具有 SSL 配置的 Apache 不适用于 Django 应用程序的 WSGI 配置

Question

这是对github上以下问题的跟进：

https://github.com/certbot/certbot/issues/1820

和

https://github.com/certbot/certbot/issues/2546

Letsencrypt 无法处理 apache 的 WSGI 配置

我正在使用以下配置运行 apache2

<VirtualHost *:80>
        # The ServerName directive sets the request scheme, hostname and port that
        # the server uses to identify itself. This is used when creating
        # redirection URLs. In the context of virtual hosts, the ServerName
        # specifies what hostname must appear in the request's Host: header to
        # match this virtual host. For the default virtual host (this file) this
        # value is not decisive as it is used as a last resort host regardless.
        # However, you must set it for any further virtual host explicitly.
        #ServerName www.example.com

        ServerAdmin webmaster@localhost
        # DocumentRoot /var/www/html
        ServerName mywebsitedomain.com
        ServerAlias www.mywebsitedomain.com
        DocumentRoot /var/www/html/mywebsitedomain-com

        Alias /static/ /home/ubuntu/Sites/mywebsitedomain-com/myproductionfolder/static/
        <Directory /home/ubuntu/Sites/mywebsitedomain-com/myproductionfolder/static>
                Require all granted
         </Directory>

        # adjust the following line to match your Python path 
        <Directory "/home/ubuntu/Sites/mywebsitedomain-com/myproductionfolder">
        <Files wsgi.py>
                AllowOverride all
                Options FollowSymLinks
                Require all granted
        </Files>
        </Directory>

        WSGIDaemonProcess mywebsitedomain.com processes=2 threads=15 display-name=%{GROUP} user=www-data group=www-data python-path=/home/ubuntu/Sites/mywebsitedomain-com:/home/ubuntu/Sites/mywebsitedomain-com/venv/lib/python3.5/site-packages
        WSGIProcessGroup mywebsitedomain.com
        WSGIScriptAlias / /home/ubuntu/Sites/mywebsitedomain-com/myproductionfolder/wsgi.py process-group=mywebsitedomain.com application-group=%{GLOBAL}


        Alias /phpmyadmin /var/www/html/phpmyadmin
        <Location /phpmyadmin>
        </Location>

        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
        # error, crit, alert, emerg.
        # It is also possible to configure the loglevel for particular
        # modules, e.g.
        #LogLevel info ssl:warn

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        # For most configuration files from conf-available/, which are
        # enabled or disabled at a global level, it is possible to
        # include a line for only one particular virtual host. For example the
        # following line enables the CGI configuration for this host only
        # after it has been globally disabled with "a2disconf".
        #Include conf-available/serve-cgi-bin.conf

</VirtualHost>

当我按照此处列出的步骤进行操作时

https://certbot.eff.org/lets-encrypt/ubuntuxenial-apache

如下：

$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install python-certbot-apache 
$ sudo certbot --apache

它失败并出现以下错误

Error while running apache2ctl configtest.
Action 'configtest' failed.
The Apache error log may have more information.

AH00526: Syntax error on line 31 of /etc/apache2/sites-enabled/mywebsitedomain.app.conf:
Name duplicates previous WSGI daemon definition.

Rolling back to previous server configuration...
Error while running apache2ctl configtest.
Action 'configtest' failed.

因此，如以下链接所述：

https://github.com/certbot/certbot/issues/1820

我将WSGI行注释如下

# WSGIDaemonProcess mywebsitedomain.com processes=2 threads=15 display-name=%{GROUP} user=www-data group=www-data python-path=/home/ubuntu/Sites/mywebsitedomain-com:/home/ubuntu/Sites/mywebsitedomain-com/venv/lib/python3.5/site-packages
# WSGIProcessGroup mywebsitedomain.com
# WSGIScriptAlias / /home/ubuntu/Sites/mywebsitedomain-com/myproductionfolder/wsgi.py process-group=mywebsitedomain.com application-group=%{GLOBAL}

然后再次运行 certbot，如下所示：

$ sudo certbot --apache

这一次，certbot 完成以下消息：

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/mywebsitedomain.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/mywebsitedomain.com/privkey.pem

但是，当我从生成的

中取消注释以下 3 行时

/etc/apache2/sites-available/mywebsitedomain.com-le-ssl.conf 文件

如下：

WSGIDaemonProcess mywebsitedomain.com processes=2 threads=15 display-name=%{GROUP} user=www-data group=www-data python-path=/home/ubuntu/Sites/mywebsitedomain-com:/home/ubuntu/Sites/mywebsitedomain-com/venv/lib/python3.5/site-packages
WSGIProcessGroup mywebsitedomain.com
WSGIScriptAlias / /home/ubuntu/Sites/mywebsitedomain-com/myproductionfolder/wsgi.py process-group=mywebsitedomain.com application-group=%{GLOBAL}

然后运行

$ sudo service apache2 启动

Apache 似乎已启动，但网站 https://mywebsitedomain.com 未加载

http://mywebsitedomain.com也没有

请帮助调试此问题，以便我可以让 https 加载 apache 上 django 应用程序的 wsgi 配置。

Answer 1

我刚刚删除了 WSGIProcessGroup mywebsitedomain.com 而不是其余的。这可能会有所帮助，但我没有记录该过程并且不期待设置新服务器。所以如果你明白了

Answer 2

我按照此链接https://www.spmuck.com/https-apache-and-lets-encrypt/ 上的说明进行操作，并且成功了

以下是相关部分：

基本上，当 Certbot 复制您的虚拟主机文件时，现在将有两个具有相同进程名称的 WSGIDaemonProcess。您可以通过在该行的开头添加 # 来注释掉 WSGIDaemonProcess 行来轻松解决此问题。再次运行“certbot --apache”，删除两个虚拟主机文件中的注释，并重命名其中一个进程。即example.com-le。

Answer 3

文档根为/var/www/html，表示使用的是新的apache版本。在这种情况下，您可以尝试授予对文档根目录的访问权限。

<Directory /var/www/html>
    Options Indexes FollowSymLinks
    AllowOverride All
    Require all granted
</Directory>