This was *VERY* helpful, thanks! Looks like it was some weird behavior with Apache and SSL. I don’t think mod_wsgi was one of the troublemakers at all. :-)
Both of the browser’s bad behavior is now gone. I’ve changed to using Nginx as an SSL front-end proxy to a back-end Apache acting as an application web server for the Django application (still using mod_wsgi 4.4.1). It took me a bit to figure out how to get the REMOTE_ADDR header to reflect the actual IP address instead of the proxy’s, and to pass that into the web application (used in several areas for rules and logging) but all is working well now. Thanks to you and Graham for all of your help on getting me up and going! —Jennifer > On Dec 17, 2014, at 10:45 AM, Jason Garber <[email protected]> wrote: > > Hi Jennifer, > > Here is how we do it, and it works well. Please adapt as needed. > > In summary, we use nginx to terminate ssl, handle any redirects, serve static > content, and proxy any remaining requests to apache. Essentially apache is > just a very robust application server at this point. > > In Apache, each app is served on it's own port on 127.0.0.1. This keeps the > application traffic from getting mixed up. Nginx contains the ability to > serve http and https from the same server entry which is supremely convenient. > > Keep in mind that nginx will proxy over HTTP/1.0 which means there is no Host > header sent by default. It is added in the nginx server. > > Note that I have not used it with Django, but have used it with everything > from Ruby and Phusion Passenger to PHP to Python and mod_wsgi. It *just > works*. > > ----------------------------------------- > > NGINX: > Install from package repository > > Here is a tweaked /etc/nginx/nginx.conf you can use: > > https://github.com/appcove/acn-linux/blob/master/os-template/etc/nginx/nginx.conf > > Note Line 22 needs updated > It includes from /etc/nginx/conf.d/*.conf > It includes from /etc/nginx/conf.server.d/*.conf > > (you need to manually create that directory, or just remove that include line > and put everything in conf.d) > > > -- Note: the following is included automatically by the main > /etc/nginx/nginx.conf -- > > /etc/nginx/conf.server.d/www.example.com.conf > > server > { > listen 192.168.50.12:80; > listen 192.168.50.12:443 ssl; > > server_name www.example.com; > > # Note, this is the /etc/nginx/ssl/ directory > > ssl_certificate ssl/www.example.com.crt; > ssl_certificate_key ssl/www.example.com.key; > > # Nginx uses HTTP 1.0 to proxy, so we need to manually add headers so the > app can > # know if we were in http or https and who originally requested the content > > proxy_set_header Host $host; > proxy_set_header X-Real-IP $remote_addr; > proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; > proxy_set_header Scheme $scheme; > > # Allow large uploads > > client_max_body_size 1000m; > > # Nginx serves static content, so it is important to forbid any > # python files from being served > > location ~ \.(py|pyc|pyo|wsgi)$ > { > return 403; > } > > # Anything with an extension is served directly. You may want to > # remove this from your config. > > location ~ \.([a-zA-Z0-9])+$ > { > root /home/jason/ExampleProject/Web; > > add_header Cache-Control 'no-cache, no-store, max-age=0, must-revalidate'; > add_header Expires 'Thu, 01 Jan 1970 00:00:01 GMT'; > > } > > # Everything else is proxied to Apache on 127.0.0.1 port 60301 > > location / > { > add_header Cache-Control 'no-cache, no-store, max-age=0, must-revalidate'; > add_header Expires 'Thu, 01 Jan 1970 00:00:01 GMT'; > proxy_pass http://127.0.0.1:60301; > } > } > > > The following apache config is included by the main httpd config file > > # Notice we are telling apache to listen on 127.0.0.1 port 60301. > # For the sake of clairity, we are calling the WSGIDaemonProcess by the same > name as the port. > # By hosting each app on it's own port, we eliminate any server-name issues > between nginx and apache > > WSGIDaemonProcess Port60301 processes=2 threads=2 > python-path=/home/jason/ExampleProject/Python > Listen 127.0.0.1:60301 > NameVirtualHost 127.0.0.1:60301 > > # www.example.com > <VirtualHost 127.0.0.1:60301> > ServerName _default_ > DocumentRoot /home/jason/DevLevel.2/PBN/Web/Main > AddDefaultCharset UTF-8 > > RewriteEngine on > RewriteOptions inherit > > # Forbid any python source files from being served. > RewriteRule \.