如何通过 HTTPS 提供 Django 静态文件?
Posted
技术标签:
【中文标题】如何通过 HTTPS 提供 Django 静态文件?【英文标题】:How to serve Django static files through HTTPS? 【发布时间】:2011-10-20 12:22:00 【问题描述】:访问通过 HTTPS 提供的静态文件时出现 404 错误,但静态文件通过 HTTP 可以正常工作。
明确地说,我可以通过两种方式访问特定页面,例如http://domain.com/page
和 https://domain.com/page
但在 HTTPS 情况下,图像将无法加载。
此外,直接访问图像 http://domain.com/static/image.png
有效,但 https://domain.com/static/image.png
返回 404。
我在 apache2 上使用 mod_wsgi 运行 Ubuntu 10.04 和 Django 1.3。
这里是相关文件(wsgi 和 prod.conf 和 secure_prod.conf 和 settings.py):
django.wsgi
import os
import sys
import site
sys.stdout = sys.stderr # Allows use of print statements
PROJECT_ROOT = '/home/code/domain/src/domain-project/'
site_packages = '/home/code/domain/lib/python2.6/site-packages'
site.addsitedir(os.path.abspath(site_packages))
sys.path.insert(0, PROJECT_ROOT)
sys.path.insert(1, os.path.join(PROJECT_ROOT, "domain"))
sys.path.insert(2, site_packages)
os.environ['DJANGO_SETTINGS_MODULE'] = 'domain.settings'
os.environ['PYTHON_EGG_CACHE'] = '/home/administrator/.python-eggs'
os.environ["CELERY_LOADER"] = "django"
import django.core.handlers.wsgi
application = django.core.handlers.wsgi.WSGIHandler()
# Load a monitor to automatically reload apache when files change
import domain.monitor
domain.monitor.start(interval=1.0)
production.conf
<VirtualHost *:80>
# Admin email, Server Name (domain name) and any aliases
ServerAdmin d@domain.com
ServerName domain.com
ServerAlias *.domain.com
DocumentRoot /home/code/domain/src/domain-project/domain
LogLevel warn
WSGIDaemonProcess domain-production processes=5 maximum-requests=500 threads=100
WSGIProcessGroup domain-production
WSGIScriptAlias / /home/code/domain/src/domain-project/apache/production.wsgi
SetEnv PYTHON_EGG_CACHE /home/apache/.python_eggs
Alias /admin/media /home/code/domain/lib/python2.6/site-packages/django/contrib/admin/media
Alias /site_media /home/code/domain/src/domain-project/static
Alias /static /home/code/domain/src/domain-project/static
Alias /robots.txt /home/code/domain/src/domain-project/static/robots.txt
Alias /favicon.ico /home/code/domain/src/domain-project/static/favicon.ico
<Location /admin/media>
SetHandler None
Order allow,deny
Allow from all
</Location>
<Location /site_media>
SetHandler None
Order allow,deny
Allow from all
</Location>
<LocationMatch "\.(jpg|gif|png|mp4)$">
SetHandler None
</LocationMatch>
<LocationMatch "^/(robots\.txt|favicon\.ico|crossdomain\.xml)$">
SetHandler none
</LocationMatch>
ErrorLog /var/log/apache2/domain/production_error.log
LogLevel info
CustomLog /var/log/apache2/domain/production_access.log combined
</VirtualHost>
secure_production.conf
<VirtualHost *:443>
ServerAdmin d@domain.com
ServerName domain.com
ServerAlias *.domain.com
DocumentRoot /home/code/domain/src/domain-project/domain
LogLevel warn
WSGIDaemonProcess domain-production processes=5 maximum-requests=500 threads=100
WSGIProcessGroup domain_production_secure
WSGIScriptAlias / /home/code/domain/src/domain-project/apache/production.wsgi
SSLEngine on
SSLOptions +StrictRequire
<Directory />
SSLRequireSSL
</Directory>
SSLProtocol -all +TLSv1 +SSLv3
SSLCipherSuite HIGH:MEDIUM:!aNULL:+SHA1:+MD5:+HIGH:+MEDIUM
SSLCertificateFile /home/code/domain/src/domain-project/apache/key/domain.COM.crt
SSLCertificateKeyFile /home/code/domain/src/domain-project/apache/key/domain.com.key
SSLCertificateChainFile /home/code/domain/src/domain-project/apache/key/Apache_Plesk_Install.txt
SSLVerifyClient none
SSLProxyEngine off
<IfModule mime.c>
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
</IfModule>
SetEnv PYTHON_EGG_CACHE /home/apache/.python_eggs
Alias /admin/media /home/code/domain/lib/python2.6/site-packages/django/contrib/admin/media
Alias /site_media /home/code/domain/src/domain-project/static
Alias /static /home/code/domain/src/domain-project/static
Alias /robots.txt /home/code/domain/src/domain-project/static/robots.txt
Alias /favicon.ico /home/code/domain/src/domain-project/static/favicon.ico
<Location /admin/media>
SetHandler None
Order allow,deny
Allow from all
</Location>
<Location /site_media>
SetHandler None
Order allow,deny
Allow from all
</Location>
<LocationMatch "\.(jpg|gif|png|mp4)$">
SetHandler None
</LocationMatch>
<LocationMatch "^/(robots\.txt|favicon\.ico|crossdomain\.xml)$">
SetHandler none
</LocationMatch>
ErrorLog /var/log/apache2/domain/production_secure_error.log
LogLevel info
CustomLog /var/log/apache2/domain/production_secure_access.log combined
</VirtualHost>
settings.py
# Django settings for domain project.
import os
DEBUG = False
TEMPLATE_DEBUG = DEBUG
# create a relative path to anything on the project from the PROJECT PATH
SETTINGS_PATH = os.path.dirname(os.path.abspath(__file__))
PROJECT_PATH = os.path.join(*os.path.split(SETTINGS_PATH)[:-1])
rel = lambda * args: os.path.join(PROJECT_PATH, *args)
