Posting http request after enabeling TLS/SSL - django

I have a website using Angular for the frontend, Django for the backend and they are being served using Apache.
It was working properly until I enabled TLS/SSL using letsencrypt.
Since then I was still able to access the website using https, but all my http request to the backend give errors.
The error message is:
Http failure response for http://backend.IP:8080/api/load_data/: 0 Unknown Error
If I call the API function from the browser like this:
http://backend.IP:8080/api/load_data/
It works well and returns the expected data from the backend, but when posting http request from the code it gives the previous error.
Here is apache configurations for the frontend.conf:
<VirtualHost *:80>
DocumentRoot "/home/ubuntu/myproject/static/"
# Other directives here
DirectoryIndex index.php index.htm index.html
<Directory "/home/ubuntu/myproject/static">
AllowOverride All
Require all granted
</Directory>
# Logs
ErrorLog /var/log/apache2/frontend_error.log
CustomLog /var/log/apache2/frontend_access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =test.myproject.org
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
Here is the frontend-le-ssl.conf:
<IfModule mod_ssl.c>
SSLStaplingCache shmcb:/var/run/apache2/stapling_cache(128000)
<VirtualHost *:443>
DocumentRoot "/home/ubuntu/myproject/static/"
# Other directives here
DirectoryIndex index.php index.htm index.html
<Directory "/home/ubuntu/myproject/static">
AllowOverride All
Require all granted
</Directory>
# Logs
ErrorLog /var/log/apache2/frontend_error.log
CustomLog /var/log/apache2/frontend_access.log combined
ServerName test.myproject.org
SSLCertificateFile /etc/letsencrypt/live/test.myproject.org/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/test.myproject.org/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
Header always set Strict-Transport-Security "max-age=31536000"
SSLUseStapling on
Header always set Content-Security-Policy upgrade-insecure-requests
</VirtualHost>
</IfModule>
Here is the 000-default.conf:
<VirtualHost *:8080>
ServerAdmin webmaster#localhost
DocumentRoot /var/www/html
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
Alias /static /home/ubuntu/myproject/static
<Directory /home/ubuntu/myproject/static>
Require all granted
</Directory>
<Directory /home/ubuntu/myproject/myproject >
<Files wsgi.py>
Require all granted
</Files>
</Directory>
WSGIDaemonProcess myproject python-home=/home/ubuntu/myproject/venv python-path=/home/ubuntu/myproject
WSGIProcessGroup myproject
WSGIScriptAlias / /home/ubuntu/myproject/myproject/wsgi.py
</VirtualHost>
Angular environment.prod.ts:
export const environment = {
appVersion: require('../../package.json').version,
production: true,
apiURL: 'http://backend.IP:8080/api/',
mediaURL: 'http://backend.IP:8080',
};
Angular proxy.conf.json:
{
"/api": {
"target": "http://backend.IP:80",
"secure": false
},
"/media": {
"target": "http://backend.IP:80",
"secure": false
}
}
Backend settings.py:
SESSION_COOKIE_SECURE=True
SESSION_COOKIE_HTTPONLY=True
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTOCOL', 'https')
ALLOWED_HOSTS = ['backend.IP',
'http://backend.IP',
'http://backend.IP:8080',
'https://backend.IP',
'https://backend.IP:8080',
'127.0.0.1',
'http://www.mproject.org/',
'https://www.mproject.org/',
'mproject.org/']
CORS_ORIGIN_WHITELIST = (
'https://localhost:4200',
'https://localhost:8000',
'https://localhost:8080',
'https://backend.IP:8080',
'http://backend.IP:8080',
'https://backend.IP:80',
'http://backend.IP:80',
)
CORS_ALLOW_CREDENTIALS = True
In the wsgi.py:
os.environ['HTTPS'] = "on"
I am completely new to these stuffs, and I followed several tutorials to reach this point but I am still missing something to allow the http requests after the setting the STL/SSL up.

