You’re right, @Antonis, that I don’t want my Django source code exposed. No sysadmin would. I have since moved my Django project folder to my home user’s directory. However (out of curiosity), if I continued to house Django in my public_html folder (which I am not any more, but say if i did) I would think that my .htaccess config file would prevent unauthorized access to my Django source. Am I right?
I didn’t realize that Django was suppose to be run using wsgi. I was just foolishly running the server with ``$ python manage.py runserver 0.0.0.0:8000`` like when I was testing locally when I was coding my app. The keyword here is mod_wsgi. So I found this guide <https://www.digitalocean.com/community/tutorials/how-to-serve-django-applications-with-apache-and-mod_wsgi-on-ubuntu-14-04>. I followed along but the issue I now have is that Apache serves my public_html folder (just some light HTML, CSS and Js). Serving these contents take priority over Django. I’m OK with this. I would prefer to keep my public_html folder accessible as it is, but how do I arrange for wsgi to serve Django from a subdirectory, say: www.angeles4four.info/cel2fah or something like that? @Mulianto: An example of a static file would be a style sheet, like: ~/cel2fah/static/admin/css/responsive.css How would trying to access this CSS file help? I tried: http://www.angeles4four.info:8000/cel2fah/static/admin/css/responsive.css https://www.angeles4four.info:8000/cel2fah/static/admin/css/responsive.css <http://www.angeles4four.info:8000/cel2fah/static/admin/css/responsive.css> Both show “This site can’t be reached” Here are the contents of my two apache configuration files. /etc/apache2/sites-available/angeles4four.info.conf : <VirtualHost *:80> ServerAdmin [email protected] ServerName angeles4four.info ServerAlias www.angeles4four.info DocumentRoot /var/www/html/angeles4four.info/public_html <Directory "/var/www/html/angeles4four.info/public_html"> Options Indexes FollowSymlinks AllowOverride All Require all granted </Directory> ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined RewriteEngine on RewriteCond %{SERVER_NAME} =angeles4four.info [OR] RewriteCond %{SERVER_NAME} =www.angeles4four.info RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent] Alias /static /home/tranq/cel2fah/static <Directory /home/tranq/cel2fah/static> Require all granted </Directory> <Directory /home/user/cel2fah/cel2fah/> <Files wsgi.py> Require all granted </Files> </Directory> WSGIDaemonProcess cel2fah python-path=/home/tranq/cel2fah python-home=/home/tranq/cel2fah/venv WSGIProcessGroup cel2fah WSGIScriptAlias / /home/tranq/cel2fah/cel2fah/wsgi.py </VirtualHost> And /etc/apache2/sites-available/angeles4four.info.conf : <IfModule mod_ssl.c> <VirtualHost *:443> ServerAdmin [email protected] ServerName angeles4four.info ServerAlias www.angeles4four.info DocumentRoot /var/www/html/angeles4four.info/public_html ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined Alias /static /home/tranq/cel2fah/static <Directory /home/tranq/cel2fah/static> Require all granted </Directory> <Directory /home/user/cel2fah/cel2fah/> <Files wsgi.py> Require all granted </Files> </Directory> # WSGIDaemonProcess cel2fah python-path=/home/tranq/cel2fah python-home=/home/tranq/cel2fah/venv # WSGIProcessGroup cel2fah # WSGIScriptAlias / /home/tranq/cel2fah/cel2fah/wsgi.py SSLCertificateFile /etc/letsencrypt/live/angeles4four.info/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/angeles4four.info/privkey.pem Include /etc/letsencrypt/options-ssl-apache.conf SSLCertificateChainFile /etc/letsencrypt/live/angeles4four.info/chain.pem </VirtualHost> </IfModule> Thanks to you both for your help so far. On Saturday, January 20, 2018 at 10:00:57 PM UTC-5, drone4four wrote: > > I’ve played with a little Django (v2.0.1) locally. Now I am trying to > implement a test case on my production Apache web server. I’m running an > Ubuntu 14.04 DigitalOcean droplet (will upgrade to 18.04 later this year). > > I got Django running. > > Here it is: http://www.angeles4four.info:8000/ > > Before I log into my admin panel, I figure it’s best practices to set up > HTTPS first. But when I visit that URL, Chrome throws this message: > > > This site can’t provide a secure connection http://www.angeles4four.info >> sent an invalid response. ERR_SSL_PROTOCOL_ERROR > > > And my shell on my server shows this message: > > [20/Jan/2018 23:54:39] "GET / HTTP/1.1" 200 16559 [21/Jan/2018 00:01:23] >> code 400, message Bad request syntax >> ('\x16\x03\x01\x00Ì\x01\x00\x00È\x03\x03&6U\x10µ\x82\x97\x7f´8\x1e«\x0e¿ÿ§\x89æ\x82\r¢G§\x01ç°P%\x80)ÕÃ\x00\x00\x1c >> >> * À+À/À,À0̨̩À\x13À\x14\x00\x9c\x00\x9d\x00/\x005\x00') [21/Jan/2018 >> 00:01:23] *You're accessing the development server over HTTPS, but it >> only supports HTTP.