如何通过 HTTPS 提供 Django 静态文件?

Posted

技术标签:

【中文标题】如何通过 HTTPS 提供 Django 静态文件?【英文标题】:How to serve Django static files through HTTPS? 【发布时间】:2011-10-20 12:22:00 【问题描述】:

访问通过 HTTPS 提供的静态文件时出现 404 错误,但静态文件通过 HTTP 可以正常工作。

明确地说,我可以通过两种方式访问​​特定页面,例如http://domain.com/pagehttps://domain.com/page 但在 HTTPS 情况下,图像将无法加载。

此外,直接访问图像 http://domain.com/static/image.png 有效,但 https://domain.com/static/image.png 返回 404。

我在 apache2 上使用 mod_wsgi 运行 Ubuntu 10.04 和 Django 1.3。

这里是相关文件(wsgi 和 prod.conf 和 secure_prod.conf 和 settings.py):

django.wsgi

import os
import sys
import site

sys.stdout = sys.stderr # Allows use of print statements

PROJECT_ROOT = '/home/code/domain/src/domain-project/'
site_packages = '/home/code/domain/lib/python2.6/site-packages'

site.addsitedir(os.path.abspath(site_packages))
sys.path.insert(0, PROJECT_ROOT)
sys.path.insert(1, os.path.join(PROJECT_ROOT, "domain"))
sys.path.insert(2, site_packages)
os.environ['DJANGO_SETTINGS_MODULE'] = 'domain.settings'
os.environ['PYTHON_EGG_CACHE'] = '/home/administrator/.python-eggs'
os.environ["CELERY_LOADER"] = "django"

import django.core.handlers.wsgi
application = django.core.handlers.wsgi.WSGIHandler()

# Load a monitor to automatically reload apache when files change
import domain.monitor
domain.monitor.start(interval=1.0)

production.conf

<VirtualHost *:80>

  # Admin email, Server Name (domain name) and any aliases
  ServerAdmin d@domain.com
  ServerName domain.com
    ServerAlias *.domain.com

  DocumentRoot /home/code/domain/src/domain-project/domain
  LogLevel warn
  WSGIDaemonProcess domain-production processes=5 maximum-requests=500 threads=100
  WSGIProcessGroup domain-production
  WSGIScriptAlias / /home/code/domain/src/domain-project/apache/production.wsgi

  SetEnv PYTHON_EGG_CACHE /home/apache/.python_eggs

    Alias /admin/media /home/code/domain/lib/python2.6/site-packages/django/contrib/admin/media
    Alias /site_media /home/code/domain/src/domain-project/static
    Alias /static /home/code/domain/src/domain-project/static
    Alias /robots.txt /home/code/domain/src/domain-project/static/robots.txt
    Alias /favicon.ico /home/code/domain/src/domain-project/static/favicon.ico

  <Location /admin/media>
    SetHandler None
    Order allow,deny
    Allow from all
  </Location>

  <Location /site_media>
    SetHandler None
    Order allow,deny
    Allow from all
  </Location>

  <LocationMatch "\.(jpg|gif|png|mp4)$">
    SetHandler None
  </LocationMatch>

  <LocationMatch "^/(robots\.txt|favicon\.ico|crossdomain\.xml)$">
    SetHandler none
  </LocationMatch>

  ErrorLog /var/log/apache2/domain/production_error.log
  LogLevel info
  CustomLog /var/log/apache2/domain/production_access.log combined

</VirtualHost>

secure_production.conf

<VirtualHost *:443>

    ServerAdmin d@domain.com
    ServerName domain.com
    ServerAlias *.domain.com

    DocumentRoot /home/code/domain/src/domain-project/domain 
    LogLevel warn
    WSGIDaemonProcess domain-production processes=5 maximum-requests=500 threads=100
    WSGIProcessGroup domain_production_secure
    WSGIScriptAlias / /home/code/domain/src/domain-project/apache/production.wsgi

    SSLEngine on
    SSLOptions +StrictRequire

    <Directory />
        SSLRequireSSL
    </Directory>

    SSLProtocol -all +TLSv1 +SSLv3
    SSLCipherSuite HIGH:MEDIUM:!aNULL:+SHA1:+MD5:+HIGH:+MEDIUM

    SSLCertificateFile /home/code/domain/src/domain-project/apache/key/domain.COM.crt
    SSLCertificateKeyFile /home/code/domain/src/domain-project/apache/key/domain.com.key
    SSLCertificateChainFile /home/code/domain/src/domain-project/apache/key/Apache_Plesk_Install.txt
    SSLVerifyClient none
    SSLProxyEngine off

    <IfModule mime.c>
        AddType application/x-x509-ca-cert      .crt
        AddType application/x-pkcs7-crl         .crl
    </IfModule>


    SetEnv PYTHON_EGG_CACHE /home/apache/.python_eggs


    Alias /admin/media /home/code/domain/lib/python2.6/site-packages/django/contrib/admin/media
    Alias /site_media /home/code/domain/src/domain-project/static
    Alias /static /home/code/domain/src/domain-project/static
    Alias /robots.txt /home/code/domain/src/domain-project/static/robots.txt
    Alias /favicon.ico /home/code/domain/src/domain-project/static/favicon.ico


    <Location /admin/media>
      SetHandler None
      Order allow,deny
      Allow from all
    </Location>

    <Location /site_media>
      SetHandler None
      Order allow,deny
      Allow from all
    </Location>

    <LocationMatch "\.(jpg|gif|png|mp4)$">
      SetHandler None
    </LocationMatch>