Related

Ubuntu Apache taking long time to respond and getting This site can’t be reached

Hi Guys I am trying to route my domain to server 139.5X.X.XXX
Following is My DNS record Details in Hostinger :-
Type Name Priority Content IP-V4 TTL
A www 0 139.5X.X.XXX 600
A # 0 139.5X.X.XXX 14400
Now I am seeing default apache page while browsing the domain (Server serving default apache page (Digital Ocean Ubuntu Droplet)) .
But after configuring a Django service to domain it taking too long to respond and ending up with "This Site can't be Reached"
following is the conf file which I am using
<VirtualHost *:80>
ServerName tellie.in
ServerAlias www.tellie.in
Redirect permanent / https://tellie.in/
RewriteEngine on
RewriteCond %{SERVER_NAME} =tellie.in [OR]
RewriteCond %{SERVER_NAME} =www.tellie.in
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
<VirtualHost *:443>
ServerAdmin admin#tellie.in
ServerName tellie.in
ServerAlias www.tellie.in
DocumentRoot /home/srv/telli
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
Alias /static /home/srv/telli/telli/static
<Directory /home/srv/telli/telli/static>
Options FollowSymLinks
AllowOverride None
Require all granted
</Directory>
Alias /media /home/srv/telli/telli/media
<Directory /home/srv/telli/telli/media>
Options FollowSymLinks
AllowOverride None
Require all granted
</Directory>
<Directory /home/srv/telli/telli/telli>
<Files wsgi.py>
Require all granted
</Files>
</Directory>
WSGIDaemonProcess telli python-path=/home/srv/telli/telli python-home=/home/srv/telli/venv
WSGIProcessGroup telli
WSGIScriptAlias / /home/srv/telli/telli/telli/wsgi.py
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/tellie.in/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/tellie.in/privkey.pem
</VirtualHost>
Is there anything wrong that could cause the problem I am facing

Make sure that Apache has rx access to the directories under /home/srv/, It is better to move the code out of HOME and in a general mountpoint as /var or /data

Migration to AWS - Https redirection issues (Drupal)

I've setup SSL certification on AWS.
However, this seems to be automatically redirecting to https rather than hitting our vhosts file..
The pages are erroring out with the following...
mixed Content: The page at 'https://preprod-example.co.uk/' was loaded over HTTPS, but requested an insecure stylesheet 'http://preprod-example.co.uk/modules/system/system.base.css?ow428z'. This request has been blocked; the content must be served over HTTPS.
The vhosts file:
<VirtualHost *:80>
DocumentRoot "/var/www/html/example/production"
ServerName preprod-example.co.uk
<Directory /var/www/html/example/production>
order allow,deny
allow from all
AllowOverride all
</Directory>
</VirtualHost>
<VirtualHost *:443>
DocumentRoot "/var/www/html/example/production"
ServerName preprod-example.co.uk
<Directory /var/www/html/example/production>
order allow,deny
allow from all
AllowOverride all
</Directory>
</VirtualHost>
Where am I going wrong or is this maybe an issue with AWS?

SetEnvIf X-Forwarded-Proto "^https$" HTTPS=on
you can use SetEnvif just before your 443 virtual host
<VirtualHost *:80>
DocumentRoot "/var/www/html/example/production"
ServerName preprod-example.co.uk
<Directory /var/www/html/example/production>
order allow,deny
allow from all
AllowOverride all
</Directory>
</VirtualHost>
SetEnvIf X-Forwarded-Proto "^https$" HTTPS=on
<VirtualHost *:443>
DocumentRoot "/var/www/html/example/production"
ServerName preprod-example.co.uk
<Directory /var/www/html/example/production>
order allow,deny
allow from all
AllowOverride all
</Directory>
</VirtualHost>

Configuring Apache with Django

I'm trying to configure Apache with Django. Everything is working except the admin panel. It's static files are not loading. The documentation talks about different ways of doing it but none are working for me.
Here is my 0000-default.conf:
<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerAdmin maahd#meddy.co
DocumentRoot /var/www/html
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/html>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
Alias /static /var/www/html/sp-django-master/meddy1/static
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
</VirtualHost>
include sites-available/meddy.co.conf
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
Here is my meddy.co.conf where meddy.co is my website:
<VirtualHost *:80>
ServerName ec2-54-254-141-40.ap-southeast-1.compute.amazonaws.com
ServerAlias www.ec2-54-254-141-40.ap-southeast-1.compute.amazonaws.com
WSGIScriptAlias / /var/www/html/sp-django-master/meddy.wsgi
DocumentRoot /var/www/html/sp-django-master
#Alias /static /var/www/html/sp-django-master/meddy1/static
<Location "/static/">
Options -Indexes
</Location>
#AliasMatch ^/([^/]*\.css) /var/www/html/sp-django-master/meddy1/static/meddy1/css/$1
AliasMatch ^/([^/meddy1]*\.css) /var/www/html/sp-django-master/meddy1/static/meddy1/css/$1
AliasMatch ^/([^/admin]*\.css) /var/www/html/sp-django-master/static/admin/css/$1
Alias /static/ /var/www/html/sp-django-master/meddy1/static/
<Directory /var/www/html/sp-django-master/meddy1/static>
Require all granted
</Directory>
<Directory /var/www/html/sp-django-master/mysite>
<Files wsgi.py>
Require all granted
</Files>
</Directory>
Alias /media/ /var/www/html/sp-django-master/uploads/
<Directory /var/www/html/sp-django-master/uploads>
Require all granted
</Directory>
Alias /static/admin/ /var/www/html/sp-django-master/static/admin/
</VirtualHost>
Any help would be appreciated.