# Absolute path to the directory static files should be collected to.
# Don't put anything in this directory yourself; store your static files
# in apps' "static/" subdirectories and in STATICFILES_DIRS.
# Example: "/home/media/media.lawrence.com/static/"
STATIC_ROOT = rel('..', 'static')
# URL prefix for static files.
# Example: "http://media.lawrence.com/static/"
STATIC_URL = '/static/'
# Additional locations of static files
STATICFILES_DIRS = (
# Put strings here, like "/home/html/static" or "C:/www/django/static".
# Always use forward slashes, even on Windows.
# Don't forget to use absolute paths, not relative paths.
)
# List of finder classes that know how to find static files in
# various locations.
STATICFILES_FINDERS = (
'django.contrib.staticfiles.finders.FileSystemFinder',
'django.contrib.staticfiles.finders.AppDirectoriesFinder',
# 'django.contrib.staticfiles.finders.DefaultStorageFinder',
)
# List of callables that know how to import templates from various sources.
TEMPLATE_LOADERS = (
'django.template.loaders.filesystem.Loader',
'django.template.loaders.app_directories.Loader',
# 'django.template.loaders.eggs.Loader',
)
TEMPLATE_CONTEXT_PROCESSORS = (
'django.contrib.auth.context_processors.auth',
'django.core.context_processors.debug',
'django.core.context_processors.i18n',
'django.core.context_processors.request',
'django.core.context_processors.static',
)
MIDDLEWARE_CLASSES = (
'django.middleware.common.CommonMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
)
ROOT_URLCONF = 'domain.urls'
TEMPLATE_DIRS = (
# Put strings here, like "/home/html/django_templates" or "C:/www/django/templates".
# Always use forward slashes, even on Windows.
# Don't forget to use absolute paths, not relative paths.
rel('..', 'templates'),
)
DJANGO_APPS= [
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.sites',
'django.contrib.messages',
'django.contrib.staticfiles',
'django.contrib.admin',
]
THIRDPARTY_APPS = [
'djcelery',
'djkombu',
#'sentry',
#'sentry.client',
#'south',
]
domain_APPS= []
INSTALLED_APPS = DJANGO_APPS + THIRDPARTY_APPS + domain_APPS
【问题讨论】:
你得到的是 django 404 还是 apacho 404?如果你得到一个 apache 404,那么你的安全生产配置可能是罪魁祸首。如果你得到一个 django 404,那么匹配似乎是错误的。 【参考方案1】:你的 443 虚拟主机不能被使用,因为如果它是 mod_wsgi 会因为几个原因而抱怨。第一个原因是 WSGIDaemonProcess 多次使用“域生产”,mod_wsgi 不允许,因为名称在整个 Apache 实例中必须是唯一的。其次,443 中的 WSGIProcessGroup 引用了没有 WSGIDaemonProcess 组指令的“domain_production_secure”。
您需要验证实际正在读取哪些文件。您可以通过在文件中引入语法错误来做到这一点,并查看 Apache 在您启动或进行配置测试时是否会抱怨。
如果您正在修改您发布的内容,请尽量不要这样做,因为您所做的任何改变了含义的更改都会使调试变得更加困难。
顺便说一句,您的配置继承了某些 mod_wsgi 不需要而仅 mod_python 需要的东西。你应该回去修改 mod_wsgi 文档并清理这些东西。特别是 Python 鸡蛋缓存的 SetEnv 不适用于 mod_wsgi,而 mod_wsgi 不需要 SetHandler None。在 Apache 访问控制指令周围使用位置指令也是不好的做法。改为使用 Directory 指令将它们应用于物理目录。
【讨论】:
【参考方案2】:您还需要为所有静态媒体和管理文件设置别名。
目前您似乎在端口 80 和 443 上为 django 服务,但站点媒体仅在端口 80 上。只需将别名规则和位置部分复制到 secure_production.conf
【讨论】:
所以我遇到了和乔丹一样的问题,它让我绊倒了两到三个小时。我一直在尝试mysite.com 并没有看到静态文件。最后,当我删除自动重定向到 https 然后检查 http..所有静态文件都使用 http 时。所以感谢您的解决方案.. 我只需要将 Alias /static /path/to/my/static 也添加到 Ubuntu 上的 default-ssl 站点,它就开始工作了!以上是关于如何通过 HTTPS 提供 Django 静态文件?的主要内容,如果未能解决你的问题,请参考以下文章
如何在组合 django-react 应用程序中提供静态文件(如图像)
如何让 Django 使用 Gunicorn 提供静态文件?