On Oct 3, 8:05 pm, Fabrizio Buratta <extremob...@gmail.com> wrote:
> 2009/10/3 Graham Dumpleton <graham.dumple...@gmail.com>
>
>
>
> > I think I may know what you are talking about, but your explanation is
> > a bit confusing.
>
> > To help understand, post your mod_wsgi configuration from backend.
You still didn't post your mod_wsgi configuration. You only posted
your WSGI script file. I am talking about the WSGIScriptAlias you are
using in the Apache configuration files and any associated directives.
> import os, sys
> sys.path.append('/usr/local/django')
> os.environ['DJANGO_SETTINGS_MODULE'] = 'mysite.settings'
>
> import django.core.handlers.wsgi
>
> _application = django.core.handlers.wsgi.WSGIHandler()
>
> def application(environ, start_response):
> environ['wsgi.url_scheme'] = environ.get('HTTP_X_URL_SCHEME', 'https')
It should be:
environ['wsgi.url_scheme'] = environ.get('HTTP_X_URL_SCHEME',
'http')
but it will only work if the front end web server is setting the X-Url-
Scheme header file in the request it passes to the backend and you
aren't doing that.
So, all that achieves in your code is to always set wsgi.url_scheme to
'https'.
There are also better ways of doing this in the Apache configuration
so you can use a standard WSGI script file for Django setup.
> return _application(environ, start_response)
>
> #def application(environ, start_response):
> # if environ['wsgi.url_scheme'] == 'https':
> # environ['HTTPS'] = 'on'
This would have had no effect what so ever as Django gives precedence
to wsgi.url_scheme.
> # return _application(environ, start_response)
>
> This configuration set a permanenty the https protocol but I
> would like to be able to use https from outside and http inside.
>
> The commented lines is an attempt to achieve that but it didn't work.
>
> > Also give actual examples of full URI that hits front end Apache and
> > what full URI then hits the backend. This will make it much clearer
> > than an english description.
>
> https://mydomain/mysite/welcome
>
> turns in:
>
> http://mydomain/welcome
This is likely because you are using Directory directive and rewrite
on front end.
> If I set a virtualhost it works as I wouldn't need /mysite/ anymore,
> nonetheless the protocol issue isn't resolved. I would like to know
> if there is any chance to make it work without virtualhosts, I mean
> just with an alias and directory directory in Apache.
Overall, where I believe you are screwing up is firstly by putting the
proxy directives for front end inside of a Directory directive, where
as should be using a Location directive based on URL, or better still
use the proxy directives. Second, the front end isn't passing through
any header indicating what the URL scheme was for the request that
arrived at the front end.
Instead of:
Alias /dirname "/var/www/dirname"
<Directory "/var/www/dirname">
SSLVerifyClient none
SSLOptions +FakeBasicAuth
SSLRequireSSL
AuthName "stuff name"
AuthType Basic
AuthUserFile /etc/httpd/djangoserver.passwd
require valid-user
# redirect all request to django.test:80
RewriteEngine On
RewriteRule (.*)$ http://django.test/$1 [P]
</Directory>
try using something like the following:
<Location /dirname>
SSLVerifyClient none
SSLOptions +FakeBasicAuth
SSLRequireSSL
AuthName "stuff name"
AuthType Basic
AuthUserFile /etc/httpd/djangoserver.passwd
require valid-user
RequestHeader set X-Url-Scheme https
</Location>
ProxyPass /dirname http://django.test/dirname
ProxyPassReverse /dirname http://django.test/dirname
Then in backend Apache web server have:
WSGIScriptAlias /dirname /some/path/django.wsgi
SetEnvIf X-Url-Scheme https HTTPS=1
Delete the attempt to set wsgi.url_scheme in the WSGI script file, as
setting HTTPS in Apache configuration using SetEnvIf achieves same
thing as mod_wsgi sees HTTPS and will allow that to override
wsgi.url_scheme.
Graham
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en
-~----------~----~----~----~------~----~------~--~---
