> On 11 Feb 2018, at 10:07 am, Rafael Karosuo <[email protected]> wrote:
>
> Thanks for your work Graham.
> I'm currently using mod_wsgi with django, running the site with http without
> further problems.
> Now I want to use https, I bought the certificate and used WHM to install it
> on main Apache and using a simple php index page, I can see that it's
> correctly installed.
> Here's where the things get fuzzy for me, I'm not an expert in apache config,
> the thing is that as I'm using mod_wsgi-httpd,
Do you mean mod_wsgi-express, not mod_wsgi-httpd? Or are you actually using
both?
> it created a separated config apache module (in the default /tmp),
For permanent setups, you should not use the default /tmp. Use --server-root
option to specify a more permanent directory. This is explained in:
https://pypi.python.org/pypi/mod_wsgi
<https://pypi.python.org/pypi/mod_wsgi>
> I searched for the httpd.conf on that mod_wsgi-localhost:443:500/ directory,
> found it, but found 3 places where you could put certs.. I just filled the 3
> with the same cert location.
> Result:
> When open page in the browser, ERR_SSL_PROTOCOL_ERROR
> When use mod_wsgi.../apachectl status, Error loading
> https://localhost:443/server-status: SSL error
> When less mod_wsgi.../error_log, just shows the last move which is execute
> the command
>
> I'm pretty lost here on where should I go next to fix this, could you please
> give some hint?
You should never modify the generated httpd.conf file by hand when using
mod_wsgi-express.
If you want to supply a SSL certificate, you supply options to mod_wsgi-express
for it.
The options you want to look at for typical case are:
--server-name HOSTNAME
The primary host name of the web server. If this name
starts with 'www.' then an automatic redirection from
the parent domain name to the 'www.' server name will
created.
--ssl-certificate-file FILE-PATH
Specify the path to the SSL certificate file.
--ssl-certificate-key-file FILE-PATH
Specify the path to the private key file corresponding
to the SSL certificate file.
--ssl-certificate FILE-PATH
Specify the common path to the SSL certificate files.
This is a convenience function so that only one option
is required to specify the location of the certificate
file and the private key file. It is expected that the
files have '.crt' and '.key' extensions. This option
should refer to the common part of the names for both
files which appears before the extension.
--https-only Flag indicating whether any requests made using a HTTP
request over the non secure connection should be
redirected automatically to use a HTTPS request over
the secure connection.
So you must supply at least use --server-name and --ssl-certificate.
Graham
--
You received this message because you are subscribed to the Google Groups
"modwsgi" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/group/modwsgi.
For more options, visit https://groups.google.com/d/optout.
