Home/ Questions/Q 8884561
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-14T21:05:23+00:00

My django app (let me call it partlysecureapp )has an index page which is

  • 0

My django app (let me call it partlysecureapp)has an index page which is visible to all.All the other pages (reachable from links on index page) need the user to log in. I want to use the app with SSL in apache2.

I already have an app(say mysecureapp) deployed on apache with SSL, which has all pages needing login by the user. I have set the configurations for this as follows.

My apache2 is at /etc/apache2 which has the following directory structure.

/etc/apache2/
            |--conf.d---*charset,security,localized-error-pages* 
            |---mods-available---...
            |---mods-enabled---...
            |---sites-available---default,default-ssl,ssl
            |---sites-enabled---shortcut to ssl
            |---apach2.conf
            |---httpd.conf
            |---ports.conf
            |---magic
            |---envvars

For the secureapp, I have set this in file sites-available/ssl

<VirtualHost *:443>
    ServerAdmin webmaster@localhost

    DocumentRoot /home/dev/python/django/mysecureapp

        SSLEngine on
        SSLOptions +StrictRequire
        SSLCertificateFile /etc/ssl/certs/server.crt
        SSLCertificateKeyFile /etc/ssl/private/server.key
    ...
    WSGIScriptAlias /mysecureapp /home/dev/python/django/mysecureapp/mysecureapp.wsgi
    Alias /site_media/ /home/dev/python/django/mysecureapp/media/

</VirtualHost>

This works perfectly..

To deploy my partlysecureapp,

http://127.0.0.1:8080/partlysecureapp/ need to show index page which is accessible to all.
but 

../partlysecureapp/link1/
../partlysecureapp/link2/
../partlysecureapp/link3/

require login and should be served through ssl .

I think, I need to add another WSGIScriptAlias for my partlysecureapp. Do I need to add another DocumentRoot for the partlysecureapp? How to tell apache to serve the index page from port 8080 and others through ssl port?

As of now the /etc/apache2/httpd.conf is blank. Only the sites-available/ssl file has a VirtualHost element.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    First of all, let’s separate the concerns here: one thing is to require login, other is to require SSL. The former is specific to Django, and should be handled in your views; and for the latter, IMHO you should consider the possibiilty of serving everything through SSL, that would simplify your setup a lot. Sure, there’s some overhead, and it’s up to you to decide whether it matters or not for your particular case.

    That said, for your proposed scenario:

    1. To serve anything from plain HTTP, you need to listen to the port 80 (or, in your case, 8080). So you need a separate VirtualHost bound to that port, with a separate WSGI application for itself.

    2. To allow a single path (your index file) from this virtual host, but require everything else to be served by the SSL protected one, you can use mod_rewrite:

      RewriteEngine On
RewriteRule ^/partlysecureapp$ - [L,NC]
RewriteRule (.*) https://127.0.0.1/partlysecureapp%{REQUEST_URI} [L,R=301]

      The first rule tells Apache not to perform any redirect if the path is exactly like your root path; the second redirects everything else to https (which will be handled by your *:443 virtual host).

      (Note: you might want to serve /site_media without SSL as well)

    3. Then you can simply add your WSGI alias; even if Django sends the user to a different page, Apache will ensure that page is served through SSL.

    You final code would be something like:

    <VirtualHost *:8080>
    ServerAdmin webmaster@localhost

    DocumentRoot /home/dev/python/django/partlysecureapp

    RewriteEngine On
    RewriteRule ^/partlysecureapp$ - [L,NC]
    RewriteRule ^/site_media - [L,NC]
    RewriteRule (.*) https://127.0.0.1/partlysecureapp%{REQUEST_URI} [L,R=301]

    ...
    WSGIScriptAlias /partlysecureapp /home/dev/python/django/partlysecureapp/partlysecureapp.wsgi
    Alias /site_media/ /home/dev/python/django/partlysecureapp/media/
</VirtualHost>

    And your code for the SSL protected virtual host would be identical to the mysecureapp one (using partlysecureapp instead, of course; note also that you can have both apps running side-by-side, just pay attention to your MEDIA and STATIC paths).

    • 0