【问题标题】:SSL for Django project on bitnamiBitnami 上 Django 项目的 SSL
【发布时间】:2021-04-18 01:36:34
【问题描述】:

我有一个使用 Bitnami 部署在 ubuntu AWS 实例上并配置了 Lightsail、Route53 的 Django 项目。

该项目适用于 HTTP。

我尝试使用 bncert-tool 迁移到 HTTPS,并通过 HTTPS 获得 DNS,尽管我看到: “您现在正在云端运行 Bitnami Django 3.1.6” 而不是我的项目。 HTTP:// 正在显示我的项目。

ps: 我没有启用:sample-vhost.conf 和 sample-https-vhost.conf,好像我这样做我看到“你没有权限”。

在 bncert-tool 之后是否需要执行额外的步骤?

bitnami.conf:

<VirtualHost _default_:80>
  # BEGIN: Configuration for letsencrypt
  Include "/opt/bitnami/apps/letsencrypt/conf/httpd-prefix.conf"
  # END: Configuration for letsencrypt
  # BEGIN: Support domain renewal when using mod_proxy without Location
  <IfModule mod_proxy.c>
    ProxyPass /.well-known !
  </IfModule>
  # END: Support domain renewal when using mod_proxy without Location
  # BEGIN: Enable HTTP to HTTPS redirection
  RewriteEngine On
  RewriteCond %{HTTPS} !=on
  RewriteCond %{HTTP_HOST} !^localhost
  RewriteCond %{HTTP_HOST} !^[0-9]+.[0-9]+.[0-9]+.[0-9]+(:[0-9]+)?$
  RewriteCond %{REQUEST_URI} !^/\.well-known
  RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]
  # END: Enable HTTP to HTTPS redirection
  # BEGIN: Enable non-www to www redirection
  RewriteCond %{HTTP_HOST} !^www\. [NC]
  RewriteCond %{HTTP_HOST} !^localhost
  RewriteCond %{HTTP_HOST} !^[0-9]+.[0-9]+.[0-9]+.[0-9]+(:[0-9]+)?$
  RewriteCond %{REQUEST_URI} !^/\.well-known
  RewriteRule ^(.*)$ http://www.%{HTTP_HOST}%{REQUEST_URI} [R=permanent,L]
  # END: Enable non-www to www redirection
    WSGIScriptAlias / /opt/bitnami/projects/referralfirst/referralfirst/wsgi.py
    Alias /static "/opt/bitnami/projects/referralfirst/static

    <Directory /opt/bitnami/projects/referralfirst>
        AllowOverride all
        Require all granted
        Options FollowSymlinks
    </Directory>

    DocumentRoot /opt/bitnami/projects/referralfirst
  # BEGIN: Support domain renewal when using mod_proxy within Location
  <Location /.well-known>
    <IfModule mod_proxy.c>
      ProxyPass !
    </IfModule>
  </Location>
  # END: Support domain renewal when using mod_proxy within Location
</VirtualHost>

Include "/opt/bitnami/apache/conf/bitnami/bitnami-ssl.conf"

bitnami-ssl.conf

# Default SSL Virtual Host configuration.

<IfModule !ssl_module>
  LoadModule ssl_module modules/mod_ssl.so
</IfModule>

Listen 443
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !EDH !RC4"
SSLPassPhraseDialog  builtin
SSLSessionCache "shmcb:/opt/bitnami/apache/logs/ssl_scache(512000)"
SSLSessionCacheTimeout  300

<VirtualHost _default_:443>
  DocumentRoot "/opt/bitnami/apache/htdocs"
  SSLEngine on
  SSLCertificateFile "/opt/bitnami/apache/conf/findreferral.link.crt"
  SSLCertificateKeyFile "/opt/bitnami/apache/conf/findreferral.link.key"

  # BEGIN: Configuration for letsencrypt
  Include "/opt/bitnami/apps/letsencrypt/conf/httpd-prefix.conf"
  # END: Configuration for letsencrypt
  # BEGIN: Support domain renewal when using mod_proxy without Location
  <IfModule mod_proxy.c>
    ProxyPass /.well-known !
  </IfModule>
  # END: Support domain renewal when using mod_proxy without Location
  # BEGIN: Enable non-www to www redirection
  RewriteEngine On
  RewriteCond %{HTTP_HOST} !^www\. [NC]
  RewriteCond %{HTTP_HOST} !^localhost
  RewriteCond %{HTTP_HOST} !^[0-9]+.[0-9]+.[0-9]+.[0-9]+(:[0-9]+)?$
  RewriteCond %{REQUEST_URI} !^/\.well-known
  RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [R=permanent,L]
  # END: Enable non-www to www redirection
  <Directory "/opt/bitnami/apache/htdocs">
    Options Indexes FollowSymLinks
    AllowOverride All
    Require all granted
  </Directory>

  # Error Documents
  ErrorDocument 503 /503.html
  # BEGIN: Support domain renewal when using mod_proxy within Location
  <Location /.well-known>
    <IfModule mod_proxy.c>
      ProxyPass !
    </IfModule>
  </Location>
  # END: Support domain renewal when using mod_proxy within Location
</VirtualHost>

【问题讨论】:

  • 您是否选择在创建默认 SSL 之间自定义任何内容?您能否添加有关所有选项的更多详细信息?
  • 当然,启用 HTTP 到 HTTPS 重定向 [Y/n]:Y 启用非 www 到 www 重定向 [Y/n]:Y 启用 www 到非 www 重定向 [y/N]:N我也尝试了相反的选项,但得到了相同的结果(仅将 www.domain 自动重定向到 *.domain 更改)所以,我认为问题不存在。
  • 那么这个 Django 是由 apache2 支持的吗?可以显示/opt/bitnami/apache2/conf/bitnami/bitnami.confDocumentRoot 吗?
  • 添加到描述中:bitnami.conf 和 bitnami-ssl.conf。据我了解,bitnami.conf 包含 bitnami-ssl.conf,所以我不需要将 virtualhost 443 添加到 bitnami.conf,对吗?
  • 我认为不需要,但是在 bitnami-ssl.conf 中你可以将DocumentRoot "/opt/bitnami/apache/htdocs" 更改为DocumentRoot /opt/bitnami/projects/referralfirst 并将&lt;Directory "/opt/bitnami/apache/htdocs"&gt; 更改为&lt;Directory /opt/bitnami/projects/referralfirst&gt;,然后重新加载 apache2?

标签: django amazon-web-services ssl https bitnami


【解决方案1】:

我尝试了 Nagaraj Tantri 在 cmets 中所说的内容,它对我有用!这就是我的 bitnami-ssl.conf 的样子。

...

<VirtualHost _default_:443>
WSGIScriptAlias / /opt/bitnami/projects/PROJECT/PROJECT/wsgi.py

DocumentRoot "/opt/bitnami/projects/PROJECT"

...

<Directory "/opt/bitnami/projects/PROJECT">
   Options Indexes FollowSymLinks
   AllowOverride All
   Require all granted
</Directory>

...

【讨论】:

    猜你喜欢
    • 1970-01-01
    • 2019-06-07
    • 1970-01-01
    • 2016-05-07
    • 1970-01-01
    • 2017-11-26
    • 1970-01-01
    • 1970-01-01
    • 2012-10-26
    相关资源
    最近更新 更多