django + apache + ssl

960 views
Skip to first unread message

lingrlongr

unread,
Sep 17, 2008, 10:34:25 AM9/17/08
to Django users
I can't view my site over ssl. If I go to http://www.mysite.com, the
site works. If I go to https://www.mysite.com, I get a secure
connection, but my django app isn't get served, but rather /var/www/
index.html is. Here's my apache config for mysite:

<VirtualHost *:443>
ServerName mysite.com
ServerAlias www.mysite.com
<Location "/">
SetHandler python-program
PythonHandler django.core.handlers.modpython
SetEnv DJANGO_SETTINGS_MODULE mysite.settings
PythonDebug Off
PythonPath "['/home/django/django-projects/', '/home/django/
django-projects/mysite/'] + sys.path"
PythonInterpreter ssl_mysite
</Location>
</VirtualHost>

<VirtualHost *:80>
ServerName mysite.com
ServerAlias www.mysite.com
<Location "/">
SetHandler python-program
PythonHandler django.core.handlers.modpython
SetEnv DJANGO_SETTINGS_MODULE mysite.settings
PythonDebug Off
PythonPath "['/home/django/django-projects/', '/home/django/
django-projects/mysite/'] + sys.path"
PythonInterpreter mysite
</Location>
</VirtualHost>

keith

lingrlongr

unread,
Sep 17, 2008, 1:32:49 PM9/17/08
to Django users
Hmmm.... I played around a bit more. I don't think this is a Django
problem. I reduced the virtual host entry to:

<VirtualHost *:443>
ServerName mysite.com
ServerAliaswww.mysite.com
DocumentRoot "/home/django/test"
</VirtualHost>

That fails too. If I change that port to 80, it works. Must be
something my host has set up somewhere in the config...

keith

On Sep 17, 10:34 am, lingrlongr <keith.ebe...@gmail.com> wrote:
> I can't view my site over ssl.  If I go tohttp://www.mysite.com, the
> site works.  If I go tohttps://www.mysite.com, I get a secure

Steve Holden

unread,
Sep 17, 2008, 7:20:06 PM9/17/08
to django...@googlegroups.com
Note that you can only have one SSL server on an IP address: you can't
have multiple virtual hosts running SSL because the connection has to be
established (using the server's identity) before the Host: header can be
read.

I run the SSL server on my private server as a Virtual Host. This involves

SSLEngine On
SSLCertificateFile /etc/apache2/holdenweb.com.crt
SSLCertificateKeyFile /etc/apache2/holdenweb.com.key

regards
Steve

lingrlongr

unread,
Sep 17, 2008, 9:23:29 PM9/17/08
to Django users
It turns out that it was because i have multiple domains hosted at
this current location. The ssl.conf file for Apache was configured
for one of the other domains. One I configured that file for the
domain I wanted it for, and moved the VirtualHost stuff from
httpd.conf to ssl.conf, it worked.

Steve... probably not the place for this, but since you seem to know
about (and maybe someone else will benefit from this one day)... So
if I want to get an SSL cert for one of those other domains down the
road, I HAVE to get another web hosting account? I notice that in the
ssl.conf file, the virtual hosts were defined with IPs:

<VirtualHost 78.78.78.78:443>

... as opposed to httpd.conf where they are defined as:

<VirtualHost *:80>

You can't set up the virtual host in ssl.conf using a wildcard?

keith

Steve Holden

unread,
Sep 17, 2008, 9:53:03 PM9/17/08
to django...@googlegroups.com
Glad you've got the SSL up and running, anyway.

I wouldn't say I'm an expert, I just stab around until I get things to
work. I do so little server configuration any more I tend to forget much
of what I learned between bouts, and I'm afraid I'm away from home this
week so I don't have the notes I made with me.

You shouldn't necessarily need another account. OpenHosting, for example
(the company I use: very friendly, and great Python knowledge) will add
another IP address to my account for two bucks a month, I believe.

You definitely can set up virtuals with a wildcard IP, as I have done
just that in the server I was talking about. The main configuration file
doesn't configure any virtuals at all, then I include sub-configs for
the various different servers, which ends up looking like this:

sites-available/default:NameVirtualHost *:80
sites-available/default:<VirtualHost *:80>
sites-available/default:</VirtualHost>
sites-available/default.dpkg-dist:NameVirtualHost *
sites-available/default.dpkg-dist:<VirtualHost *>
sites-available/default.dpkg-dist:</VirtualHost>
sites-available/ssl:<VirtualHost *:443>
sites-available/ssl:</VirtualHost>

As you can see I am only running three sites on this server, so that
keeps it nice and easy (and at this distance I can't even remember what
default.dpkg-dist is for). I'm not sure why I chose to use wildcards,
but it *is* convenient to be able to access the site across the loopback
network (though I had to define localhost.holdenweb.com in order to
match the wildcard certificate I installed). If you use a specific IP
you lose that ability, since it has to match (though that depends on how
your network layer handles local connections to the external IP, I guess).

Anyway, hope this helps. Now back to the salt mines ...

regards
Steve

Reply all
Reply to author
Forward
0 new messages