[Answered ]-Django Apache SSL [code 400, message bad request]

by

1πŸ‘

Bad request syntax (β€˜\x16\x03\x00\x00?

This is HTTPS traffic where HTTP traffic is expected. I assume this is caused by the following line in your apache.conf:

redirect permanent / https://5.5.0.38:8080

This instructs the browser to access the given URL (probably your Django server) instead. It does not forward the request to the Django server (what you’ve probably intended) but instead instructs the browser to make a new request and fetch the resource directly from the Django server, that is without apache in front. I think you need to use instead something like ProxyPass or ProxyPassReverse if you want to use apache in front of another server.

It would be very unusual if port 8080 is actually used for https, usually this is used for http only. Therefore I assume that your Django server itself is only speaking plain http.

os.environ[β€˜HTTPS’] = β€œon”

This does not make a HTTPS server out of Django, but it only instructs Django to create all links as https links. This supports my assumption that your Django server itself does only plain http.

πŸ‘€Steffen Ullrich

1πŸ‘

I think the right answer is as following:

  • first enable the proxy_http module for apache to remap the url from https to http

    $ a2enmod proxy_http

  • second remove the redirection of https requests to django

  • add ProxyPass and ProxyPassReverse to pass the https requests from apache server to Django on http protocol

    the following is what i did for apache.conf 

        <VirtualHost *:80>
            ServerName mywebsite.com
            WSGIScriptAlias / /var/www/manage/manage/wsgi.py
    </VirtualHost>
    <VirtualHost _default_:443>
            ServerName mywebsite.com
            WSGIScriptAlias / /var/www/manage/manage/wsgi.py
            SSLEngine on
            SSLCertificateFile      /etc/apache2/ssl/apache.crt
            SSLCertificateKeyFile /etc/apache2/ssl/apache-wp.key
            ProxyPass / http://myip:8080/
            ProxyPassReverse / http://myip:8080/
            #redirect permanent / https://myip:8080
    </VirtualHost>

also make sure that all http rewrite to https edit the /etc/apache2/sites-enabled/000-default.conf apache file as shown below

<VirtualHost *:80>
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html
        RewriteEngine On
        RewriteCond %{HTTPS} !on
        RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
πŸ‘€0x3bfc

Leave a comment