(py|pyc|pyo|wsgi)$ - [F] > > WSGIScriptAlias / /home/jason/ExampleProject/Web/__init__.wsgi > WSGIProcessGroup Port60301 > > LogLevel info > ErrorLog /home/jason/ExampleProject/apache-error.log > </VirtualHost> > > > These lines are also in the main apache config: > > LoadModule wsgi_module modules/python33-mod_wsgi.so > WSGISocketPrefix run/wsgi > WSGIApplicationGroup %{GLOBAL} > > > ------------------------ > > Thanks! > Jason > > > On Wed, Dec 17, 2014 at 12:16 AM, Jennifer Mehl <[email protected]> > wrote: > Fantastic - thanks again! > > Jennifer > > > On Dec 16, 2014, at 9:14 PM, Jason Garber <[email protected]> wrote: > > > > I will send in the morning (eastern). > > > > On Dec 16, 2014 11:18 PM, "Jennifer Mehl" <[email protected]> wrote: > > Jason, > > > > Having complete example configs would be fantastic. Turning on SSL in > > Apache is what is currently making parts of the app 'break' in IE and > > Safari. It would be great if I could rule out the application code - > > changing front end web servers is probably the only way to do that. > > > > Thanks in advance for the help! > > > > Jennifer > > > > > > > On Dec 16, 2014, at 8:14 PM, Jason Garber <[email protected]> wrote: > > > > > > Hi Jennifer, > > > > > > May I suggest you simplify your apache config by running apache on > > > 127.0.0.1:8086 (for example) and placing nginx in front of it proxying > > > requests to apache. Use nginx for ssl termination. > > > > > > It is dead simple and uncomplicates the apache config. > > > > > > I can provide complete example configs if you wish. > > > > > > Thanks! > > > Jason > > > > > > On Dec 16, 2014 8:03 PM, "Jennifer Mehl" <[email protected]> wrote: > > > Thank you. Good to get those things all cleaned up. > > > > > > I also compiled and installed v4.4.1 of mod_wsgi from source and removed > > > the 3.4 Ubuntu version from my system. > > > > > > Setting DEBUG = False seems to break my application - I get a “Bad > > > Request 400” error back in my browser - so I will check in with the > > > developer on that one. > > > > > > I’ve removed the extraneous environment variables and also the SSL proxy > > > setting. I am only using mod_wsgi with Apache, so, as you say, it > > > shouldn’t need that anyhow. > > > > > > I’ve done the test for the /wsgicheck and it does return a value of > > > https. Thanks for helping me verify that functionality. > > > > > > So, this leaves me with looking at Apache as a culprit - or again, the > > > Django code itself. It’s very odd how only the two browsers are showing > > > issues and they are completely different issues… > > > > > > thanks, > > > Jennifer > > > > > > > > > > > > > On Dec 16, 2014, at 4:41 PM, Graham Dumpleton > > > > <[email protected]> wrote: > > > > > > > > Hmmm, this looks really dangerous: > > > > > > > > DEBUG = "FALSE" > > > > > > > > The DEBUG setting is meant to be a boolean value, not a string. > > > > > > > > Because you are setting it to a non empty string, it will be > > > > interpreted as True and so you have debug mode enabled. > > > > > > > > That is not good as sensitive information could be exposed back to > > > > users in error pages shown in the browser. > > > > > > > > Running in debug mode might cause other issues as well. > > > > > > > > Ensure you are setting it to: > > > > > > > > DEBUG = False > > > > > > > > Also, setting: > > > > > > > > os.environ['HTTPS'] = "on" > > > > os.environ['wsgi.url_scheme'] = 'https' > > > > > > > > will not do anything. > > > > > > > > The wsgi.url_scheme is an attribute which is passed down by mod_wsgi in > > > > the details for each request. A web framework will use the flag from > > > > the request details. The main thing it controls is merely the > > > > construction of absolute URLs when needing to be added to response > > > > headers or maybe response content in some cases. > > > > > > > > In other words, you do not need to set it and setting it in environment > > > > variables wouldn't do anything anyway. > > > > > > > > Next, setting: > > > > > > > > os.environ.setdefault("DJANGO_SETTINGS_MODULE", "myproject.settings") > > > > > > > > is okay if you have just the one Django site, but be careful in using > > > > this if you are running more than one. Safer to use: > > > > > > > > os.environ["DJANGO_SETTINGS_MODULE"] = "myproject.settings" > > > > > > > > More details in: > > > > > > > > > > > > http://blog.dscpl.com.au/2012/10/requests-running-in-wrong-django.html > > > > > > > > You also don't need: > > > > > > > > SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https') > > > > > > > > if Apache is your front facing web server. You would only need this if > > > > you had a further front end proxy such as nginx in front of Apache and > > > > nginx had been configured to actually introduce these headers. That > > > > your Apache is accepting HTTPS requests would indicate that you don't > > > > have an nginx in front. > > > > > > > > Now as to determine whether wsgi.url_scheme is set properly, the > > > > easiest way is to take a copy of: > > > > > > > > def application(environ, start_response): > > > > status = '200 OK' > > > > output = str(environ.get('wsgi.url_scheme')) > > > > > > > > response_headers = [('Content-type', 'text/plain'), > > > > ('Content-Length', str(len(output)))] > > > > start_response(status, response_headers) > > > > > > > > return [output] > > > > > > > > Put it in a file called check.py nest to your existing wsgi.py file. > > > > > > > > In the Apache configuration, BEFORE THE LINE: > > > > > > > > WSGIScriptAlias / /var/www/transfergateway/myproject/apache/wsgi.py > > > > > > > > add: > > > > > > > > WSGIScriptAlias /wsgicheck > > > > /var/www/transfergateway/myproject/apache/check.py > > > > > > > > Then down further where have: > > > > > > > > <Directory /var/www/transfergateway/myproject/apache> > > > > <Files wsgi.py> > > > > Order deny,allow > > > > Allow from all > > > > </Files> > > > > </Directory> > > > > > > > > Change it to: > > > > > > > > <Directory /var/www/transfergateway/myproject/apache> > > > > <Files wsgi.py> > > > > Order deny,allow > > > > Allow from all > > > > </Files> > > > > <Files check.py> > > > > Order deny,allow > > > > Allow from all > > > > </Files> > > > > </Directory> > > > > > > > > Restart Apache and then hit the URL of the site for /wsgicheck > > > > > > > > You should see 'https' returned in the page. > > > > > > > > Hope this helps. > > > > > > > > Graham > > > > > > > > On 17/12/2014, at 11:09 AM, Jennifer Mehl <[email protected]> > > > > wrote: > > > > > > > >> No problem, if I have to compile from source, then I will try that. > > > >> > > > >> One last thing regarding HTTPS - how do I ensure that I have the > > > >> wsgi.url_scheme set correctly? > > > >> > > > >> Here is my wsgi.py file: > > > >> > > > >> import os > > > >> import sys > > > >> > > > >> path='/var/www/transfergateway/myproject' > > > >> > > > >> #if path not in sys.path: > > > >> #sys.path.append(path) > > > >> > > > >> os.environ.setdefault("DJANGO_SETTINGS_MODULE", "myproject.settings") > > > >> > > > >> #HTTPS > > > >> os.environ['HTTPS'] = "on" > > > >> > > > >> # This application object is used by any WSGI server configured to use > > > >> this > > > >> # file. This includes Django's development server, if the > > > >> WSGI_APPLICATION > > > >> # setting points here. > > > >> from django.core.wsgi import get_wsgi_application > > > >> application = get_wsgi_application() > > > >> > > > >> > > > >> > > > >> > > > >> and here is relevant stuff from my settings.py file: > > > >> > > > >> import os > > > >> PROJECT_ROOT = os.path.realpath(os.path.dirname(__file__)) > > > >> > > > >> > > > >> #turn off debug when going to production > > > >> DEBUG = "FALSE" > > > >> TEMPLATE_DEBUG = DEBUG > > > >> > > > >> > > > >> # Python dotted path to the WSGI application used by Django's > > > >> runserver. > > > >> WSGI_APPLICATION = 'myproject.wsgi.application' > > > >> > > > >> > > > >> #session expire at browser close > > > >> SESSION_EXPIRE_AT_BROWSER_CLOSE = True > > > >> SESSION_COOKIE_HTTPONLY=True > > > >> > > > >> #idle timeout > > > >> SESSION_IDLE_TIMEOUT=900 > > > >> > > > >> #HTTPS stuff - secure proxy SSL header - do I need this? > > > >> SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https') > > > >> #HTTPS stuff - secure cookies > > > >> SESSION_COOKIE_SECURE = True > > > >> CSRF_COOKIE_SECURE = True > > > >> > > > >> #HTTPS WSGI > > > >> os.environ['wsgi.url_scheme'] = 'https' > > > >> > > > >> > > > >> > > > >>> On Dec 16, 2014, at 3:59 PM, Graham Dumpleton > > > >>> <[email protected]> wrote: > > > >>> > > > >>> You will unfortunately not find a binary OS supplied Ubuntu 10.4 > > > >>> package for mod_wsgi which is newer. > > > >>> > > > >>> Your only choice would be to compile from source code. > > > >>> > > > >>> Graham > > > >>> > > > >>> On 17/12/2014, at 10:54 AM, Jennifer Mehl <[email protected]> > > > >>> wrote: > > > >>> > > > >>>> Thanks for this info. I’ll try a newer mod_wsgi. > > > >>>> > > > >>>> It’s very odd to me that the app works fine in mod_wsgi/Apache with > > > >>>> no SSL but parts become broken in certain browsers once SSL is > > > >>>> enabled. > > > >>>> > > > >>>> At any rate, thanks for the guidance and I’ll report back if I find > > > >>>> a fix! > > > >>>> > > > >>>> —Jennifer > > > >>>> > > > >>>>> On Dec 16, 2014, at 3:46 PM, Graham Dumpleton > > > >>>>> <[email protected]> wrote: > > > >>>>> > > > >>>>> If you are using mod_wsgi 3.4 that could be a problem in itself. > > > >>>>> > > > >>>>> Recent versions of Ubuntu as I understand it use Apache 2.4, but > > > >>>>> such an old version of mod_wsgi may have issues on Apache 2.4. At > > > >>>>> the minimum would need to have mod_wsgi 3.5 from memory as some > > > >>>>> Apache 2.4 fixes were back ported to 3.5. It is unlikely they back > > > >>>>> ported those themselves to 3.4 for 14.04. > > > >>>>> > > > >>>>> Either way, mod_wsgi itself shouldn't be causing any problems with > > > >>>>> HTTPS as it is Apache that deals with all that and mod_wsgi has > > > >>>>> nothing to do with the handling of secure connections. When > > > >>>>> mod_wsgi sees a request that came via HTTPS it sees it as being no > > > >>>>> different to a HTTP request with the exception of what the > > > >>>>> wsgi.url_scheme attribute is set to. It is therefore more likely to > > > >>>>> be an Apache configuration issue or issue with the code of Apache > > > >>>>> itself. > > > >>>>> > > > >>>>> FWIW, mod_wsgi 3.4 means that Ubuntu version is almost 20 versions > > > >>>>> behind. Even Ubuntu 14.10 has only mod_wsgi 3.5. It is quite > > > >>>>> frustrating that they haven't been bothered to update their > > > >>>>> packages to more recent versions even if only for the most recent > > > >>>>> 14.10. > > > >>>>> > > > >>>>> About the only thing I can suggest if it is readily reproducible, > > > >>>>> is to use request logging such as described in: > > > >>>>> > > > >>>>> http://code.google.com/p/modwsgi/wiki/DebuggingTechniques#Tracking_Request_and_Response > > > >>>>> > > > >>>>> to