* > > > That’s because SSL isn’t set up. My current SSL Certificate Authority is > Let’s Encrypt. SSL is running properly for my public_html content but not > for my recent deployment of Django. > > I found some resources elsewhere on SO for setting up SSL with Django. > > In an SO post titled, “Configure SSL Certificate on Apache for Django > Application (mod_wsgi)”, a highly upvoted answer by Alexey Kuleshevich > suggests a template for 000-default.conf and default-ssl.conf for Apache > vhosts. See here: Configure SSL Certificate on Apache for Django > Application (mod_wsgi) > <https://stackoverflow.com/questions/32812570/configure-ssl-certificate-on-apache-for-django-application-mod-wsgi> > > I did my best to change up the suggested values and entries so that they > refer to my specific configuration. Here are what these two vhost > configuration files of mine look like now. > > /etc/apache2/sites-available/angeles4four.info-le-ssl.conf: > > <IfModule mod_ssl.c> > <VirtualHost *:443> > #ServerName http://www.example.com > ServerAdmin [email protected] > ServerName angeles4four.info > ServerAlias http://www.angeles4four.info > DocumentRoot /var/www/html/angeles4four.info/public_html > > > ErrorLog ${APACHE_LOG_DIR}/error.log > CustomLog ${APACHE_LOG_DIR}/access.log combined > > > # Django Application > Alias /static /var/www/html/ > angeles4four.info/public_html/Cel2FahConversion > <Directory /var/www/html/angeles4four.info/public_html/Cel2FahConversion> > Require all granted > </Directory> > <Directory /var/www/html/angeles4four.info/public_html/Cel2FahConversion> > <Files wsgi.py> > Require all granted > </Files> > </Directory> > WGIDaemonProcess cel python-path=/var/www/html/ > angeles4four.info/public_html/Cel2FahConversion/venv/bin/python3 > WSGIProcessGroup cel > WSGIScriptAlias / /var/www/html/ > angeles4four.info/public_html/Cel2FahConversion/Cel2FahConversion/Cel2FahConversion/wsgi.py > > > SSLCertificateFile /etc/letsencrypt/live/angeles4four.info/cert.pem > SSLCertificateKeyFile /etc/letsencrypt/live/angeles4four.info/privkey.pem > Include /etc/letsencrypt/options-ssl-apache.conf > SSLCertificateChainFile /etc/letsencrypt/live/angeles4four.info/chain.pem > </VirtualHost> > </IfModule> > > > angeles4four.info.conf: > > Quote: > <VirtualHost *:80> > > > #ServerName http://www.example.com > ServerAdmin [email protected] > ServerName angeles4four.info > ServerAlias http://www.angeles4four.info > DocumentRoot /var/www/html/angeles4four.info/public_html > <Directory "/var/www/html/angeles4four.info/public_html"> > Options Indexes FollowSymlinks > AllowOverride All > Require all granted > </Directory> > > > ErrorLog ${APACHE_LOG_DIR}/error.log > CustomLog ${APACHE_LOG_DIR}/access.log combined > > > RewriteEngine on > RewriteCond %{SERVER_NAME} =angeles4four.info [OR] > RewriteCond %{SERVER_NAME} =www.angeles4four.info > RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent] > </VirtualHost> > > No dice. I still get the same traceback as I initially shared. > > The next SO post I came across suggests modifying settings.py. Here it is: > Error > "You're accessing the development server over HTTPS, but it only supports > HTTP" > <https://stackoverflow.com/questions/35536491/error-youre-accessing-the-development-server-over-https-but-it-only-supports/41444706> > > The upvoted suggestion here by YoYo is to modify session cookies and > secure SSL redirect. YoYo also recommends managing base, local, production > settings which doesn’t really apply to me. So I tried adding these three > lines to my settings.py: > > > SESSION_COOKIE_SECURE = True > CSRF_COOKIE_SECURE = True > SECURE_SSL_REDIRECT = True > > > My python3 manage.py runserver shell traceback still says: *“You're > accessing the development server over HTTPS, but it only supports HTTP.”* > > Any ideas? What else could I try? > > Thanks for your attention. > -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/89ddc6b5-140a-485f-9493-9e850fbb741a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