    <LocationMatch "^/(robots\.txt|favicon\.ico|crossdomain\.xml)$">
      SetHandler none
    </LocationMatch>

    ErrorLog /var/log/apache2/domain/production_secure_error.log
    LogLevel info
    CustomLog /var/log/apache2/domain/production_secure_access.log combined

</VirtualHost>

settings.py

# Django settings for domain project.
import os

DEBUG = False
TEMPLATE_DEBUG = DEBUG 

# create a relative path to anything on the project from the PROJECT PATH
SETTINGS_PATH = os.path.dirname(os.path.abspath(__file__))
PROJECT_PATH = os.path.join(*os.path.split(SETTINGS_PATH)[:-1])
rel = lambda * args: os.path.join(PROJECT_PATH, *args)

# Absolute path to the directory static files should be collected to.
# Don't put anything in this directory yourself; store your static files
# in apps' "static/" subdirectories and in STATICFILES_DIRS.
# Example: "/home/media/media.lawrence.com/static/"
STATIC_ROOT = rel('..', 'static')

# URL prefix for static files.
# Example: "http://media.lawrence.com/static/"
STATIC_URL = '/static/'

# Additional locations of static files
STATICFILES_DIRS = (
    # Put strings here, like "/home/html/static" or "C:/www/django/static".
    # Always use forward slashes, even on Windows.
    # Don't forget to use absolute paths, not relative paths.
)

# List of finder classes that know how to find static files in
# various locations.
STATICFILES_FINDERS = (
    'django.contrib.staticfiles.finders.FileSystemFinder',
    'django.contrib.staticfiles.finders.AppDirectoriesFinder',
#    'django.contrib.staticfiles.finders.DefaultStorageFinder',
)

# List of callables that know how to import templates from various sources.
TEMPLATE_LOADERS = (
    'django.template.loaders.filesystem.Loader',
    'django.template.loaders.app_directories.Loader',
#     'django.template.loaders.eggs.Loader',
)

TEMPLATE_CONTEXT_PROCESSORS = (
    'django.contrib.auth.context_processors.auth',
    'django.core.context_processors.debug',
    'django.core.context_processors.i18n',
    'django.core.context_processors.request',
    'django.core.context_processors.static',
)


MIDDLEWARE_CLASSES = (
    'django.middleware.common.CommonMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
)

ROOT_URLCONF = 'domain.urls'

TEMPLATE_DIRS = (
    # Put strings here, like "/home/html/django_templates" or "C:/www/django/templates".
    # Always use forward slashes, even on Windows.
    # Don't forget to use absolute paths, not relative paths.
    rel('..', 'templates'),
)

DJANGO_APPS= [
    'django.contrib.auth',
    'django.contrib.contenttypes',
    'django.contrib.sessions',
    'django.contrib.sites',
    'django.contrib.messages',
    'django.contrib.staticfiles',
    'django.contrib.admin',
]

THIRDPARTY_APPS = [
    'djcelery',
    'djkombu',
    #'sentry',
    #'sentry.client',
    #'south',
]

domain_APPS= []

INSTALLED_APPS = DJANGO_APPS + THIRDPARTY_APPS + domain_APPS

【问题讨论】:

你得到的是 django 404 还是 apacho 404?如果你得到一个 apache 404,那么你的安全生产配置可能是罪魁祸首。如果你得到一个 django 404,那么匹配似乎是错误的。 【参考方案1】:

你的 443 虚拟主机不能被使用,因为如果它是 mod_wsgi 会因为几个原因而抱怨。第一个原因是 WSGIDaemonProcess 多次使用“域生产”,mod_wsgi 不允许,因为名称在整个 Apache 实例中必须是唯一的。其次,443 中的 WSGIProcessGroup 引用了没有 WSGIDaemonProcess 组指令的“domain_production_secure”。

您需要验证实际正在读取哪些文件。您可以通过在文件中引入语法错误来做到这一点,并查看 Apache 在您启动或进行配置测试时是否会抱怨。

如果您正在修改您发布的内容,请尽量不要这样做,因为您所做的任何改变了含义的更改都会使调试变得更加困难。

顺便说一句,您的配置继承了某些 mod_wsgi 不需要而仅 mod_python 需要的东西。你应该回去修改 mod_wsgi 文档并清理这些东西。特别是 Python 鸡蛋缓存的 SetEnv 不适用于 mod_wsgi,而 mod_wsgi 不需要 SetHandler None。在 Apache 访问控制指令周围使用位置指令也是不好的做法。改为使用 Directory 指令将它们应用于物理目录。

【讨论】:

【参考方案2】:

您还需要为所有静态媒体和管理文件设置别名。

目前您似乎在端口 80 和 443 上为 django 服务,但站点媒体仅在端口 80 上。只需将别名规则和位置部分复制到 secure_production.conf

【讨论】:

所以我遇到了和乔丹一样的问题,它让我绊倒了两到三个小时。我一直在尝试mysite.com 并没有看到静态文件。最后,当我删除自动重定向到 https 然后检查 http..所有静态文件都使用 http 时。所以感谢您的解决方案.. 我只需要将 Alias /static /path/to/my/static 也添加到 Ubuntu 上的 default-ssl 站点,它就开始工作了!

以上是关于如何通过 HTTPS 提供 Django 静态文件?的主要内容,如果未能解决你的问题,请参考以下文章

如何在组合 django-react 应用程序中提供静态文件(如图像)

通过 django 提供静态文件时找不到页面

django:通过nginx提供静态文件

如何让 Django 使用 Gunicorn 提供静态文件?

Django:如何在生产中的apache服务器上部署静态文件

docker、nginx、django 以及如何提供静态文件