Apache config to hook SSL into Django

问题

I have a django app that requires some user credentials. I want to send login/register data over HTTPS. I've self-generated a certificate to test out and have also requested an external certificate, though that's pending.

I want to make sure that I don't royally screw up my AWS instance. I've grabbed pieces from different tutorials. For instance, in one tutorial, the SSLCertificateKeyFile was a .pem file but another tutorial had it as a .key file. I could only find a .key file in my dirs, so I just used that. Also, I'm not sure if "IfDefine" conditional is necessary/applicable and I also don't know whether the last line of my SSL virtual host, which seems to be making a change based on sniffing IE, should be included.

My mod-WSGI config normally looks like this:

   <VirtualHost *:80>
    ServerName mysite.com
    ServerAlias www.mysite.com

    DocumentRoot /home/dir/

    Alias /media/ /home/dir/public_html/media/
    <Directory /home/dir/public_html/media>
    Options -Indexes
    Order deny,allow
    Allow from all
    </Directory>

    Alias /admin_media/ /home/dir/project/admin/
    <Directory /home/dir/project/admin >
    Order deny,allow
    Allow from all
    </Directory>

    WSGIScriptalias / /home/dir/project/apache/django.wsgi

     WSGIScriptalias / /home/dir/project/apache/django.wsgi
    <Directory /home/dir/project/apache >
    Order deny,allow
    Allow from all
    </Directory>

    ErrorLog /var/log/apache2/error.log
    </VirtualHost>

I've added the following virtual host for https connections:

    <IfDefine SSL>

    <VirtualHost *:443>

    ServerName mysite.com
    ServerAlias www.mysite.com

    DocumentRoot /home/dir/

    SSLEngine on
    SSLCertificateFile /usr/lib/ssl/www.mysite.com.crt
    SSLCertificateKeyFile /usr/lib/ssl/www.mysite.com.key

      #SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown

     </VirtualHost>
     </IfDefine>

Does this look about right? Is this sufficient to start requiring https for certain views via a custom decorator? I also want to require https for requests to admin. I've seen the following:

RewriteRule (.*) https://example.com/$1 [L,R=301] ...

I wasn't sure how to make that RewriteRule work without getting rid of Alias-ing. How should I handle that?

Thanks!

来源：https://stackoverflow.com/questions/5765706/apache-config-to-hook-ssl-into-django

标签

django

apache

ssl

django-wsgi