In general a HTTPS site should have a proper fully qualified domain name which
matches what is in the certificate. You wouldn’t use ‘localhost’ for the server
name.
For a start, try adding the option:
—allow-localhost
Depending on the platform this still may not work though as I recollect that
localhost and host access controls can work strangely on Apache with some
operating systems.
A better way of doing it is to change ‘—server-name localhost’ to:
—server-name 127.0.0.1.xip.io <http://xip.io/>
Then access the site as:
https://127.0.0.1.xip.io <https://127.0.0.1.xip.io/>
This gets around the way that Apache or the operating system can treat
localhost in a special way.
This requires external DNS access and some Intranets can even block xip.io
<http://xip.io/>.
In that case add an explicit entry into your /etc/hosts file for some fully
qualified name, such as:
127.0.0.1 www.example.com
and use:
—server-name www.example.com <http://www.example.com/>
Graham
> On 17 Sep 2016, at 11:38 PM, peter hoth <hoth.pe...@gmail.com> wrote:
>
> Hi,
>
> I managed to get my web app running with the following command:
>
> mod_wsgi-express setup-server --user admin --group admin mycloud.wsgi
> --startup-log --access-log --port=80 --server-root=/usr/local/mycloud
>
> Next, I managed to generate my SSL cert and performed the following:
>
> mod_wsgi-express setup-server --user admin --group admin mycloud.wsgi
> --startup-log --access-log \
> --port=443 --server-root=/usr/local/mycloud \
> --https-port 443 --https-only --server-name localhost --ssl-certificate
> /usr/local/mycloud/sslcerts/domain
>
> The error_log shows that my app is actually running when the apache is
> started (i.e. apachectl start)
> No errors in startup_log and access_log
>
> However, when i pointed my browser to https://localhost it shows the
> following error:
>
> Forbidden
> You don't have permission to access / on this server.
>
> The error_log has the following line:
>
> [Sat Sep 17 21:34:46.119671 2016] [authz_core:error] [pid 6953:tid
> 139664394032896] [client 127.0.0.1:40492] AH01630: client denied by server
> configuration: /usr/local/armscloud/htdocs/
>
> I did not use htdocs when i run the web app without SSL and it was working
> fine. Do i need to add additional parameters to the mod_wsgi-express command
> for SSL ?
>
> The generated certs are confirmed working.
>
> === My environment:
> CentOS 6.8
> port 443 is enabled in firewall
> default apache service that comes with OS is disabled
>
> python 2.7.12
> virtualenv 15.0.3
> pip freeze modules:
> :
> mod-wsgi-httpd=2.4.12.6
> mod-wsgi==4.5.7
> :
>
> ===
>
> Regards,
> Pete
>
> --
> You received this message because you are subscribed to the Google Groups
> "modwsgi" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to modwsgi+unsubscr...@googlegroups.com
> <mailto:modwsgi+unsubscr...@googlegroups.com>.
> To post to this group, send email to modwsgi@googlegroups.com
> <mailto:modwsgi@googlegroups.com>.
> Visit this group at https://groups.google.com/group/modwsgi
> <https://groups.google.com/group/modwsgi>.
> For more options, visit https://groups.google.com/d/optout
> <https://groups.google.com/d/optout>.
--
You received this message because you are subscribed to the Google Groups
"modwsgi" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to modwsgi+unsubscr...@googlegroups.com.
To post to this group, send email to modwsgi@googlegroups.com.
Visit this group at https://groups.google.com/group/modwsgi.
For more options, visit https://groups.google.com/d/optout.
