I have a django app that requires some user credentials. I want to send login/register data over HTTPS. I've self-generated a certificate to test out and have also requested an external certificate, though that's pending.
I want to make sure that I don't royally screw up my AWS instance. I've grabbed pieces from different tutorials. For instance, in one tutorial, the SSLCertificateKeyFile was a .pem file but another tutorial had it as a .key file. I could only find a .key file in my dirs, so I just used that. Also, I'm not sure if "IfDefine" conditional is necessary/applicable and I also don't know whether the last line of my SSL virtual host, which seems to be making a change based on sniffing IE, should be included.
My mod-WSGI config normally looks like this:
<VirtualHost *:80>
ServerName mysite.com
ServerAlias www.mysite.com
DocumentRoot /home/dir/
Alias /media/ /home/dir/public_html/media/
<Directory /home/dir/public_html/media>
Options -Indexes
Order deny,allow
Allow from all
</Directory>
Alias /admin_media/ /home/dir/project/admin/
<Directory /home/dir/project/admin >
Order deny,allow
Allow from all
</Directory>
WSGIScriptalias / /home/dir/project/apache/django.wsgi
WSGIScriptalias / /home/dir/project/apache/django.wsgi
<Directory /home/dir/project/apache >
Order deny,allow
Allow from all
</Directory>
ErrorLog /var/log/apache2/error.log
</VirtualHost>
I've added the following virtual host for https connections:
<IfDefine SSL>
<VirtualHost *:443>
ServerName mysite.com
ServerAlias www.mysite.com
DocumentRoot /home/dir/
SSLEngine on
SSLCertificateFile /usr/lib/ssl/www.mysite.com.crt
SSLCertificateKeyFile /usr/lib/ssl/www.mysite.com.key
#SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
</VirtualHost>
</IfDefine>
Does this look about right? Is this sufficient to start requiring https for certain views via a custom decorator? I also want to require https for requests to admin. I've seen the following:
RewriteRule (.*) https://example.com/$1 [L,R=301]
...
I wasn't sure how to make that RewriteRule work without getting rid of Alias-ing. How should I handle that?
Thanks!
Related
I have a WAMP Server 3.2 (Apache 2.4.46) installed on Windows 10 (64-bits), it is exposed to the local company network. I use it to host ordinary php/js applications. My httpd-vhosts.conf is used to look like this:
<VirtualHost *:80>
ServerName RealNameOfTheServer
DocumentRoot "d:/projects"
<Directory "d:/projects/">
Options +Indexes +Includes +FollowSymLinks +MultiViews
AllowOverride All
Require all granted
</Directory>
</VirtualHost>
Now I got a Django app which preferably needs to be hosted with the same server (since I don't have any other) along with other php applications. I tried to follow the example to configure my virtual hosts, but it uses daemon process which is not available on Windows.
My httpd-vhosts.conf after applied changes makes Django app work correctly but dumps php/js apps.
<VirtualHost *:80>
ServerName RealNameOfTheServer
DocumentRoot "d:/projects"
<Directory "d:/projects/">
Options +Indexes +Includes +FollowSymLinks +MultiViews
AllowOverride All
Require all granted
</Directory>
WSGIPassAuthorization On
ErrorLog "logs/dashboard.error.log"
CustomLog "logs/dashboard.access.log" combined
WSGIScriptAlias / "d:\projects\dashboard\dashboard\wsgi_windows.py"
WSGIApplicationGroup %{GLOBAL}
<Directory "d:\projects\dashboard\dashboard">
<Files wsgi_windows.py>
Options +Indexes +Includes +FollowSymLinks +MultiViews
AllowOverride All
Require all granted
</Files>
</Directory>
Alias /static "d:/projects/dashboard/static"
<Directory "d:/projects/dashboard/static">
Require all granted
</Directory>
</VirtualHost>
Is there any way to run both php and Django apps on Windows?
WSGIScriptAlias / "d:\projects\dashboard\dashboard\wsgi_windows.py"
will also catch calls to "d:/projects" - so if you want to avoid that, you need to change to something like
WSGIScriptAlias /my_wsgi_app/ "d:\projects\dashboard\dashboard\wsgi_windows.py"
If you want to avoid that the user can see that, you can use a rewrite rule for certain paths.
I have successfully installed SSL certificate with certbot and lets encrypt on my debian and apache linux virtual machine on google cloud.
the domain is successfully secure with HTTPS.
Although on directly accessing the external ip address i am still getting an unsecure version of the website.
How to redirect the ip directly to the HTTPS version set up with APACHE and just the "domain.com" towards -->> HTTPs:www.domain.com .