Django Based framework virtual host setup https on Apache

I am using a django based framework and have successfully figured Apache settings for http mode. Basically I have done the setting correctly on <VirtualHost *:80> ... </VirtualHost> and when I do, http://mysite.domain.com I get routed correctly to my site and the site pages and the skins get render correctly.
I have setup https://mysite.domain.com to work with shibboleth, shibboleth is working and when use the https I get routed to login credential page via shibboleth server, and after successful login I get redirect to https://mysite.domain.com but site doesn't get rendered correctly and skins don't show up as same as http://mysite.domain.com.
Here is my Apache settings, I am trying to understand what I am doing wrong here
<VirtualHost *:443>
ServerAdmin myname#mydomain.com
DocumentRoot /code/vEnviornment/mysite
ServerName mydomain.com
#<LocationMatch "^(?!/admin)">
#<LocationMatch "^(?!/m)">
# RewriteEngine on
# RewriteRule django.wsgi(.*)$ https://mydomain.com:443$1 [L,R=301]
#</LocationMatch>
SSLEngine on
#your SSL keys
#I have removed this wasn't comfortable putting SSL key info
#Alias /admin/media/ /usr/local/lib/python2.6/site-packages/django/contrib/admin/media/
Alias /admin/media/ /usr/local/lib/python2.7/dist-packages/django/contrib/admin/media/
WSGIScriptAlias /m/ /code/vEnviornment/mysite/django.wsgi
<Directory "/">
AuthType shibboleth
ShibRequestSetting requireSession 1
Require valid-user
</Directory>
Alias /Shibboleth.sso /tmp
# CustomLog /var/log/httpd/mysite/access_log common
# ErrorLog /var/log/httpd/mysite/error_log
CustomLog /var/log/apache2/mysite/access_log common
ErrorLog /var/log/apache2/mysite/error_log
</VirtualHost>
And here is how I have hetup http:
<VirtualHost *:80>
ServerAdmin myname#mydomain.com
DocumentRoot /code/vEnviornment/mysite
ServerName mysite.mydomain.com
#aliases to serve static media directly
#will probably need adjustment
Alias /m/ /code/vEnviornment/mysite/static/
Alias /upfiles/ /code/vEnviornment/mysite/myframework/upfiles/
<DirectoryMatch "/code/vEnviornment/mysite/myframework/skins/([^/]+)/media">
Order deny,allow
Allow from all
</DirectoryMatch>
<Directory "/code/vEnviornment/mysite/myframework/upfiles">
Order deny,allow
Allow from all
</Directory>
#must be a distinct name within your apache configuration
WSGIDaemonProcess mysite2
WSGIProcessGroup mysite2
WSGIScriptAlias / /code/vEnviornment/mysite/django.wsgi
#make all admin stuff except media go through secure connection
<LocationMatch "/admin(?!/media)">
RewriteEngine on
RewriteRule /admin(.*)$ https://128.101.35.71/admin$1 [L,R=301]
</LocationMatch>
# CustomLog /var/log/httpd/mysite/access_log common
# ErrorLog /var/log/httpd/mysite/error_log
CustomLog /var/log/apache2/mysite/access_log common
ErrorLog /var/log/apache2/mysite/error_log
LogLevel debug
</VirtualHost>
What am I doing wrong here to render the site incorrectly via https?