see if when a request has issues, that the WSGI application > > > >>>>> actually returned the requests properly. > > > >>>>> > > > >>>>> If it isn't, then use something like: > > > >>>>> > > > >>>>> http://code.google.com/p/modwsgi/wiki/DebuggingTechniques#Extracting_Python_Stack_Traces > > > >>>>> > > > >>>>> to get out Python stack traces for where a request handler may be > > > >>>>> stuck. > > > >>>>> > > > >>>>> Both can be fiddly so sounds like you aren't going to have time to > > > >>>>> do that. > > > >>>>> > > > >>>>> Graham > > > >>>>> > > > >>>>> On 17/12/2014, at 10:04 AM, Jennifer Mehl <[email protected]> > > > >>>>> wrote: > > > >>>>> > > > >>>>>> I’m on the latest for Ubuntu 14.04LTS - 2.4.7-1ubuntu4.1. I have > > > >>>>>> been using the updated mod_wsgi3.4 from Ubuntu. > > > >>>>>> > > > >>>>>> At this point I was thinking about trying my Django application in > > > >>>>>> a different WSGI server to see if I can narrow down if the problem > > > >>>>>> is with the Django code or something with mod_wsgi. I was > > > >>>>>> thinking about uwsgi (trying to find something quick and easy to > > > >>>>>> test) or nginx. > > > >>>>>> > > > >>>>>> Again, the weird browser behavior I describe below only happens > > > >>>>>> when using Apache/HTTPS, port 443, in mod_wsgi (not Apache/HTTP in > > > >>>>>> mod_wsgi or the Django development server in port 80). > > > >>>>>> > > > >>>>>> I’m kind of at my wit’s end trying to narrow down *where* the > > > >>>>>> problem is (if it’s something in the Django code, I only have one > > > >>>>>> more day until my developer leaves for a few weeks for winter > > > >>>>>> break…) Do you think there any debugging I can do by looking at > > > >>>>>> the developer console in the affected browsers - for instance > > > >>>>>> comparing the affected pages on a working port 80 vs the same > > > >>>>>> pages on the non-working SSL/port 443 connection? > > > >>>>>> > > > >>>>>> thank you, > > > >>>>>> Jennifer > > > >>>>>> > > > >>>>>> > > > >>>>>> > > > >>>>>>> On Dec 16, 2014, at 2:55 PM, Graham Dumpleton > > > >>>>>>> <[email protected]> wrote: > > > >>>>>>> > > > >>>>>>> One more question. What version of Apache are you using? > > > >>>>>>> > > > >>>>>>> If you are stuck on a quite old Apache 2.2.X version that would > > > >>>>>>> be a concern as there were various SSL related issues patched > > > >>>>>>> during the life of Apache 2.2.X. > > > >>>>>>> > > > >>>>>>> Graham > > > >>>>>>> > > > >>>>>>> On 16/12/2014, at 11:40 AM, Graham Dumpleton > > > >>>>>>> <[email protected]> wrote: > > > >>>>>>> > > > >>>>>>>> I'll go through the description you gave me and see if can > > > >>>>>>>> suggest anything, but first up, what version of mod_wsgi are you > > > >>>>>>>> using? > > > >>>>>>>> > > > >>>>>>>> If you are using mod_wsgi 4.4.0 make sure you update to 4.4.1. > > > >>>>>>>> The newer version resolves a potential for process crashing > > > >>>>>>>> introduced in 4.4.0. > > > >>>>>>>> > > > >>>>>>>> Graham > > > >>>>>>>> > > > >>>>>>>> On 16/12/2014, at 11:33 AM, Jennifer Mehl > > > >>>>>>>> <[email protected]> wrote: > > > >>>>>>>> > > > >>>>>>>>> Hi there, > > > >>>>>>>>> > > > >>>>>>>>> I am backpedalling a bit from my previous attempt to chroot > > > >>>>>>>>> mod_wsgi - instead, for now, just to get this Django > > > >>>>>>>>> application running, for simplicity, I am going to start out > > > >>>>>>>>> with just running it as a daemon as a restricted user. > > > >>>>>>>>> > > > >>>>>>>>> In doing the final testing of my application on various > > > >>>>>>>>> browsers, I have noticed some strange problems. > > > >>>>>>>>> > > > >>>>>>>>> When I run Django/mod_wsgi/Apache on port 80 (same config as > > > >>>>>>>>> below, minus the mod_ssl stuff) or use the django development > > > >>>>>>>>> runserver 0.0.0.0:80, and disable the following settings in > > > >>>>>>>>> settings.py (#SESSION_COOKIE_SECURE = True #CSRF_COOKIE_SECURE > > > >>>>>>>>> = True) these browsers work correctly in the app. > > > >>>>>>>>> > > > >>>>>>>>> However, when running Django application running through > > > >>>>>>>>> mod_wsgi and HTTPS/port 443 in Apache, I see problems with both > > > >>>>>>>>> IE and Safari browsers. After login on Internet Explorer, page > > > >>>>>>>>> timeouts occur in various locations, reporting "This page can't > > > >>>>>>>>> be displayed". On Safari, the app won't get past the secondary > > > >>>>>>>>> Duo MFA authentication step, saying "Server unexpectedly > > > >>>>>>>>> dropped the connection." It is not a consistent behavior - > > > >>>>>>>>> seems to happen more frequently if I click quickly through > > > >>>>>>>>> links. Sometimes if I wait long enough to click, it might > > > >>>>>>>>> work momentarily, but then not again a moment later. This > > > >>>>>>>>> behavior does NOT happen using Chrome or Firefox browsers on > > > >>>>>>>>> any OS. > > > >>>>>>>>> > > > >>>>>>>>> Apache config: > > > >>>>>>>>> > > > >>>>>>>>> > > > >>>>>>>>> <IfModule mod_ssl.c> > > > >>>>>>>>> > > > >>>>>>>>> <VirtualHost *:443> > > > >>>>>>>>> > > > >>>>>>>>> ServerName **redacted** > > > >>>>>>>>> > > > >>>>>>>>> > > > >>>>>>>>> > > > >>>>>>>>> #Django WSGI - Daemon > > > >>>>>>>>> > > > >>>>>>>>> WSGIScriptAlias / > > > >>>>>>>>> /var/www/transfergateway/myproject/apache/wsgi.py > > > >>>>>>>>> > > > >>>>>>>>> WSGIProcessGroup file-xfer > > > >>>>>>>>> > > > >>>>>>>>> WSGIDaemonProcess file-xfer user=mod_wsgi group=mod_wsgi > > > >>>>>>>>> processes=2 threads=25 python-path=/var/www/transfergateway > > > >>>>>>>>> > > > >>>>>>>>> > > > >>>>>>>>> <Directory /var/www/transfergateway/myproject/apache> > > > >>>>>>>>> > > > >>>>>>>>> <Files wsgi.py> > > > >>>>>>>>> > > > >>>>>>>>> Order deny,allow > > > >>>>>>>>> > > > >>>>>>>>> Allow from all > > > >>>>>>>>> > > > >>>>>>>>> </Files> > > > >>>>>>>>> > > > >>>>>>>>> </Directory> > > > >>>>>>>>> > > > >>>>>>>>> > > > >>>>>>>>> > > > >>>>>>>>> Alias /robots.txt > > > >>>>>>>>> /var/www/transfergateway/myproject/myapp/static/robots.txt > > > >>>>>>>>> > > > >>>>>>>>> Alias /favicon.ico > > > >>>>>>>>> /var/www/transfergateway/myproject/myapp/static/favicon.ico > > > >>>>>>>>> > > > >>>>>>>>> > > > >>>>>>>>> > > > >>>>>>>>> AliasMatch ^/([^/]*\.css) > > > >>>>>>>>> /var/www/transfergateway/myproject/myapp/static/styles/$1 > > > >>>>>>>>> > > > >>>>>>>>> > > > >>>>>>>>> > > > >>>>>>>>> Alias /media/ /var/www/transfergateway/myproject/myapp/media/ > > > >>>>>>>>> > > > >>>>>>>>> Alias /static/ /var/www/transfergateway/myproject/myapp/static/ > > > >>>>>>>>> > > > >>>>>>>>> > > > >>>>>>>>> > > > >>>>>>>>> <Directory /var/www/transfergateway/myproject/myapp/static> > > > >>>>>>>>> > > > >>>>>>>>> Order deny,allow > > > >>>>>>>>> > > > >>>>>>>>> Allow from all > > > >>>>>>>>> > > > >>>>>>>>> </Directory> > > > >>>>>>>>> > > > >>>>>>>>> > > > >>>>>>>>> > > > >>>>>>>>> <Directory /var/www/transfergateway/myproject/myapp/media> > > > >>>>>>>>> > > > >>>>>>>>> Order deny,allow > > > >>>>>>>>> > > > >>>>>>>>> Allow from all > > > >>>>>>>>> > > > >>>>>>>>> </Directory> > > > >>>>>>>>> > > > >>>>>>>>> > > > >>>>>>>>> > > > >>>>>>>>> ErrorLog ${APACHE_LOG_DIR}/error.log > > > >>>>>>>>> > > > >>>>>>>>> CustomLog ${APACHE_LOG_DIR}/access.log combined > > > >>>>>>>>> > > > >>>>>>>>> SSLEngine on > > > >>>>>>>>> > > > >>>>>>>>> SSLCertificateFile /etc/ssl/certs/*** > > > >>>>>>>>> > > > >>>>>>>>> SSLCertificateKeyFile /etc/ssl/private/** > > > >>>>>>>>> > > > >>>>>>>>> SSLCertificateChainFile /etc/ssl/certs/** > > > >>>>>>>>> > > > >>>>>>>>> SSLCipherSuite HIGH:!aNULL:!MD5 > > > >>>>>>>>> > > > >>>>>>>>> </VirtualHost> > > > >>>>>>>>> > > > >>>>>>>>> > > > >>>>>>>>> </IfModule> > > > >>>>>>>>> > > > >>>>>>>>> > > > >>>>>>>>> > > > >>>>>>>>> > > > >>>>>>>>> So, I'm