I have tried to re-route to port 80 and 443 towards the HTTPS version as in PHP without any luck as shown here :
How to redirect from www to https www with htacces?
in my 000-default.conf:
<VirtualHost *:80>
ServerName localhost
ServerAdmin webmaster#localhost
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.bracketline.com [OR]
RewriteCond %{SERVER_NAME} =localhost
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI}
[END,NE,R=permanent]
</VirtualHost>
and on my 000-default-le-ssl.conf i have:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName localhost
ServerAdmin webmaster#localhost
Alias /static /var/www/static-root
<Directory /var/www/static-root>
Require all granted
</Directory>
Alias /media /var/www/media-root
<Directory /var/www/media-root>
Require all granted
</Directory>
<Directory /var/www/venv/src/cfehome>
<Files wsgi.py>
Require all granted
</Files>
</Directory>
WSGIDaemonProcess cfehome python-
path=/var/www/venv/src/:/var/www/venv/lib/python3.5/site-packages
WSGIProcessGroup cfehome
WSGIScriptAlias / /var/www/venv/src/cfehome/wsgi.py
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
ServerAlias www.bracketline.com
SSLCertificateFile
/etc/letsencrypt/live/www.bracketline.com/fullchain.pem
SSLCertificateKeyFile
/etc/letsencrypt/live/www.bracketline.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
I am not sure how this thing works if a detailed blog or turorial could be given it would be of great help. thanx in advance!
First lacate which .conf file youre actually using by typing apachectl -S (this works on Debian based OS'es).
Next up edit the file, it should look simillar:
<VirtualHost *:80>
ServerName example.com
ServerAlias www.example.com
Redirect permanent / https://example.com/
</VirtualHost>
<VirtualHost *:443>
ServerName example.com
ServerAlias www.example.com
Protocols h2 http/1.1
# SSL Configuration
# Other Apache Configuration
</VirtualHost>
In general there are several tutorials how to configure HTTP to HTTPS redirect:
Redirect HTTP to HTTPS in Apache
How to Redirect HTTP to HTTPS on Apache
Apache Redirect to HTTPS
And some interesting discusson Why is my Apache VirtualHost directing to the wrong VirtualHost?
Lastly - here's another SO discussion on that topic that has an accepted answer.
Those are just recent (up to 2 years old) examples that will help you and there are dozens more if they won't answer your questions.
Haven't used WAMP in years, but decided to try it again today for a project I am going to work on. I have everything setup and working, but for some reason the error log locations I am defining in my virtual host file are not working - all log entries still go to the default files at c:\wamp64\logs\ rather than the custom ones I specified below.
My vhost file is :
# Virtual Hosts
#
<VirtualHost *:80>
ServerName localhost
ServerAlias localhost
DocumentRoot "${INSTALL_DIR}/www"
<Directory "${INSTALL_DIR}/www/">
Options +Indexes +Includes +FollowSymLinks +MultiViews
AllowOverride All
Require local
</Directory>
ErrorLog "logs/localhost-error.log"
CustomLog "logs/localhost-access.log" common
</VirtualHost>
<VirtualHost *:80>
ServerName site.local
ServerAlias site.local
DocumentRoot "C:/Users/Support/Documents/My Web Sites/BS4/site.com"
<Directory "C:/Users/Support/Documents/My Web Sites/BS4/site.com">
Options +Indexes +Includes +FollowSymLinks +MultiViews
AllowOverride All
Require local
</Directory>
ErrorLog "logs/site.local-error.log"
CustomLog "logs/site.local-access.log" common
</VirtualHost>
Am I missing something here? I want to have different logs for each 'project' I am working on (only one defined for now), but having them separate makes more sense.
Change your definition of the log files to include the full path.
You might also like to add a seperate log file for the PHP error log.
ErrorLog "C:/wamp/logs/localhost-error.log"
CustomLog "C:/wamp/logs/localhost-access.log" common
php_value error_log "C:/wamp/logs/localhost.php.error.log"
and
ErrorLog "C:/wamp/logs/site.local-error.log"
CustomLog "C:/wamp/logs/site.local-access.log" common
php_value error_log "C:/wamp/logs/site.php.error.log"
I have a CentOS 7 server with about 20 domains all managed automatically with a vhosts file in /etc/httpd/conf.d.
I am trying to learn Django and wanted to set up a single domain using it, so I added a specific virtualhost to the .conf file.
The result is that the Django domain works fine but all the other sites are broken (try to use Django but cause errors).
The Django domain has two folders: djangodomain.com for static files and djangodomain.app for the Python files.
How can I integrate a single Django domain into my existing many-domain virtual host setup?
