在CentOS 7的Apache服务器上部署Django应用

我将按照本文在CentOS 7的Apache上部署一个Django应用程序。

与那篇文章相比，我有一些不同之处:

1 -我为https使用了443端口(我的机器已经为my_app_dns打开了443端口)

2 -我的虚拟主机配置文件/etc/httpd/conf.d/django.conf如下所示:

<VirtualHost *:80>
ServerAdmin xxx@xxx.com
ServerName my_app_dns
DocumentRoot /home/centos/path_to_my_app
Alias /static /home/centos/path_to_my_app/static
<Directory /home/centos/path_to_my_app/static>
Require all granted
</Directory>
#ErrorLog /logs/apis_error.log
#CustomLog /logs/apis_access.log combined
WSGIPassAuthorization On
WSGIDaemonProcess my_app python-path=/home/centos/path_to_my_app:/home/centos/.local/share/virtualenvs/my_app-8BiokhAz/lib/python3.9/site-packages
WSGIProcessGroup my_app
WSGIScriptAlias / /home/centos/path_to_my_app/wsgi.py
<Directory /home/centos/path_to_my_app>
<Files wsgi.py>
Require all granted
</Files>
</Directory>
</VirtualHost>

3 -我的应用程序使用Postgres数据库而不是SQlite3.

/etc/httpd/conf/httpd.conf中的DocumentRoot设置为/var/www。我还设置了带有文件etc/httpd/conf.d/ssl.conf的自签名SSL证书。以下是ssl.conf文件的部分内容:

Listen 443 https
...
<VirtualHost _default_:443>
DocumentRoot "/var/www"
ServerName my_app_dns:443
...
SSLEngine on
SSLCertificateFile /etc/ssl/certs/apache-selfsigned.crt
...
</VirtualHost>

有了上面的设置，当我转到https://my_app_dns

时，我看到了示例Apache Test页面。如果我改变<VirtualHost *:80>在文件/etc/httpd/conf.d/django.conf<VirtualHost *:443>https://my_app_dns收益率这个错误:

my_app_dns sends an invalid response
ERR_SSL_PROTOCOL_ERROR

在文件夹/etc/httpd/conf.d/，我有两个文件:ssl.conf和django.conf。它们都定义了虚拟主机。似乎只有ssl.conf生效,而不是文件中的配置django.conf)。

我按照本文进行SSL设置。

为了部署Django应用程序内容而不是Apache测试页面，我在这个设置序列中缺少什么?

:

根据@孟玲艳的评论，我将django.conf虚拟主机信息转移到ssl.conf虚拟主机，并删除django.conf。重新启动我的网页后，我在浏览器上看到这个错误:

Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator at root@localhost to inform them of the time this error occurred, and the actions you performed just before this error.
More information about this error may be available in the server error log.

所以我检查了一些日志文件寻找线索。在这个日志文件/var/log/httpd/ssl_error_log中，我看到以下错误:

[Wed Oct 13 22:37:05.642226 2021] [ssl:warn] [pid 2526] AH01906: RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Oct 13 22:37:05.697737 2021] [ssl:warn] [pid 2526] AH01906: RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Oct 13 22:37:11.890802 2021] [mime_magic:error] [pid 2531] [client xxx.x.xxx.xx:62352] AH01512: mod_mime_magic: can't read `/home/centos/path_to_my_app/my_app/wsgi.py'
[Wed Oct 13 22:37:11.891123 2021] [mime_magic:error] [pid 2531] [client xxx.x.xxx.xx:62352] AH01512: mod_mime_magic: can't read `/home/centos/path_to_my_app/my_app/wsgi.py'
[Wed Oct 13 22:37:11.899659 2021] [:error] [pid 2527] (13)Permission denied: [remote xx.x.xx.xx:116] mod_wsgi (pid=2527, process='my_app', application='my_app_dns|'): Call to fopen() failed for '/home/centos/path_to_my_app/my_app/wsgi.py'.
[Wed Oct 13 22:37:12.185359 2021] [mime_magic:error] [pid 2532] [client xx.x.xx.xx:51889] AH01512: mod_mime_magic: can't read `/home/centos/path_to_my_app/my_app/wsgi.py', referer: https://my_app_dns/

我在这里发现了一个类似问题的线程。建议的解决方案是更改my_app文件夹的所有权。所以我这样做:

sudo chown -R apache:apache ~/path_to_myapp

然后，我用

验证它

ls -l ~/path_to_my_app

显示:

drwxrwxr-x. 2 apache apache  89 Oct  8 21:33 my_app
-rwxrwxr-x. 1 apache apache 661 Oct  7 19:57 manage.py
drwxrwxr-x. 3 apache apache  19 Oct  8 21:59 static

所以,服务器apache现在拥有的文件夹。但是当我重新启动服务器时，我仍然在ssl_error_log文件中看到相同的错误信息。

另外，下面是我的/etc/httpd/conf.d/ssl.conf的全部内容

Listen 443 https
SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog
SSLSessionCache         shmcb:/run/httpd/sslcache(512000)
SSLSessionCacheTimeout  300
SSLRandomSeed startup file:/dev/urandom  256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin
<VirtualHost _default_:443>
DocumentRoot "/home/centos/path_to_my_app"        
ServerName my_app_dns

ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
SSLEngine on
SSLCertificateFile /etc/ssl/certs/apache-selfsigned.crt
SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key


<Files ~ ".(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
Alias /static /home/centos/path_to_my_app/static
<Directory /home/centos/path_to_my_app/static>
Options FollowSymLinks
Order allow,deny
Allow from all
Require all granted
</Directory>
WSGIPassAuthorization On
WSGIDaemonProcess my_app python-path=/home/centos/path_to_my_app:/home/centos/.local/share/virtualenvs/my_app-8BiokhAz/lib/python3.9/site-packages
WSGIProcessGroup my_app
WSGIScriptAlias / /home/centos/path_to_my_app/my_app/wsgi.py
<Directory /home/centos/path_to_my_app/my_app>
<Files wsgi.py>
Require all granted
</Files>
</Directory>
BrowserMatch "MSIE [2-5]" 
nokeepalive ssl-unclean-shutdown 
downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log 
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x "%r" %b"
</VirtualHost>

SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLProtocol All -SSLv2 -SSLv3
SSLHonorCipherOrder On
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains"
Header always set X-Frame-Options DENY
Header always set X-Content-Type-Options nosniff
SSLCompression off
SSLUseStapling off
SSLStaplingCache "shmcb:logs/stapling-cache(150000)"

如果有人可以建议发生了什么?