On Nov 1, 3:15 am, lmierzej <[EMAIL PROTECTED]> wrote: > Thank you for your answer! To be more specific - I need to serve some > parts of the same > django project: > > a) through SSL > b) without SSL > c) with SSL and client certificates authentication (SSLVerifyClient) > > Is it possible without mod_wsgi? Can use 3 VirtualHost configuration > containers with plain mod_python? Something like this: > > <VirtualHost *:80> > ServerName site.com > ... other options > ... > </VirtualHost> > > <VirtualHost *:443> > ServerName site.com > ... other options, including SSL > ... > </VirtualHost> > > <VirtualHost *:443> > ServerName site.com > ... other options, including SSL and SSLVerifyClient (clients > certificates authentication) > ... > </VirtualHost> > > But how to distinguish the one with SSL from the other with SSL and > SSLVerifyClient?
Don't define two port 443 VirtualHost blocks. Define only one. If you then read the Apache documentation for SSLVerifyClient: http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslverifyclient you will see that it can be applied in a directory context. This means that for the specific URLs in your application where you require a client certificate, you just need to add within the 443 VirtualHost something like: <Location /some/application/url> SSLVerifyClient ....... .... </Location> Because this is an Apache configuration issue, it should work with either mod_wsgi or mod_python. So, just go over the Apache documentation again, especially documentation for SSLVerifyClient, as it talks about difference between SSLVerifyClient at VirtualHost context vs directory context. Graham > Thank you for your advises and time! > > On 30 Paź, 22:59, Graham Dumpleton <[EMAIL PROTECTED]> wrote: > > > On Oct 31, 6:50 am, lmierzej <[EMAIL PROTECTED]> wrote: > > > > > maybe I should just create two apache virtual hosts pointing to the > > > > same django project? > > > > According to instructions herehttp://www.djangosnippets.org/snippets/240/ > > > there should be two different apache virtual hosts pointing to the > > > same django project. > > > > Anyone using some other solutions? > > > Those instructions are referring to one particular providers setup and > > the way they configure things through a web panel. At the Apache > > level, it isn't strictly two virtual hosts, but two VirtualHost > > configuration containers, one for each port. Ie., 80 and 443. Thus if > > using mod_wsgi you would have: > > > <VirtualHost *:80> > > ServerName site.com > > ... other options > > > Alias /media/ /usr/local/django/mysite/media/ > > > <Directory /usr/local/django/mysite/media> > > Order deny,allow > > Allow from all > > </Directory> > > > WSGIScriptAlias / /usr/local/django/mysite/apache/django.wsgi > > > <Directory /usr/local/django/mysite/apache> > > Order deny,allow > > Allow from all > > </Directory> > > </VirtualHost> > > > <VirtualHost *:443> > > ServerName site.com > > ... other options, including and SSL specific ones if necessary. > > > Alias /media/ /usr/local/django/mysite/media/ > > > <Directory /usr/local/django/mysite/media> > > Order deny,allow > > Allow from all > > </Directory> > > > WSGIScriptAlias / /usr/local/django/mysite/apache/django.wsgi > > > <Directory /usr/local/django/mysite/apache> > > Order deny,allow > > Allow from all > > </Directory> > > </VirtualHost> > > > In other words, configuration is basically duplicated although SSL > > VirtualHost container may have some specific SSL related > > configuration. > > > In mod_wsgi, although the application entry point is defined twice, > > mod_wsgi will recognise that they are on 80/443 for the same site and > > ensure that only one Django instance runs in each Apache process, but > > with both HTTP and HTTPS requests going to it. Whether the original > > request was HTTP or HTTPS will be obtained from the is_secure() > > function within Django API. > > > Graham --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---