1

I wanted to use the free SSL (DNS) service provided by Cloudflare in my Django Application running on Apache + mod_wsgi stack. I can find setup examples for Nginx + uWSGI stack, but not for Apache + mod_wsgi stack so far. I was following this answer here https://stackoverflow.com/a/27650503/2051292 . But I couldn't convert the workaround from Nginx configuration to Apache/mod_wsgi. I'm facing few problems,

  • Even I use https to visit the web pages clicking on any of the internal links or submitting login/registration forms goes only to http pages. (I actually want all the links to goto the https pages)

  • On the web page forms (login, registration) I'm getting CSRF Failed 403 Access Forbidden error. And I login at https page, but after verification the redirects to a http page with CSRF error.

  • Sometimes tweaking the configuration leads to redirect loop.

Would like to know the working configuration for using cloudflare free SSL with Apache + mod_wsgi stack and the Django settings also for the setup

EDIT: In case if you don't know, this is how Cloudflare's free SSL works. how Cloudflare's free SSL works

I don't have an SSL certificate with me, I'm trying to use the free SSL by using the Flexible SSL. i.e. The connection from user to Cloudflare DNS will be https and the connection between Cloudflare and my server will be http.

Note: Currently I'm NOT using any middleware like django-sslify . But using it will help any other way. I'm okay with that also.

Community
  • 1
  • 1
Gowtham Sadasivam
  • 131
  • 2
  • 11
  • Have you tried using PageRules to force https:// via CloudFlare? There is a Always use https:// option available in PageRules. Information about PageRules: https://support.cloudflare.com/hc/en-us/articles/200168306-Is-there-a-tutorial-for-Page-Rules- – damoncloudflare Jul 28 '15 at 18:45
  • Yes, using PageRules to force "https" results me in infinite redirection loops or if remove forcing from Django it results in "CSRF token failed" as I specified above. In NginX I need to pass these three HTTP Headers to avoid these errors. `proxy_set_header X-Scheme $scheme; proxy_set_header X-Forwarded-Protocol $scheme; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host;` but I'm not able to do that since I'm not sure how to do that in Apache. – Gowtham Sadasivam Jul 29 '15 at 10:53
  • Ok, are you doing redirects directly on your server & then also using PageRules? I could see how that would cause an issue. – damoncloudflare Jul 31 '15 at 18:23

1 Answers1

0

While I don't know the specifics of using Cloudflare, it should be the same Apache configuration once you have the appropriate certificates nave figured out the proxy settings mentioned in the other answer. Here's an example Apache configuration I have used for hosting Django with mod_wsgi and mod_ssl under CentOS. Under this configuration, we don't even listen to port 80. This assumes your web site is hosted at https://example.com/mysite, and that it is deployed to /var/www/html/mysite under the user mysiteuser with a virtualenv called mysitevenv:

LoadModule wsgi_module modules/mod_wsgi.so
LoadModule ssl_module modules/mod_ssl.so

WSGISocketPrefix /var/run/wsgi

NameVirtualHost *:443
Listen 443
<VirtualHost *:443>

  ServerName example.com
  ErrorLog /home/mysiteuser/apache_errors.log

  WSGIDaemonProcess mysite-https python-home=/home/mysiteuser/.virtualenvs/mysitevenv
  WSGIScriptAlias /mysite /var/www/html/mysite/mysite/wsgi.py process-group=mysite-https application-group=mysite-https
  WSGIProcessGroup so-https
  Alias /mysite/static/ /var/www/html/mysite/static/

  SSLENGINE on 

  SSLCertificateFile /etc/pki/tls/certs/localhost.crt
  SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
  SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
  SSLProtocol all -SSLv2
</VirtualHost>
FlipperPA
  • 13,607
  • 4
  • 39
  • 71
  • 1
    Your answer will work only if I have the SSL certificate with me. I'm try to utilize the free DNS level SSL feature provided by CloudFlare. Please check the question, Just added how CloudFlare DNS works. – Gowtham Sadasivam Jul 27 '15 at 15:35