concluding that the HTTPS problem is one of two things: > > > >>>>>>>>> how I am configuring mod_wsgi with HTTPS, or some issue inside > > > >>>>>>>>> the Django code (but HTTPS works on some browsers with no > > > >>>>>>>>> issues, so I'm stumped...) > > > >>>>>>>>> > > > >>>>>>>>> Is there anything special that I need to do in mod_wsgi or the > > > >>>>>>>>> Django application itself, in order to make the application > > > >>>>>>>>> HTTPS only? (I am not a Python or Django developer, so I would > > > >>>>>>>>> be passing info on to the actual application developer for > > > >>>>>>>>> resolution.) Any ideas? > > > >>>>>>>>> > > > >>>>>>>>> thank you, > > > >>>>>>>>> Jennifer > > > >>>>>>>>> > > > >>>>>>>>> > > > >>>>>>>>> > > > >>>>>>>>> -- > > > >>>>>>>>> You received this message because you are subscribed to the > > > >>>>>>>>> Google Groups "modwsgi" group. > > > >>>>>>>>> To unsubscribe from this group and stop receiving emails from > > > >>>>>>>>> it, send an email to [email protected]. > > > >>>>>>>>> To post to this group, send email to [email protected]. > > > >>>>>>>>> Visit this group at http://groups.google.com/group/modwsgi. > > > >>>>>>>>> For more options, visit https://groups.google.com/d/optout. > > > >>>>>>>> > > > >>>>>>> > > > >>>>>>> > > > >>>>>>> -- > > > >>>>>>> You received this message because you are subscribed to a topic > > > >>>>>>> in the Google Groups "modwsgi" group. > > > >>>>>>> To unsubscribe from this topic, visit > > > >>>>>>> https://groups.google.com/d/topic/modwsgi/S1if2HhkGGE/unsubscribe. > > > >>>>>>> To unsubscribe from this group and all its topics, send an email > > > >>>>>>> to [email protected]. > > > >>>>>>> To post to this group, send email to [email protected]. > > > >>>>>>> Visit this group at http://groups.google.com/group/modwsgi. > > > >>>>>>> For more options, visit https://groups.google.com/d/optout. > > > >>>>>> > > > >>>>>> -- > > > >>>>>> You received this message because you are subscribed to the Google > > > >>>>>> Groups "modwsgi" group. > > > >>>>>> To unsubscribe from this group and stop receiving emails from it, > > > >>>>>> send an email to [email protected]. > > > >>>>>> To post to this group, send email to [email protected]. > > > >>>>>> Visit this group at http://groups.google.com/group/modwsgi. > > > >>>>>> For more options, visit https://groups.google.com/d/optout. > > > >>>>> > > > >>>>> -- > > > >>>>> You received this message because you are subscribed to a topic in > > > >>>>> the Google Groups "modwsgi" group. > > > >>>>> To unsubscribe from this topic, visit > > > >>>>> https://groups.google.com/d/topic/modwsgi/S1if2HhkGGE/unsubscribe. > > > >>>>> To unsubscribe from this group and all its topics, send an email to > > > >>>>> [email protected]. > > > >>>>> To post to this group, send email to [email protected]. > > > >>>>> Visit this group at http://groups.google.com/group/modwsgi. > > > >>>>> For more options, visit https://groups.google.com/d/optout. > > > >>>> > > > >>>> -- > > > >>>> You received this message because you are subscribed to the Google > > > >>>> Groups "modwsgi" group. > > > >>>> To unsubscribe from this group and stop receiving emails from it, > > > >>>> send an email to [email protected]. > > > >>>> To post to this group, send email to [email protected]. > > > >>>> Visit this group at http://groups.google.com/group/modwsgi. > > > >>>> For more options, visit https://groups.google.com/d/optout. > > > >>> > > > >>> -- > > > >>> You received this message because you are subscribed to a topic in > > > >>> the Google Groups "modwsgi" group. > > > >>> To unsubscribe from this topic, visit > > > >>> https://groups.google.com/d/topic/modwsgi/S1if2HhkGGE/unsubscribe. > > > >>> To unsubscribe from this group and all its topics, send an email to > > > >>> [email protected]. > > > >>> To post to this