I have a django app that requires some user credentials. I want to send login/register data over HTTPS. I've self-generated a certificate to test out and have also requested an external certificate, though that's pending.
I want to make sure that I don't royally screw up my AWS instance. I've grabbed pieces from different tutorials. For instance, in one tutorial, the SSLCertificateKeyFile was a .pem file but another tutorial had it as a .key file. I could only find a .key file in my dirs, so I just used that. Also, I'm not sure if "IfDefine" conditional is necessary/applicable and I also don't know whether the last line of my SSL virtual host, which seems to be making a change based on sniffing IE, should be included.
My mod-WSGI config normally looks like this:
<VirtualHost *:80>
ServerName mysite.com
ServerAlias www.mysite.com
DocumentRoot /home/dir/
Alias /media/ /home/dir/public_html/media/
<Directory /home/dir/public_html/media>
Options -Indexes
Order deny,allow
Allow from all
</Directory>
Alias /admin_media/ /home/dir/project/admin/
<Directory /home/dir/project/admin >
Order deny,allow
Allow from all
</Directory>
WSGIScriptalias / /home/dir/project/apache/django.wsgi
WSGIScriptalias / /home/dir/project/apache/django.wsgi
<Directory /home/dir/project/apache >
Order deny,allow
Allow from all
</Directory>
ErrorLog /var/log/apache2/error.log
</VirtualHost>
I've added the following virtual host for https connections:
<IfDefine SSL>
<VirtualHost *:443>
ServerName mysite.com
ServerAlias www.mysite.com
DocumentRoot /home/dir/
SSLEngine on
SSLCertificateFile /usr/lib/ssl/www.mysite.com.crt
SSLCertificateKeyFile /usr/lib/ssl/www.mysite.com.key
#SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
</VirtualHost>
</IfDefine>
Does this look about right? Is this sufficient to start requiring https for certain views via a custom decorator? I also want to require https for requests to admin. I've seen the following:
RewriteRule (.*) https://example.com/$1 [L,R=301] ...
I wasn't sure how to make that RewriteRule work without getting rid of Alias-ing. How should I handle that?
Thanks!
来源:https://stackoverflow.com/questions/5765706/apache-config-to-hook-ssl-into-django