Hi Graham, It works fine!
The generated http.conf has sections like this that repeat for different VirtualHosts: <VirtualHost _default_:443> <Location /> Order deny,allow Deny from all <IfDefine MOD_WSGI_ALLOW_LOCALHOST> Allow from localhost </IfDefine> </Location> SSLEngine On SSLCertificateFile /home/syt_admin/projects/vishwaas/www-https/startssl-certs/server.crt SSLCertificateKeyFile /home/syt_admin/projects/vishwaas/www-https/startssl-certs/server.key <IfDefine MOD_WSGI_VERIFY_CLIENT> SSLCACertificateFile None SSLVerifyClient none </IfDefine> <IfDefine MOD_WSGI_CERTIFICATE_CHAIN> *SSLCertificateChainFile /home/syt_admin/projects/vishwaas/www-https/startssl-certs/1_root_bundle.crt* </IfDefine> </VirtualHost> I am able to connect to the website using Chrome or IE on my Windows 8 laptop and also using Chrome on Android 5.1.1 - all browsers show the secure padlock icon. I can also connect to the server using my Android app for the application. Thanks so much! Will this become part of an official release that I can download later? Regards, Tanuka On Mon, Feb 22, 2016 at 4:10 PM, Graham Dumpleton < [email protected]> wrote: > Quickly hacked it in while listening in to meeting. :-) > > Can you try: > > pip install -U > https://github.com/GrahamDumpleton/mod_wsgi/archive/develop.zip > > Then add the extra option: > > —ssl-certificate-chain-file some/path/file.crt > > Tell me if that works and if does will add change note. Otherwise tell me > how it fails with further clues for how generated httpd.conf should be set > up. > > Thanks. > > Graham > > On 22 Feb 2016, at 9:26 PM, Tanuka Dutta <[email protected]> wrote: > > > Is it replacing the SSLCertificateFile line or adding to it? > > Adding to it. > > - Tanuka > > On Mon, Feb 22, 2016 at 3:43 PM, Graham Dumpleton < > [email protected]> wrote: > >> Is it replacing the SSLCertificateFile line or adding to it? >> >> On 22 Feb 2016, at 9:11 PM, Tanuka Dutta <[email protected]> wrote: >> >> A follow-on question: >> >> I was encountering issues with Chrome browser on Android 5.1.1 trying to >> connect to my website. The browser was flagging it as not secure. It turned >> out that my certificate chain was not properly installed on Apache. (My >> certificate was obtained from https://www.startssl.com/) >> >> If I explicitly add this line in the httpd.conf where ever >> SSLCertificateFile is configured: >> >> SSLCertificateChainFile >> /home/syt_admin/projects/vishwaas/www-https/startssl-certs/1_root_bundle.crt >> >> (I am using Apache version 2.2.15) >> >> then Android does not flag any issue and the browser shows the secure >> padlock icon. >> >> But how do I provide this option via mod_wsgi-express setup-server ? I >> didn't see anything under mod_wsgi-express --help. >> >> Regards, >> Tanuka >> >> >> On Mon, Feb 22, 2016 at 9:37 AM, Tanuka Dutta <[email protected]> >> wrote: >> >>> Thanks, Graham! >>> >>> Adding the --url-alias option worked perfectly. >>> >>> Also, I went over my old notes and realized that I had in fact executed >>> "python manage.py runmodwsgi --setup-only" after having played around with >>> the "mod_wsgi-express setup-server" command. So that explains the mystery >>> of why it had worked in the past. >>> >>> Is there a recommendation of which command to use? >>> >>> Thanks for this great piece of infrastructure!! >>> >>> Regards, >>> Tanuka >>> >>> >>> >>> On Saturday, 20 February 2016 06:11:21 UTC+5:30, Graham Dumpleton wrote: >>>> >>>> >>>> On 19 Feb 2016, at 9:31 PM, Tanuka Dutta <[email protected]> wrote: >>>> >>>> Hello, >>>> >>>> I have a CentOS 6.7 installation on a VM, and am running Django 1.8.8 >>>> over Apache 2.2.15 using mod_wsgi version 4.4.21 (that I had compiled from >>>> source using Python 2.7.8 in a virtualenv). >>>> >>>> I've used mod_wsgi-express to generate the Apache scripts (it's >>>> extremely helpful!) and it works fine for http. I am able to connect to the >>>> website over http and view all the images on the site. >>>> >>>> The commands used were: >>>> >>>> (vishwaas_env)[syt_admin@VM1 www]$ mod_wsgi-express setup-server >>>> /home/syt_admin/projects/vishwaas/vishwaas_django/vishwaas_django/wsgi.py >>>> --host=0.0.0.0 --port=80 --user apache --group apache >>>> --server-root=/home/syt_admin/projects/vishwaas/www >>>> >>>> (vishwaas_env)[syt_admin@VM1 www]$ sudo ./apachectl start >>>> >>>> However, when I try to do the same for https (I followed instructions at >>>> https://gist.github.com/GrahamDumpleton/b79d336569054882679e, but >>>> left out the client authentication bit). >>>> >>>> (vishwaas_env)[syt_admin@VM1 www-https]$ mod_wsgi-express setup-server >>>> ../vishwaas_django/vishwaas_django/wsgi.py --user apache --group apache >>>> --server-root=/home/syt_admin/projects/vishwaas/www-https --https-port 443 >>>> --port 80 --https-only --server-name www.xyz.in --ssl-certificate-file >>>> ssl-certs/server.crt --ssl-certificate-key-file ssl-certs/server.key >>>> >>>> the http.conf file that is generated does not have the Alias 'static' >>>> directive. As I result, I can connect to the website but not view any >>>> images. >>>> >>>> If I insert the missing lines (copied over from the http.conf generated >>>> earlier): >>>> >>>> Alias '/static' >>>> '/home/syt_admin/projects/vishwaas/vishwaas_django/collected_static' >>>> >>>> <Directory >>>> '/home/syt_admin/projects/vishwaas/vishwaas_django/collected_static'> >>>> Order allow,deny >>>> Allow from all >>>> </Directory> >>>> >>>> then I can see the static files on the website. >>>> >>>> Is this a bug in mod_wsgi-express or am I doing something wrong? >>>> >>>> >>>> You would only get a Alias directive for /static if you had used the >>>> option: >>>> >>>> —url-alias >>>> /static /home/syt_admin/projects/vishwaas/vishwaas_django/collected_static >>>> >>>> I can’t see that you have used that in what you ran. >>>> >>>> The /static Alias would only be generated automatically if you were >>>> using the Django management command integration so you could run ‘python >>>> manage.py runmodwsgi', which you aren’t. >>>> >>>> Graham >>>> >>>> >>> -- >>> You received this message because you are subscribed to a topic in the >>> Google Groups "modwsgi" group. >>> To unsubscribe from this topic, visit >>> https://groups.google.com/d/topic/modwsgi/1Aad8DeGUjo/unsubscribe. >>> To unsubscribe from this group and all its topics, send an email to >>> [email protected]. >>> To post to this group, send email to [email protected]. >>> Visit this group at https://groups.google.com/group/modwsgi. >>> For more options, visit https://groups.google.com/d/optout. >>> >> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "modwsgi" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To post to this group, send email to [email protected]. >> Visit this group at https://groups.google.com/group/modwsgi. >> For more options, visit https://groups.google.com/d/optout. >> >> >> >> -- >> You received this message because you are subscribed to a topic in the >> Google Groups "modwsgi" group. >> To unsubscribe from this topic, visit >> https://groups.google.com/d/topic/modwsgi/1Aad8DeGUjo/unsubscribe. >> To unsubscribe from this group and all its topics, send an email to >> [email protected]. >> To post to this group, send email to [email protected]. >> Visit this group at https://groups.google.com/group/modwsgi. >> For more options, visit https://groups.google.com/d/optout. >> > > > -- > You received this message because you are subscribed to the Google Groups > "modwsgi" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at https://groups.google.com/group/modwsgi. > For more options, visit https://groups.google.com/d/optout. > > > -- > You received this message because you are subscribed to a topic in the > Google Groups "modwsgi" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/modwsgi/1Aad8DeGUjo/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > To post to this group, send email to [email protected]. > Visit this group at https://groups.google.com/group/modwsgi. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "modwsgi" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/modwsgi. For more options, visit https://groups.google.com/d/optout.
