I have a TurboGears (either v2.2.1 or v2.3.1) website up and running on HTTP under Apache. The HTTP website works fine but I am trying to move it to HTTPS and am hitting a wall. I have two .conf files and tried copying the configuration block from the running HTTP configuration to the HTTPS configuration.
The Apache setup is as follows:
/etc/apache2/sites-enabled/000-default.conf -> /etc/sites-available/000-default.conf
/etc/apache2/sites-enabled/default-ssl.conf -> /etc/sites-available/default-ssl.conf
My configuration with the website working on HTTP is:
/etc/apache2/sites-available/000-default.conf:
WSGIPythonHome /usr/local/pythonenv/BASELINE
WSGIPythonPath /usr/local/pythonenv/myapp/lib/python2.7/site-packages
<VirtualHost *:80>
ServerAdmin webmaster@mydomain.com
ServerName myhost.mydomain.com
DocumentRoot /var/www
<Directory />
...
</Directory>
<Directory /var/www/>
...
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
...
</Directory>
# Start website configuration
Alias /myapp/img /usr/local/turbogears/myapp/myapp/public/img
Alias /myapp/css /usr/local/turbogears/myapp/myapp/public/css
Alias /myapp/javascript /usr/local/turbogears/myapp/myapp/public/javascript
WSGIDaemonProcess myapp threads=10 processes=3
WSGIProcessGroup myapp
WSGIScriptAlias /myapp /usr/local/turbogears/myapp/apache/myapp.wsgi
# Directory Permissions.
<Directory /usr/local/turbogears/myapp/apache>
Order deny,allow
allow from ...
deny from all
</Directory>
# End website configuration
... #more entries for Trac and Doxygen websites
</VirtualHost>
/etc/apache2/sites-available/default-ssl.conf:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster@localhost
SSLEngine On
DocumentRoot /var/www/ssl
# THIS IS WHERE I TRY CUT/PASTING THE CONFIGURATION BLOCK FROM THE HTTP WEBSITE
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>
</IfModule>
ports.conf:
Listen 80
<IfModule mod_ssl.c>
Listen 443
</IfModule>
<IfModule mod_gnutls.c>
Listen 443
</IfModule>
SSLCertificateFile /admin/webcerts/mycert.cer
SSLCertificateKeyFile /admin/webcerts/myprivate.key
In apache2.conf:
...
Include mods-enabled/*.load
Include mods-enabled/*.conf
Include ports.conf
Include sites-enabled/
Include /etc/phpmyadmin/apache.conf
LoadModule passenger_module /var/lib/gems/1.9.1/gems/passenger-4.0.5/libout/apache2/mod_passenger.so
PassengerRoot /var/lib/gems/1.9.1/gems/passenger-4.0.5
PassengerDefaultRuby /usr/bin/ruby1.9.1
...
To deploy the website on HTTPS, I moved the website configuration block from 000-default.conf to default-ssl.conf and restart apache but I get a 404 error:
Not Found
The requested URL /myapp was not found on this server.
I have tried moving the global WSGIPythonHome and WSGIPythonPath directives into default-ssl.conf in case that file was read first (it should not be as far as I know) but that did not help. The log files do not contain any useful information that I can see.
I have little Apache experience but from other SO threads, there seems to be some things that changed with Ubuntu 13. For example, the DocumentRoot directive in default-ssl.conf does not work for me which may be important. Adding a global value for DocumentRoot in /etc/apache2/apache2.conf does work but the problem is that it is global.
The 404 page on port 443 lists these as the modules that Apache has loaded:
Apache/2.4.6 (Ubuntu)
PHP/5.5.3-1ubuntu2
mod_python/3.3.1
Python/2.7.5+
OpenSSL/1.0.1e
mod_wsgi/3.4
Phusion_Passenger/4.0.5
Any help would be appreciated while I still have some hair left!