Alias /m/ /code/vEnviornment/mysite/static/
Alias /upfiles/ /code/vEnviornment/mysite/myframework/upfiles/
These two lines are missing in https virual host
and
your WSGIScriptAlias should point to / not /m/

Deploy a Django site and a PHP site on the same server with Apache and mod_wsgi

I currently have a Django site working at cinepass.com.ec , I would like to deploy an additional PHP site to the same server at mobile.cinepass.com.ec
My current httpd.conf (from DjangoFoo) :
<Directory "/home/ec2-user/cinepass/media">
Order deny,allow
Allow from all
</Directory>
<Directory "/home/ec2-user/cinepass/cinepass">
AllowOverride All
Order deny,allow
Allow from all
</Directory>
Alias /media/ /home/ec2-user/cinepass/media/
ServerAdmin smansfield#palapa.com.ec
ErrorLog "logs/cinepass.com-error_log"
CustomLog "logs/cinepass.com-access_log" common
# mod_wsgi configuration is here
# we are running as user/group 'deamon', if you don't have those you need to change or create.
WSGIDaemonProcess cinepass python-path=/home/ec2-user/cinepass:/home/ec2-user/cinepass/venv/lib/python2.6/site-packages user=daemon group=daemon processes=2 threads=25
WSGIProcessGroup cinepass
# this is our WSGI file.
WSGIScriptAlias / /home/ec2-user/cinepass/cinepass/wsgi.py
My current wsgi.py :
import os, sys
sys.path.append('/home/')
sys.path.append('/home/ec2-user/cinepass/')
os.environ.setdefault("DJANGO_SETTINGS_MODULE", "cinepass.settings_production.py")
os.environ['PYTHON_EGG_CACHE'] = '/tmp'
from django.core.wsgi import get_wsgi_application
application = get_wsgi_application()
How would I edit my Apache configuration so that I can also run a php site at mobile.cinepass.com.ec?

Using apache´s virtualhosts, here I put an example of something similar in a server of mine, in which I have a djangp app in the main domain and a joomla in a subdomain. Both files are located in /etc/apache2/sites-enabled
Joomla´s apache conf file (named /etc/apache2/sites-enabled/manual.domain.com):
NameVirtualHost *:80
<VirtualHost *:80>
ServerAdmin dsanabria#domain.com
ServerName manual.domain.com
DocumentRoot "/home/ubuntu/manual/"
<Directory /home/ubuntu/manual/>
Order deny,allow
Allow from all
</Directory>
ErrorLog /var/log/apache2/manual.domain-error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel debug
CustomLog /var/log/apache2/manual.domain-access.log combined
</VirtualHost>
And the django app (named /etc/apache2/sites-enabled/www.domain.co):
NameVirtualHost *:80
<VirtualHost *:80>
ServerAdmin diego#diegue.us
ServerName domain.co
ServerAlias machete.anotherdomain.com
Alias /admin/media/ /home/ubuntu/webapps/machete/lib/python2.7/site-packages/grappelli/media/
Alias /media/ /home/ubuntu/webapps/machete/machete/media/
Alias /static/ /home/ubuntu/webapps/machete/machete/collected/
<Directory /home/ubuntu/webapps/machete/lib/python2.7/site-packages/grappelli/media/>
Order deny,allow
Allow from all
</Directory>
<Directory /home/ubuntu/webapps/machete/lib/python2.7/site-packages/django/contrib/admin/media/ >
Order deny,allow
Allow from all
</Directory>
<Directory /home/ubuntu/webapps/machete/machete/media/>
Order deny,allow
Allow from all
</Directory>
<Directory /home/ubuntu/webapps/machete/machete/collected/>
Order deny,allow
Allow from all
</Directory>
WSGIScriptReloading On
WSGIDaemonProcess machete python-path=/home/ubuntu/webapps/machete/lib/python2.7/site-packages
WSGIProcessGroup machete
WSGIApplicationGroup machete
WSGIPassAuthorization On
WSGIScriptAlias / /home/ubuntu/webapps/machete/machete/machete/wsgi.py
ErrorLog /var/log/apache2/machete-error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel debug
CustomLog /var/log/apache2/machete-access.log combined
</VirtualHost>
The first, tells to apache, that if the user gets to manual.domain.com, just response with a php application (joomla). The second file says to apache, that if the user calls the server with www.domain.com response with a python wsgy, (django).
This is in a ubuntu server, redhat/centos/fedora locates the folder sites-enabled in another location that I can´t remember, but anyway you can use virtualhosts.
Generraly, I avoid to mess with the httpd.conf file and prefer use virtualhosts.