我正在考虑切换到 python/django 进行 Web 开发。对于一些我需要移植的应用程序,我有网站的管理部分通过 SSL 提供服务,而主界面不是。
有没有办法通过 SSL 提供 django 应用程序的管理部分,而网站的其余部分通过 HTTP?
问问题
81 次
1 回答
0
它绝对有可能。如果你正在使用nginx,你会这样做:
在 下/etc/nginx/sites-available/default,在您的服务器标签下方添加以下内容并适当地配置文件:
#SSL Support added
listen 443 ssl;
ssl_certificate /etc/ssl/ssl/nginx/server.crt;
ssl_certificate_key /etc/ssl/ssl/nginx/server.key;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
然后在你的 middleware.py 中,
class SecureRequiredMiddleware(object):
def __init__(self):
self.paths = getattr(settings, 'SECURE_REQUIRED_PATHS')
self.enabled = self.paths and getattr(settings, 'HTTPS_SUPPORT')
def process_request(self, request):
if self.enabled and not request.is_secure():
for path in self.paths:
if request.get_full_path().startswith(path):
request_url = request.build_absolute_uri(request.get_full_path())
secure_url = request_url.replace('http://', 'https://')
print self.paths, request_url, secure_url
return HttpResponsePermanentRedirect(secure_url)
return None
然后在settings.py中,
....
MIDDLEWARE_CLASSES = (
'django.middleware.common.CommonMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
# Uncomment the next line for simple clickjacking protection:
'django.middleware.clickjacking.XFrameOptionsMiddleware',
'djo.middleware.SecureRequiredMiddleware',
....
HTTPS_SUPPORT = True
SECURE_REQUIRED_PATHS = (
r'/admin/',
)
那应该让你开始。
于 2013-05-09T15:49:54.990 回答