【发布时间】:2021-04-18 01:36:34
【问题描述】:
我有一个使用 Bitnami 部署在 ubuntu AWS 实例上并配置了 Lightsail、Route53 的 Django 项目。
该项目适用于 HTTP。
我尝试使用 bncert-tool 迁移到 HTTPS,并通过 HTTPS 获得 DNS,尽管我看到:
“您现在正在云端运行 Bitnami Django 3.1.6”
而不是我的项目。
HTTP://
ps: 我没有启用:sample-vhost.conf 和 sample-https-vhost.conf,好像我这样做我看到“你没有权限”。
在 bncert-tool 之后是否需要执行额外的步骤?
bitnami.conf:
<VirtualHost _default_:80>
# BEGIN: Configuration for letsencrypt
Include "/opt/bitnami/apps/letsencrypt/conf/httpd-prefix.conf"
# END: Configuration for letsencrypt
# BEGIN: Support domain renewal when using mod_proxy without Location
<IfModule mod_proxy.c>
ProxyPass /.well-known !
</IfModule>
# END: Support domain renewal when using mod_proxy without Location
# BEGIN: Enable HTTP to HTTPS redirection
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} !^localhost
RewriteCond %{HTTP_HOST} !^[0-9]+.[0-9]+.[0-9]+.[0-9]+(:[0-9]+)?$
RewriteCond %{REQUEST_URI} !^/\.well-known
RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]
# END: Enable HTTP to HTTPS redirection
# BEGIN: Enable non-www to www redirection
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteCond %{HTTP_HOST} !^localhost
RewriteCond %{HTTP_HOST} !^[0-9]+.[0-9]+.[0-9]+.[0-9]+(:[0-9]+)?$
RewriteCond %{REQUEST_URI} !^/\.well-known
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}%{REQUEST_URI} [R=permanent,L]
# END: Enable non-www to www redirection
WSGIScriptAlias / /opt/bitnami/projects/referralfirst/referralfirst/wsgi.py
Alias /static "/opt/bitnami/projects/referralfirst/static
<Directory /opt/bitnami/projects/referralfirst>
AllowOverride all
Require all granted
Options FollowSymlinks
</Directory>
DocumentRoot /opt/bitnami/projects/referralfirst
# BEGIN: Support domain renewal when using mod_proxy within Location
<Location /.well-known>
<IfModule mod_proxy.c>
ProxyPass !
</IfModule>
</Location>
# END: Support domain renewal when using mod_proxy within Location
</VirtualHost>
Include "/opt/bitnami/apache/conf/bitnami/bitnami-ssl.conf"
bitnami-ssl.conf
# Default SSL Virtual Host configuration.
<IfModule !ssl_module>
LoadModule ssl_module modules/mod_ssl.so
</IfModule>
Listen 443
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !EDH !RC4"
SSLPassPhraseDialog builtin
SSLSessionCache "shmcb:/opt/bitnami/apache/logs/ssl_scache(512000)"
SSLSessionCacheTimeout 300
<VirtualHost _default_:443>
DocumentRoot "/opt/bitnami/apache/htdocs"
SSLEngine on
SSLCertificateFile "/opt/bitnami/apache/conf/findreferral.link.crt"
SSLCertificateKeyFile "/opt/bitnami/apache/conf/findreferral.link.key"
# BEGIN: Configuration for letsencrypt
Include "/opt/bitnami/apps/letsencrypt/conf/httpd-prefix.conf"
# END: Configuration for letsencrypt
# BEGIN: Support domain renewal when using mod_proxy without Location
<IfModule mod_proxy.c>
ProxyPass /.well-known !
</IfModule>
# END: Support domain renewal when using mod_proxy without Location
# BEGIN: Enable non-www to www redirection
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteCond %{HTTP_HOST} !^localhost
RewriteCond %{HTTP_HOST} !^[0-9]+.[0-9]+.[0-9]+.[0-9]+(:[0-9]+)?$
RewriteCond %{REQUEST_URI} !^/\.well-known
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [R=permanent,L]
# END: Enable non-www to www redirection
<Directory "/opt/bitnami/apache/htdocs">
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
# Error Documents
ErrorDocument 503 /503.html
# BEGIN: Support domain renewal when using mod_proxy within Location
<Location /.well-known>
<IfModule mod_proxy.c>
ProxyPass !
</IfModule>
</Location>
# END: Support domain renewal when using mod_proxy within Location
</VirtualHost>
【问题讨论】:
-
您是否选择在创建默认 SSL 之间自定义任何内容?您能否添加有关所有选项的更多详细信息?
-
当然,启用 HTTP 到 HTTPS 重定向 [Y/n]:Y 启用非 www 到 www 重定向 [Y/n]:Y 启用 www 到非 www 重定向 [y/N]:N我也尝试了相反的选项,但得到了相同的结果(仅将 www.domain 自动重定向到 *.domain 更改)所以,我认为问题不存在。
-
那么这个 Django 是由 apache2 支持的吗?可以显示
/opt/bitnami/apache2/conf/bitnami/bitnami.conf的DocumentRoot吗? -
添加到描述中:bitnami.conf 和 bitnami-ssl.conf。据我了解,bitnami.conf 包含 bitnami-ssl.conf,所以我不需要将 virtualhost 443 添加到 bitnami.conf,对吗?
-
我认为不需要,但是在 bitnami-ssl.conf 中你可以将
DocumentRoot "/opt/bitnami/apache/htdocs"更改为DocumentRoot /opt/bitnami/projects/referralfirst并将<Directory "/opt/bitnami/apache/htdocs">更改为<Directory /opt/bitnami/projects/referralfirst>,然后重新加载 apache2?
标签: django amazon-web-services ssl https bitnami