As for the redirects, which forgot to mention, for minor additional Apache configuration, you can create in the top level directory of your project a 'server.conf' file for Apache configuration snippets. You would then use the option "--include-file" with "server.conf' as argument.
Anything in there would get added at the end of the Apache configuration file which is generated, so depends a bit on what you want to do as to whether that will work. This is because this will sit outside of the VirtualHost definitions. In general this shouldn't be an issue as Apache will fall through to the definitions setup outside of scope of VirtualHost anyway. So for example, if wanted to block access to a particular part of a site to certain client IPs, could add into "server.conf": <Location /admin> Require ip 192.168.2.0/24 </Location> As to redirects using mod_rewrite, depends on what you are wanting to do. The mod_rewrite module will always be loaded at least as mod_wsgi-express relies on it for certain things. Graham On 11/05/2015, at 9:58 AM, Graham Dumpleton <[email protected]> wrote: > > On 11/05/2015, at 5:53 AM, Michael Blake <[email protected]> wrote: > >> Works flawlessly. I added a few pre-build commands, and my Flask app starts >> right up on port 80 of the container, and it runs... fast! Definitely >> production grade (at least for my purposes). >> >> The next step I need is to setup TLS on the site, and a few redirects. I'm >> poking around in the .whiskey/apache area to see where to add in the config, >> but it's not immediately apparent where, or correct way to add the necessary >> SSLCertificate / rewrite directives. I checked over the docs and was >> looking for more about the .whiskey folder, and how that is setup. > > Where you currently might have a Dockerfile of: > > FROM grahamdumpleton/mod-wsgi-docker:python-2.7-onbuild > CMD [ "hello.wsgi" ] > > You can add any additional mod_wsgi-express options into 'CMD'. > > So as far as production goes, depending on your specific requirements, you > may want to adjust the number of processes/threads used from the default of > one process and five threads. Thus: > > FROM grahamdumpleton/mod-wsgi-docker:python-2.7-onbuild > CMD [ "--processes", "3", "--threads", "3", "hello.wsgi" ] > > For setting up HTTPS as well as HTTP, similarly use the appropriate options > and just add them to the Dockerfile, plus expose port 443, which is default > that mod_wsgi-express will use for HTTPS port. > > Presuming you have added the certificate and key file into the top level > directory of the project that got copied into the Docker image as > 'server.crt' and 'server.key', and that the FQDN for the host name used in > the SSL certificate was 'www.example.com', you would use: > > FROM grahamdumpleton/mod-wsgi-docker:python-2.7-onbuild > EXPOSE 443 > CMD [ "--enable-https", "--server-name", "www.example.com", > "--ssl-certificate", "server", "hello.wsgi" ] > > If you wanted only HTTPS and not HTTP, then you can also add "--https-only". > This will result in access to HTTP URLs being redirected automatically to > HTTPS URL. > > If you wanted to set up a HSTS policy to make browsers only use HTTPS, then > you can use "--hsts-policy" with the policy argument. > > Because "--server-name" is used to satisfy host name requirements for SSL > certificate, then it must be accessed as that host name else will fail. > > If you have a wildcard SSL certificate, then you can use "--server-alias" > with pattern for other matching host names that should be accepted. > > Probably makes no sense in Docker case, but if doing this on normal host OS > and wanted to be able to still access using HTTPS by 'localhost', you can > also use "--allow-localhost". Because this isn't going to match name in SSL > certificate, then you will get browser complaining about SSL certificate not > matching which would have to tell browser to ignore. > > If you were after other typical HTTPS/HTTP behaviour beyond that then let me > know what you are after. There is also support for client certificates and > forcing SSL certificate information into the WSGI environment. > > Graham -- You received this message because you are subscribed to the Google Groups "modwsgi" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/modwsgi. For more options, visit https://groups.google.com/d/optout.
