python Django 和 SSL 问题
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/2131727/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Django and SSL question
提问by Hellnar
I am planning to sell products by charging credit cards thus using SSL will be critical for Django-powered website. And I am very naive for this.
我计划通过向信用卡收费来销售产品,因此使用 SSL 对 Django 驱动的网站至关重要。而我对此非常天真。
My initial django setup plan was using Apache as the webserver and using mod_wsgi to communicate with Django, static media again served by Apache. All seemed good until SSL protocol comes to the plans.
我最初的 django 设置计划是使用 Apache 作为网络服务器并使用 mod_wsgi 与 Django 通信,静态媒体再次由 Apache 提供服务。在 SSL 协议进入计划之前,一切似乎都很好。
I will be using SSL protocol for user account configuration pages, the whole purchase sequence and maybe at the django admin.
我将在用户帐户配置页面、整个购买序列以及 django 管理员中使用 SSL 协议。
I have checked the official documentations and googled but answers are rather confusing.
我检查了官方文档并用谷歌搜索,但答案相当混乱。
- What would be the recommended way of implementing SSL to this setup ?
- Any suggestions to this first time SSL implementer to a website ?
- From this page, it seems like they have included Nginx to the stack. Couldn't it be done without it ?
- 在此设置中实施 SSL 的推荐方法是什么?
- 对第一次访问网站的 SSL 实施者有什么建议吗?
- 从这个页面来看,他们似乎已经将 Nginx 包含在堆栈中。没有它就不能完成吗?
Thanks
谢谢
回答by codeape
I have deployed Django apps on SSL using Apache's mod_ssland mod_wsgi.
我已经使用 Apachemod_ssl和mod_wsgi.
I am no Apache expert, but here's how I setup SSL for one site (put the directives below in the httpd.conffile, or in a file referenced from that file, for instance in the sites-enableddirectory, if that is used in your Apache installation). See the first documentation link below for how to create and use a self-signed certificate.
我不是 Apache 专家,但这里是我为一个站点设置 SSL 的方法(将下面的指令放在httpd.conf文件中,或者放在从该文件引用的文件中,例如放在sites-enabled目录中,如果它在您的 Apache 安装中使用)。有关如何创建和使用自签名证书的信息,请参阅下面的第一个文档链接。
NameVirtualHost *:443
<VirtualHost *:443>
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/certificatefile.crt
SSLCertificateKeyFile /etc/apache2/ssl/certificatekeyfile.crt
WSGIScriptAlias / /path/to/file.wsgi
</VirtualHost>
Documentation links:
文档链接:
- Apache self signed certificate HOWTO: http://www.perturb.org/display/entry/754/
- http://httpd.apache.org/docs/2.2/mod/mod_ssl.html
- http://httpd.apache.org/docs/2.2/ssl/
- Using mod_wsgi to host Django: http://docs.djangoproject.com/en/dev/howto/deployment/modwsgi/
回答by shaond
For those coming through Google, heres an example config for Nginx:
对于那些通过谷歌来的人,这里有一个 Nginx 的示例配置:
server {
listen 443 ssl default;
server_name example.com;
ssl on;
ssl_certificate /etc/nginx/server.crt;
ssl_certificate_key /etc/nginx/server.key;
add_header Cache-Control "public, must-revalidate";
# add_header Cache-Control "no-cache";
expires 1d;
add_header Strict-Transport-Security "max-age=2592000; includeSubdomains";
location / {
fastcgi_pass localhost:8000;
fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_pass_request_headers on;
# include fastcgi_params;
}
location /static {
root /home/myapp/application;
}
location = /favicon.ico {
root /home/myapp/application/assets;
access_log off;
log_not_found off;
}
}
回答by stefanw
Django doesn't handle the SSL stuff. Apache will take care of that for you transparently and Django will work as usual. You can check for SSL in a view with request.is_secure().
Django 不处理 SSL 的东西。Apache 会透明地为你处理这些,Django 会照常工作。您可以在视图中检查 SSL request.is_secure()。
However you must serve links where appropriate as https urls. You also may want to redirect certain http pages to https pages (like the django admin screen).
但是,您必须在适当的情况下将链接作为 https url 提供。您可能还想将某些 http 页面重定向到 https 页面(如 django 管理屏幕)。
