On 21/03/2015, at 7:54 PM, Graham Dumpleton <[email protected]> wrote:
> > On 21/03/2015, at 10:13 AM, Kyle Handy <[email protected]> wrote: > >> Hello, >> >> I've been developing a Django REST API that supports an iPhone application's >> data needs and user tracking. We have been using mod_wsgi express to host >> the API. When working over HTTP the API works great, but we have recently >> configured the HTTPS portion of the server and it we cannot reach the server >> over 3G/4G internet connections. >> >> The server responds to the following HTTPS requests: >> >> PC browser request on Wi-Fi >> PC browser request on landline. >> iPhone device request over Wi-Fi >> >> The server DOES NOT even RECEIVE the following HTTPS requests: >> >> iPhone device request over 3G >> iPhone device request over 4G >> >> Is there any special configuration or extra accommodation that is required >> by Django or the mod_wsgi module in order to support requests over 3G/4G via >> HTTPS? >> >> Any help is appreciated. > > What is the command line arguments you are giving to mod_wsgi-express? > > It would need to be something like: > > mod_wsgi-express start-server --https-port 8443 --server-name > ssl.example.com --ssl-certificate-file server.crt --ssl-certificate-key-file > server.key > > You could also use the all in one combined '--ssl-certificate' option, or > would have to if on older mod_wsgi-express version. That variant of the > option would be specified as '--ssl-certificate server'. That is, the common > base name of the SSL certificate and key file. > > Very important is that you must use the '--server-name' option and it should > match the host name allowed by the SSL certificate and must match the host > name appearing in the URL used to access the site. > > Also suggest adding the option '--access-log'. This will turn on request > access logging and should show whether requests even reach the server, even > if rejected. If they don't even reach the server, then would take it as being > an external routing issue. > > To validate there are no complaints from Apache on startup about the SSL > certificate, check the error log. To be sure you can also add '--startup-log' > and check the startup log for any extra error messages in case not being > logged to the error log. One more point. If it is necessary for the site to be accessible by multiple host names, then you need to use the '--server-alias other-hostname' option to say what the additional host names are. These would generally have to be sub domains under your same parent domain and you would need some sort of wildcard SSL certificate for your parent domain to avoid issues with complaints about SSL certificate not matching. Graham -- You received this message because you are subscribed to the Google Groups "modwsgi" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/modwsgi. For more options, visit https://groups.google.com/d/optout.
