[英]Django Apache SSL [code 400, message bad request]
我的Apache代理Web服務器和Django SSL出現問題,以下是錯誤,其次是Django 版本1.6.8的 SSL的Django settings.py和apache server.conf文件
----------------------------------------
[10/Jan/2015 09:11:33] code 400, message Bad request syntax ('\x16\x03\x00\x00?
Exception happened during processing of request from ('5.5.0.46', 38141)
Traceback (most recent call last):
File "/usr/lib/python2.7/SocketServer.py", line 593, in process_request_thread
self.finish_request(request, client_address)
File "/usr/lib/python2.7/SocketServer.py", line 334, in finish_request
self.RequestHandlerClass(request, client_address, self)
File "/usr/local/lib/python2.7/dist-packages/django/core/servers/basehttp.py", line 126, in __init__
super(WSGIRequestHandler, self).__init__(*args, **kwargs)
File "/usr/lib/python2.7/SocketServer.py", line 649, in __init__
self.handle()
File "/usr/lib/python2.7/wsgiref/simple_server.py", line 117, in handle
if not self.parse_request(): # An error code has been sent, just exit
File "/usr/lib/python2.7/BaseHTTPServer.py", line 286, in parse_request
self.send_error(400, "Bad request syntax (%r)" % requestline)
File "/usr/lib/python2.7/BaseHTTPServer.py", line 368, in send_error
self.send_response(code, message)
File "/usr/lib/python2.7/BaseHTTPServer.py", line 385, in send_response
self.log_request(code)
File "/usr/lib/python2.7/BaseHTTPServer.py", line 422, in log_request
self.requestline, str(code), str(size))
File "/usr/local/lib/python2.7/dist-packages/django/core/servers/basehttp.py", line 138, in log_message
msg = "[%s] %s\n" % (self.log_date_time_string(), format % args)
UnicodeDecodeError: 'ascii' codec can't decode byte 0xf9 in position 12: ordinal not in range(128)
----------------------------------------
settings.py
......
# secure proxy SSL header and secure cookies
SECURE_SSL_REDIRECT = True
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True
# session expire at browser close
SESSION_EXPIRE_AT_BROWSER_CLOSE = True
# wsgi scheme
os.environ['wsgi.url_scheme'] = 'https'
......
apache server.conf
<IfModule mod_ssl.c>
<VirtualHost *:80>
ServerName mywebsite.com
WSGIScriptAlias / /var/www/manage/manage/wsgi.py
</VirtualHost>
<VirtualHost _default_:443>
ServerName mywebsite.com
WSGIScriptAlias / /var/www/manage/manage/wsgi.py
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/apache.crt
SSLCertificateKeyFile /etc/apache2/ssl/apache.key
redirect permanent / https://5.5.0.38:8080
</VirtualHost>
</IfModule>
我也在django wsgi.py中啟用了HTTPS
......
os.environ['HTTPS'] = "on"
..............
錯誤的請求語法('\\ x16 \\ x03 \\ x00 \\ x00?
這是HTTPS流量,需要HTTP流量。 我認為這是由您的apache.conf中的以下行引起的:
redirect permanent / https://5.5.0.38:8080
這指示瀏覽器改為訪問給定的URL(可能是Django服務器)。 它不會將請求轉發到Django服務器(您可能打算這樣做),而是指示瀏覽器發出新請求並直接從Django服務器獲取資源,而這無需前面的apache。 我想如果要在另一台服務器前使用apache,則需要改用ProxyPass或ProxyPassReverse之類的東西。
如果端口8080實際上用於https,這將是非常不尋常的,通常這僅用於http。 因此,我假設您的Django服務器本身僅講純HTTP。
os.environ ['HTTPS'] =“開啟”
這不會使HTTPS服務器脫離Django,而只是指示Django將所有鏈接創建為https鏈接。 這支持了我的假設,即您的Django服務器本身僅執行純http。
我認為正確的答案如下:
首先為apache啟用proxy_http模塊以將URL從https重新映射到http
$ a2enmod proxy_http
第二個刪除https請求到django的重定向
添加ProxyPass和ProxyPassReverse以將HTTP請求從Apache服務器傳遞到基於HTTP協議的Django
以下是我為apache.conf做的
<VirtualHost *:80> ServerName mywebsite.com WSGIScriptAlias / /var/www/manage/manage/wsgi.py </VirtualHost> <VirtualHost _default_:443> ServerName mywebsite.com WSGIScriptAlias / /var/www/manage/manage/wsgi.py SSLEngine on SSLCertificateFile /etc/apache2/ssl/apache.crt SSLCertificateKeyFile /etc/apache2/ssl/apache-wp.key ProxyPass / http://myip:8080/ ProxyPassReverse / http://myip:8080/ #redirect permanent / https://myip:8080 </VirtualHost>
還要確保所有HTTP都重寫為https,以編輯/etc/apache2/sites-enabled/000-default.conf apache文件,如下所示
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.