHTTPServer.py", line 286, in parse_request
self.send_error(400, "Bad request syntax (%r)" % requestline)
File "/usr/lib/python2.7/BaseHTTPServer.py", line 368, in send_error
self.send_response(code, message)
File "/usr/lib/python2.7/BaseHTTPServer.py", line 385, in send_response
self.log_request(code)
File "/usr/lib/python2.7/BaseHTTPServer.py", line 422, in log_request
self.requestline, str(code), str(size))
File "/usr/local/lib/python2.7/dist-packages/django/core/servers/basehttp.py", line 138, in log_message
msg = "[%s] %s\n" % (self.log_date_time_string(), format % args)
UnicodeDecodeError: 'ascii' codec can't decode byte 0xf9 in position 12: ordinal not in range(128)
----------------------------------------
settings.py
......
# secure proxy SSL header and secure cookies
SECURE_SSL_REDIRECT = True
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True
# session expire at browser close
SESSION_EXPIRE_AT_BROWSER_CLOSE = True
# wsgi scheme
os.environ['wsgi.url_scheme'] = 'https'
......
apache server.conf
<IfModule mod_ssl.c>
<VirtualHost *:80>
ServerName mywebsite.com
WSGIScriptAlias / /var/www/manage/manage/wsgi.py
</VirtualHost>
<VirtualHost _default_:443>
ServerName mywebsite.com
WSGIScriptAlias / /var/www/manage/manage/wsgi.py
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/apache.crt
SSLCertificateKeyFile /etc/apache2/ssl/apache.key
redirect permanent / https://5.5.0.38:8080
</VirtualHost>
</IfModule>
我也在django wsgi.py中启用了HTTPS
......
os.environ['HTTPS'] = "on"
..............
错误的请求语法('\\ x16 \\ x03 \\ x00 \\ x00?
这是HTTPS流量,需要HTTP流量。 我认为这是由您的apache.conf中的以下行引起的:
redirect permanent / https://5.5.0.38:8080
这指示浏览器改为访问给定的URL(可能是Django服务器)。 它不会将请求转发到Django服务器(您可能打算这样做),而是指示浏览器发出新请求并直接从Django服务器获取资源,而这无需前面的apache。 我想如果要在另一台服务器前使用apache,则需要改用ProxyPass或ProxyPassReverse之类的东西。
如果端口8080实际上用于https,这将是非常不寻常的,通常这仅用于http。 因此,我假设您的Django服务器本身仅讲纯HTTP。
os.environ ['HTTPS'] =“开启”
这不会使HTTPS服务器脱离Django,而只是指示Django将所有链接创建为https链接。 这支持了我的假设,即您的Django服务器本身仅执行纯http。
我认为正确的答案如下:
首先为apache启用proxy_http模块以将URL从https重新映射到http
$ a2enmod proxy_http
第二个删除https请求到django的重定向
添加ProxyPass和ProxyPassReverse以将HTTP请求从Apache服务器传递到基于HTTP协议的Django
以下是我为apache.conf做的
<VirtualHost *:80> ServerName mywebsite.com WSGIScriptAlias / /var/www/manage/manage/wsgi.py </VirtualHost> <VirtualHost _default_:443> ServerName mywebsite.com WSGIScriptAlias / /var/www/manage/manage/wsgi.py SSLEngine on SSLCertificateFile /etc/apache2/ssl/apache.crt SSLCertificateKeyFile /etc/apache2/ssl/apache-wp.key ProxyPass / http://myip:8080/ ProxyPassReverse / http://myip:8080/ #redirect permanent / https://myip:8080 </VirtualHost>
还要确保所有HTTP都重写为https,以编辑/etc/apache2/sites-enabled/000-default.conf apache文件,如下所示
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.