Django Apache SSL [code 400, message bad request]

Question

I have issue with Apache proxy web server and Django SSL the following is the error followed by the Django settings.py and apache server.conf file for SSL, django version 1.6.8

  ----------------------------------------
  [10/Jan/2015 09:11:33] code 400, message Bad request syntax ('\x16\x03\x00\x00?
  Exception happened during processing of request from ('5.5.0.46', 38141)
  Traceback (most recent call last):
  File "/usr/lib/python2.7/SocketServer.py", line 593, in process_request_thread
   self.finish_request(request, client_address)
  File "/usr/lib/python2.7/SocketServer.py", line 334, in finish_request
   self.RequestHandlerClass(request, client_address, self)
  File "/usr/local/lib/python2.7/dist-packages/django/core/servers/basehttp.py", line 126, in __init__
   super(WSGIRequestHandler, self).__init__(*args, **kwargs)
  File "/usr/lib/python2.7/SocketServer.py", line 649, in __init__
   self.handle()
  File "/usr/lib/python2.7/wsgiref/simple_server.py", line 117, in handle
   if not self.parse_request(): # An error code has been sent, just exit
  File "/usr/lib/python2.7/BaseHTTPServer.py", line 286, in parse_request
    self.send_error(400, "Bad request syntax (%r)" % requestline)
  File "/usr/lib/python2.7/BaseHTTPServer.py", line 368, in send_error
    self.send_response(code, message)
  File "/usr/lib/python2.7/BaseHTTPServer.py", line 385, in send_response
    self.log_request(code)
  File "/usr/lib/python2.7/BaseHTTPServer.py", line 422, in log_request
    self.requestline, str(code), str(size))
  File "/usr/local/lib/python2.7/dist-packages/django/core/servers/basehttp.py", line 138, in log_message
   msg = "[%s] %s\n" % (self.log_date_time_string(), format % args)
  UnicodeDecodeError: 'ascii' codec can't decode byte 0xf9 in position 12: ordinal not in    range(128)
  ----------------------------------------

settings.py

   ...... 

   # secure proxy SSL header and secure cookies
   SECURE_SSL_REDIRECT = True
   SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
   SESSION_COOKIE_SECURE = True
   CSRF_COOKIE_SECURE = True

   # session expire at browser close
   SESSION_EXPIRE_AT_BROWSER_CLOSE = True

   # wsgi scheme
   os.environ['wsgi.url_scheme'] = 'https'
   ......

apache server.conf

 <IfModule mod_ssl.c>
    <VirtualHost *:80>
            ServerName mywebsite.com
            WSGIScriptAlias / /var/www/manage/manage/wsgi.py
    </VirtualHost>
    <VirtualHost _default_:443>
            ServerName mywebsite.com
            WSGIScriptAlias / /var/www/manage/manage/wsgi.py
            SSLEngine on
            SSLCertificateFile      /etc/apache2/ssl/apache.crt
            SSLCertificateKeyFile /etc/apache2/ssl/apache.key
            redirect permanent / https://5.5.0.38:8080
    </VirtualHost>
  </IfModule>

Also i enabled HTTPS in django wsgi.py

  ......
  os.environ['HTTPS'] = "on"
  ..............

Answer 1

Bad request syntax ('\x16\x03\x00\x00?

This is HTTPS traffic where HTTP traffic is expected. I assume this is caused by the following line in your apache.conf:

redirect permanent / https://5.5.0.38:8080

This instructs the browser to access the given URL (probably your Django server) instead. It does not forward the request to the Django server (what you've probably intended) but instead instructs the browser to make a new request and fetch the resource directly from the Django server, that is without apache in front. I think you need to use instead something like ProxyPass or ProxyPassReverse if you want to use apache in front of another server.

It would be very unusual if port 8080 is actually used for https, usually this is used for http only. Therefore I assume that your Django server itself is only speaking plain http.

os.environ['HTTPS'] = "on"

This does not make a HTTPS server out of Django, but it only instructs Django to create all links as https links. This supports my assumption that your Django server itself does only plain http.

Answer 2

I think the right answer is as following:

• first enable the proxy_http module for apache to remap the url from https to http

  $ a2enmod proxy_http

• second remove the redirection of https requests to django

• add ProxyPass and ProxyPassReverse to pass the https requests from apache server to Django on http protocol

  the following is what i did for apache.conf

      <VirtualHost *:80>
              ServerName mywebsite.com
              WSGIScriptAlias / /var/www/manage/manage/wsgi.py
      </VirtualHost>
      <VirtualHost _default_:443>
              ServerName mywebsite.com
              WSGIScriptAlias / /var/www/manage/manage/wsgi.py
              SSLEngine on
              SSLCertificateFile      /etc/apache2/ssl/apache.crt
              SSLCertificateKeyFile /etc/apache2/ssl/apache-wp.key
              ProxyPass / http://myip:8080/
              ProxyPassReverse / http://myip:8080/
              #redirect permanent / https://myip:8080
      </VirtualHost>
  

also make sure that all http rewrite to https edit the /etc/apache2/sites-enabled/000-default.conf apache file as shown below

<VirtualHost *:80>
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html
        RewriteEngine On
        RewriteCond %{HTTPS} !on
        RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>