group, send email to [email protected]. > > > >>> Visit this group at http://groups.google.com/group/modwsgi. > > > >>> For more options, visit https://groups.google.com/d/optout. > > > >> > > > >> -- > > > >> You received this message because you are subscribed to the Google > > > >> Groups "modwsgi" group. > > > >> To unsubscribe from this group and stop receiving emails from it, send > > > >> an email to [email protected]. > > > >> To post to this group, send email to [email protected]. > > > >> Visit this group at http://groups.google.com/group/modwsgi. > > > >> For more options, visit https://groups.google.com/d/optout. > > > > > > > > -- > > > > You received this message because you are subscribed to a topic in the > > > > Google Groups "modwsgi" group. > > > > To unsubscribe from this topic, visit > > > > https://groups.google.com/d/topic/modwsgi/S1if2HhkGGE/unsubscribe. > > > > To unsubscribe from this group and all its topics, send an email to > > > > [email protected]. > > > > To post to this group, send email to [email protected]. > > > > Visit this group at http://groups.google.com/group/modwsgi. > > > > For more options, visit https://groups.google.com/d/optout. > > > > > > -- > > > You received this message because you are subscribed to the Google Groups > > > "modwsgi" group. > > > To unsubscribe from this group and stop receiving emails from it, send an > > > email to [email protected]. > > > To post to this group, send email to [email protected]. > > > Visit this group at http://groups.google.com/group/modwsgi. > > > For more options, visit https://groups.google.com/d/optout. > > > > > > -- > > > You received this message because you are subscribed to a topic in the > > > Google Groups "modwsgi" group. > > > To unsubscribe from this topic, visit > > > https://groups.google.com/d/topic/modwsgi/S1if2HhkGGE/unsubscribe. > > > To unsubscribe from this group and all its topics, send an email to > > > [email protected]. > > > To post to this group, send email to [email protected]. > > > Visit this group at http://groups.google.com/group/modwsgi. > > > For more options, visit https://groups.google.com/d/optout. > > > > -- > > You received this message because you are subscribed to the Google Groups > > "modwsgi" group. > > To unsubscribe from this group and stop receiving emails from it, send an > > email to [email protected]. > > To post to this group, send email to [email protected]. > > Visit this group at http://groups.google.com/group/modwsgi. > > For more options, visit https://groups.google.com/d/optout. > > > > -- > > You received this message because you are subscribed to a topic in the > > Google Groups "modwsgi" group. > > To unsubscribe from this topic, visit > > https://groups.google.com/d/topic/modwsgi/S1if2HhkGGE/unsubscribe. > > To unsubscribe from this group and all its topics, send an email to > > [email protected]. > > To post to this group, send email to [email protected]. > > Visit this group at http://groups.google.com/group/modwsgi. > > For more options, visit https://groups.google.com/d/optout. > > -- > You received this message because you are subscribed to the Google Groups > "modwsgi" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at http://groups.google.com/group/modwsgi. > For more options, visit https://groups.google.com/d/optout. > > -- > You received this message because you are subscribed to a topic in the Google > Groups "modwsgi" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/modwsgi/S1if2HhkGGE/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > To post to this group, send email to [email protected]. > Visit this group at http://groups.google.com/group/modwsgi. > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "modwsgi" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/modwsgi. For more options, visit https://groups.google.com/d/optout.
