Configure SSL Certificate on Apache for Django Application (mod_wsgi)

Question

I've purchased a SSL certificate from namecheap.com and placed the required files on my Ubuntu server (key & crt's). I'm using mod_wsgi to serve my Django application with Apache. I'm having issues installing the SSL certificate.

Current Configuration (/etc/apache2/sites-available/000-default.conf)

<VirtualHost *:80>
        ServerAdmin admin@example.com
        #DocumentRoot /var/www/html

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        #Django Application
        Alias /static /home/Django/professor/static_root
        <Directory /home/Django/professor/static_root>
                Require all granted
        </Directory>
        <Directory /home/Django/professor/professor>
                <Files wsgi.py>
                        Require all granted
                </Files>
        </Directory>

        WSGIDaemonProcess professor python-path=/home/Django/professor:/home/Django/professor-vm/lib/python2.7/site-packages
        WSGIProcessGroup professor
        WSGIScriptAlias / /home/Django/professor/professor/wsgi.py

        #ServerName example.com
        #SSLEngine on
        #SSLCertificateFile /etc/apache2/ssl/server.crt
        #SSLCertificateKeyFile /etc/apache2/ssl/server.key
        #SSLCACertificateFile /etc/apache2/ssl/intermediate.crt

</VirtualHost>

I've commented out the lines for the SSL certificate. Currently, my application is running fine but when I uncomment the lines to enable to SSL certificate my site serves the files from /var/www and not the application. Any ideas?

lehins · Answer 1 · 2017-04-12T12:07:31.813

31

Your problem is that your apache is only configured for port 80, hence it doesn't serve pages over https (port 443).

For this example I assume you want to serve your website only over https, so here is how your config should approximately look like.

Here is your: 000-default.conf

<VirtualHost *:80>
    ServerName example.com
    ServerAdmin admin@example.com

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    # This is optional, in case you want to redirect people 
    # from http to https automatically.
    RewriteEngine On
    RewriteCond %{SERVER_PORT} !^443$
    RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]

</VirtualHost>

Now here is default-ssl.conf:

<VirtualHost *:443>
    ServerName example.com
    ServerAdmin admin@example.com

    # Django Application
    Alias /static /home/Django/professor/static_root
    <Directory /home/Django/professor/static_root>
        Require all granted
    </Directory>

    <Directory /home/Django/professor/professor>
        <Files wsgi.py>
            Require all granted
        </Files>
    </Directory>

    WSGIDaemonProcess professor python-path=/home/Django/professor:/home/Django/professor-vm/lib/python2.7/site-packages
    WSGIProcessGroup professor
    WSGIScriptAlias / /home/Django/professor/professor/wsgi.py


    SSLEngine on
    SSLCertificateFile /etc/apache2/ssl/server.crt
    SSLCertificateKeyFile /etc/apache2/ssl/server.key
    SSLCACertificateFile /etc/apache2/ssl/intermediate.crt

</VirtualHost>

After configuration is done, we need to turn on the ssl site and (optionally) rewrite mod:

> sudo a2ensite default-ssl
> sudo a2enmod rewrite
> sudo service apache2 reload

edited Apr 12 '17 at 12:07

answered Sep 28 '15 at 04:14

lehins

9,642
2
35
49

I've completed the changes outlined above but for some reason there is an infinite redirect loop. Any ideas? I belive it has to do with our rewrite configuration. – Kosuke Miyagi Sep 28 '15 at 19:40
Fixed, it was due to CloudFlare SSL tricking the Apache configuration. Thanks for all the help :) – Kosuke Miyagi Sep 28 '15 at 19:55
3

@KosukeMiyagi, awesome, glad to help. Don't forget to accept the answer. :) – lehins Sep 28 '15 at 19:57
I followed the above steps I am not sure I am getting forbidden... please let me know. – user1941390 Nov 17 '16 at 18:12
@user1941390 try sudo – Neil Jul 15 '18 at 15:16
This is old, but for completeness... the infinite loop mentioned in the first comment might be because the formatting of any query string at the end of the URL is being messed up. Be sure to add the flag `[QSA]` at the end of the `RewriteRule` line e.g. `RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [QSA,R=301,L]` which will properly append it QSA means Query String Append https://httpd.apache.org/docs/current/rewrite/flags.html – J-a-n-u-s Jun 07 '19 at 13:54
I'm getting too many redirects error even with this line RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [QSA,R=301,L] any idea? – Hassan Shahbaz Apr 21 '22 at 12:54

score 1 · Answer 2 · answered Sep 17 '17 at 02:20

1

to complete Alexey's answer, when i faced the problem i had to disable the 000-default.conf site and use only ssl configuration

answered Sep 17 '17 at 02:20

leila

461
1
7
21

Configure SSL Certificate on Apache for Django Application (mod_wsgi)

2 Answers2

Linked