我正在尝试使用 mode_wsgi 在带有 Apache2 的 Ubuntu 18.04 上部署我的 Djang(1.10) 应用程序,该站点在设置 SSL 之前运行良好,但是当我使用 从 Let'sEncrypt 安装 SSL 证书时certbot 不再加载。
这是我的配置:
项目文件夹路径:
/home/abdul
Http配置:
<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
ServerName www.orderfetchers.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
Alias /static /home/abdul/Fetchors/static
<Directory /home/abdul/Fetchors/static>
Require all granted
</Directory>
Alias /media /home/abdul/Fetchors/media
<Directory /home/abdul/Fetchors/media>
Require all granted
</Directory>
<Directory /home/abdul/Fetchors/Fetchors>
<Files wsgi.py>
Require all granted
</Files>
</Directory>
#WSGIScriptAlias / /home/abdul/Fetchors/Fetchors/wsgi.py
#WSGIDaemonProcess django_app python-path=/home/abdul/Fetchors python-home=/home/abdul/Fetchors/venv
#WSGIProcessGroup django_app
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.orderfetchers.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
这里是Https配置:
<IfModule mod_ssl.c>
<VirtualHost *:443>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
ServerName www.orderfetchers.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
Alias /static /home/abdul/Fetchors/static
<Directory /home/abdul/Fetchors/static>
Require all granted
</Directory>
Alias /media /home/abdul/Fetchors/media
<Directory /home/abdul/Fetchors/media>
Require all granted
</Directory>
<Directory /home/abdul/Fetchors/Fetchors>
<Files wsgi.py>
Require all granted
</Files>
</Directory>
WSGIScriptAlias / /home/abdul/Fetchors/Fetchors/wsgi.py
WSGIDaemonProcess django_app python-path=/home/abdul/Fetchors python-home=/home/abdul/Fetchors/venv
WSGIProcessGroup django_app
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/www.orderfetchers.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.orderfetchers.com/privkey.pem
</VirtualHost>
</IfModule>
最佳答案
tl;dr:检查您的防火墙(端口 443),并使用有关配置的在线教程(如下)。
好的,所以我遇到了与您完全相同的错误 - 我的网站在 Ubuntu 机器上使用 Apache2 和 Django 1.10 在端口 80 上运行良好,当我遵循 LetsEncrypt 指南时,我的网站将永远加载在超时之前。我假设您帖子中的问题是如何阻止您的网站超时并实际加载它。
就我而言,我很幸运,因为我只是一个忘记在 AWS 安全组上为我的 Ubuntu 机器打开端口 443 的白痴。但是,我有一些额外的配置可以帮助您:
settings.py
# SSL support
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
SECURE_SSL_REDIRECT = True
SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True
# session expire at browser close
SESSION_EXPIRE_AT_BROWSER_CLOSE = True
# wsgi scheme
os.environ['wsgi.url_scheme'] = 'https'
wsgi.py
os.environ['HTTPS'] = "on"
这些配置是在这些引用站点的帮助下找到并编译的(它们也可能对您有所帮助):
https://www.pdxpixel.com/blog/2014/02/04/setting-up-django-site-ssl-apache-mod_wsgi-mod_ssl/
https://docs.djangoproject.com/en/dev/topics/security/#ssl-https
如果不更多地了解您的系统是什么,就很难提供更准确的帮助,但这是我发现有用的,所以希望它能有所帮助。
关于Ubuntu 18.04 上的 Django 站点在安装 SSL 后无法使用 Apache2,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/54623101/