One more question. What version of Apache are you using? If you are stuck on a quite old Apache 2.2.X version that would be a concern as there were various SSL related issues patched during the life of Apache 2.2.X.
Graham On 16/12/2014, at 11:40 AM, Graham Dumpleton <[email protected]> wrote: > I'll go through the description you gave me and see if can suggest anything, > but first up, what version of mod_wsgi are you using? > > If you are using mod_wsgi 4.4.0 make sure you update to 4.4.1. The newer > version resolves a potential for process crashing introduced in 4.4.0. > > Graham > > On 16/12/2014, at 11:33 AM, Jennifer Mehl <[email protected]> wrote: > >> Hi there, >> >> I am backpedalling a bit from my previous attempt to chroot mod_wsgi - >> instead, for now, just to get this Django application running, for >> simplicity, I am going to start out with just running it as a daemon as a >> restricted user. >> >> In doing the final testing of my application on various browsers, I have >> noticed some strange problems. >> >> When I run Django/mod_wsgi/Apache on port 80 (same config as below, minus >> the mod_ssl stuff) or use the django development runserver 0.0.0.0:80, and >> disable the following settings in settings.py (#SESSION_COOKIE_SECURE = True >> #CSRF_COOKIE_SECURE = True) these browsers work correctly in the app. >> >> However, when running Django application running through mod_wsgi and >> HTTPS/port 443 in Apache, I see problems with both IE and Safari browsers. >> After login on Internet Explorer, page timeouts occur in various locations, >> reporting "This page can't be displayed". On Safari, the app won't get past >> the secondary Duo MFA authentication step, saying "Server unexpectedly >> dropped the connection." It is not a consistent behavior - seems to happen >> more frequently if I click quickly through links. Sometimes if I wait long >> enough to click, it might work momentarily, but then not again a moment >> later. This behavior does NOT happen using Chrome or Firefox browsers on >> any OS. >> >> Apache config: >> >> >> <IfModule mod_ssl.c> >> >> <VirtualHost *:443> >> >> ServerName **redacted** >> >> >> >> #Django WSGI - Daemon >> >> WSGIScriptAlias / /var/www/transfergateway/myproject/apache/wsgi.py >> >> WSGIProcessGroup file-xfer >> >> WSGIDaemonProcess file-xfer user=mod_wsgi group=mod_wsgi processes=2 >> threads=25 python-path=/var/www/transfergateway >> >> >> <Directory /var/www/transfergateway/myproject/apache> >> >> <Files wsgi.py> >> >> Order deny,allow >> >> Allow from all >> >> </Files> >> >> </Directory> >> >> >> >> Alias /robots.txt /var/www/transfergateway/myproject/myapp/static/robots.txt >> >> Alias /favicon.ico >> /var/www/transfergateway/myproject/myapp/static/favicon.ico >> >> >> >> AliasMatch ^/([^/]*\.css) >> /var/www/transfergateway/myproject/myapp/static/styles/$1 >> >> >> >> Alias /media/ /var/www/transfergateway/myproject/myapp/media/ >> >> Alias /static/ /var/www/transfergateway/myproject/myapp/static/ >> >> >> >> <Directory /var/www/transfergateway/myproject/myapp/static> >> >> Order deny,allow >> >> Allow from all >> >> </Directory> >> >> >> >> <Directory /var/www/transfergateway/myproject/myapp/media> >> >> Order deny,allow >> >> Allow from all >> >> </Directory> >> >> >> >> ErrorLog ${APACHE_LOG_DIR}/error.log >> >> CustomLog ${APACHE_LOG_DIR}/access.log combined >> >> SSLEngine on >> >> SSLCertificateFile /etc/ssl/certs/*** >> >> SSLCertificateKeyFile /etc/ssl/private/** >> >> SSLCertificateChainFile /etc/ssl/certs/** >> >> SSLCipherSuite HIGH:!aNULL:!MD5 >> >> </VirtualHost> >> >> >> </IfModule> >> >> >> >> >> So, I'm concluding that the HTTPS problem is one of two things: how I am >> configuring mod_wsgi with HTTPS, or some issue inside the Django code (but >> HTTPS works on some browsers with no issues, so I'm stumped...) >> >> Is there anything special that I need to do in mod_wsgi or the Django >> application itself, in order to make the application HTTPS only? (I am not >> a Python or Django developer, so I would be passing info on to the actual >> application developer for resolution.) Any ideas? >> >> thank you, >> Jennifer >> >> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "modwsgi" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To post to this group, send email to [email protected]. >> Visit this group at http://groups.google.com/group/modwsgi. >> For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "modwsgi" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/modwsgi. For more options, visit https://groups.google.com/d/optout.