Existing vhosts.conf:
<VirtualHost *:80>
serveradmin username#domain.com
serveradmin username#domain.com
usecanonicalname off
# www.site.com ยป site.com
rewriteengine on
rewritecond %{HTTP_HOST} ^www\.(.*)$ [nc]
rewriterule ^(.*)$ http://%1 [r=301,l]
# file locations
virtualdocumentroot "/home/username/%0"
<directory "/home/username/*">
allowoverride all
require all granted
options indexes followsymlinks
options +execcgi
options +includes
</directory>
</VirtualHost>
What I added that broke all but the Django site:
<VirtualHost djangodomain.com:80>
ServerName djangodomain.com
ServerAlias www.djangodomain.com
ServerAdmin user#domain.com
DocumentRoot /home/username/djangodomain.com
WSGIScriptAlias / /home/username/djangodomain.app/django.wsgi
<Directory /home/username/djangodomain.app>
Order allow,deny
Allow from all
</Directory>
Alias /robots.txt /home/username/djangodomain.com/robots.txt
Alias /favicon.ico /home/username/djangodomain.com/favicon.ico
Alias /images /home/username/djangodomain.com/images
Alias /static /home/username/djangodomain.com/static
ErrorLog /home/username/djangodomain.logs/error.log
CustomLog /home/username/djangodomain.logs/access.log combined
</VirtualHost>
Crossposted to unix.stackexchange.com
When Apache gets an HTTP request, it needs to know what virtual host is supposed to process this request. Now, the way it works is. Apache picks up the IP address that the client request came into (the server IP, not the client) and it goes through the list of virtual host definitions to find any virtual hosts defined for that IP. If there is more than one, it will look at the Host header and try to match it to a particular ServerName or ServerAlias directive. If it still cannot find one, it will look for a default virtual host.
You have two virtual host definitions. One if the default vhost on port 80 <VirtualHost *:80>. It is the default because it has * for IP. The other is specific for the IP address <VirtualHost djangodomain.com:80>. The IP it uses is whatever djangodomain.com resolves to.
So any request that comes to that IP will be handled by the IP specific config before it might be allowed to drop into default.
To fix this, you need to replace your django virtual host directive with <VirtualHost *:80>, same as your other vhosts. This should put them all at the same parsing priority and it will just use the Host header to figure out the rest.
The said, if you are running a web server with 20+ vhosts, you really need to have better understanding on how it works. Read up on HTTP and web hosting when you have the time.
I am trying to figure out a how to forward a specific alias of a server to a specific django web app, and at the same time, keep the URL address bar in the user's browser to only show the server alias.
To be more specific:
This is for an intranet project at my company. We have a big linux server which does a lot of computational work, and it is also running apache to serve a variety of web pages and apps. My current django app is running at:
http://deptserver.example.com/mydjangoapps/myapp
But, I would love it if my users could use this instead:
http://myapp.example.com/
(I already have the IT folks forwarding myapp.example.com to deptserver.example.com via a CNAME in the DNS)
I can't break anything on the apache server, since it is serving critical stuff, but I do have the ability to add in things like a VirtualHost or some url rewriting rules, etc.
This is my django setup in the apache httpd.conf file:
<Location "/mydjangoapps">
SetHandler python-program
PythonHandler django.core.handlers.modpython
SetEnv DJANGO_SETTINGS_MODULE mydjangopath.settings
PythonOption django.root /mydjangoapps
PythonPath "['/home/me/mydjangopath'] + sys.path"
PythonDebug On
</Location>
And, this is in the sites-enabled default file (i.e. I can't break this part of the server):
<VirtualHost *:80>
ServerAdmin webmaster#example.com
DocumentRoot /var/www
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog /var/log/apache2/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
</VirtualHost>
In that above VirtualHost I've tried something like this using mod_rerwite:
RewriteEngine On
RewriteCond %{HTTP_HOST} ^myapp\.example\.com
RewriteRule ^(.*) mydjangoapps/myapp$1
Which doesn't work because it thinks that mydjangoapps/myapp is a file path and not a URL path, so it gives me a 400 error. I wish that it would forward to a URL path instead.
I have also tried this:
RewriteEngine On
RewriteCond %{HTTP_HOST} ^myapp\.example\.com
RewriteRule ^(.*) http://deptserver.example.com/mydjangoapps/myapp$1
Which just forwards the user to that long URL.
These are the things I have thought about but haven't tried too much:
virtualhost
mod_rewrite
alias
proxy (?)
port (putting my own apache server on a different port of the main server)
What's the best way (or only way) to do this?
Thanks!
Ask your IT folks to add another IP address (let's say a.b.c.d) to that box's network interface, and then route myapp.example.com to that new ip address.
That way, you can set up a completely separate VirtualHost:
<VirtualHost a.b.c.d:80>
# Your configuration here
</VirtualHost>
<VirtualHost *:80>
# The existing configuration here, unchanged
</VirtualHost>
Then you just have to change <Location "/mydjangoapps"> to <Location "/"> and you'll be able to access your website from a browser at http://myapp.example.com/.
As AndrewF noted, VirtualHosts are the way to go here. If you don't want to use the IP address, you can just set it up with name-based virtual hosting:
NameVirtualHost *:80
<VirtualHost *:80>
ServerName myapp.example.com
(...etc...)
Then that bit of the configuration will only respond to requests on myapp.example.com, leaving the standard configuration to pick up everything else.
Edit after comment If you're on a Debian-based system, which you seem to be as you mention sites-enabled, you shouldn't really be putting anything in httpd.conf - all the site-specific stuff should be in a separate file. This file should go in sites-available, and then run sudo a2ensite my_site_file to symlink it to the sites-enabled directory.