I have a TurboGears (either v2.2.1 or v2.3.1) website up and running on HTTP under Apache. The HTTP website works fine but I am trying to move it to HTTPS and am hitting a wall. I have two .conf files and tried copying the configuration block from the running HTTP configuration to the HTTPS configuration.
The Apache setup is as follows:
/etc/apache2/sites-enabled/000-default.conf -> /etc/sites-available/000-default.conf
/etc/apache2/sites-enabled/default-ssl.conf -> /etc/sites-available/default-ssl.conf
My configuration with the website working on HTTP is:
/etc/apache2/sites-available/000-default.conf:
WSGIPythonHome /usr/local/pythonenv/BASELINE
WSGIPythonPath /usr/local/pythonenv/myapp/lib/python2.7/site-packages
<VirtualHost *:80>
ServerAdmin [email protected]
ServerName myhost.mydomain.com
DocumentRoot /var/www
<Directory />
...
</Directory>
<Directory /var/www/>
...
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
...
</Directory>
# Start website configuration
Alias /myapp/img /usr/local/turbogears/myapp/myapp/public/img
Alias /myapp/css /usr/local/turbogears/myapp/myapp/public/css
Alias /myapp/javascript /usr/local/turbogears/myapp/myapp/public/javascript
WSGIDaemonProcess myapp threads=10 processes=3
WSGIProcessGroup myapp
WSGIScriptAlias /myapp /usr/local/turbogears/myapp/apache/myapp.wsgi
# Directory Permissions.
<Directory /usr/local/turbogears/myapp/apache>
Order deny,allow
allow from ...
deny from all
</Directory>
# End website configuration
... #more entries for Trac and Doxygen websites
</VirtualHost>
/etc/apache2/sites-available/default-ssl.conf:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster@localhost
SSLEngine On
DocumentRoot /var/www/ssl
# THIS IS WHERE I TRY CUT/PASTING THE CONFIGURATION BLOCK FROM THE HTTP WEBSITE
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>
</IfModule>
ports.conf:
Listen 80
<IfModule mod_ssl.c>
Listen 443
</IfModule>
<IfModule mod_gnutls.c>
Listen 443
</IfModule>
SSLCertificateFile /admin/webcerts/mycert.cer
SSLCertificateKeyFile /admin/webcerts/myprivate.key
In apache2.conf:
...
Include mods-enabled/*.load
Include mods-enabled/*.conf
Include ports.conf
Include sites-enabled/
Include /etc/phpmyadmin/apache.conf
LoadModule passenger_module /var/lib/gems/1.9.1/gems/passenger-4.0.5/libout/apache2/mod_passenger.so
PassengerRoot /var/lib/gems/1.9.1/gems/passenger-4.0.5
PassengerDefaultRuby /usr/bin/ruby1.9.1
...
To deploy the website on HTTPS, I moved the website configuration block from 000-default.conf to default-ssl.conf and restart apache but I get a 404 error:
Not Found
The requested URL /myapp was not found on this server.
I have tried moving the global WSGIPythonHome and WSGIPythonPath directives into default-ssl.conf in case that file was read first (it should not be as far as I know) but that did not help. The log files do not contain any useful information that I can see.
I have little Apache experience but from other SO threads, there seems to be some things that changed with Ubuntu 13. For example, the DocumentRoot directive in default-ssl.conf does not work for me which may be important. Adding a global value for DocumentRoot in /etc/apache2/apache2.conf does work but the problem is that it is global.
The 404 page on port 443 lists these as the modules that Apache has loaded:
Apache/2.4.6 (Ubuntu)
PHP/5.5.3-1ubuntu2
mod_python/3.3.1
Python/2.7.5+
OpenSSL/1.0.1e
mod_wsgi/3.4
Phusion_Passenger/4.0.5
Any help would be appreciated while I still have some hair left!
The (annoying) solution for me was to change
to
This worked at first but failed later. What seemed to st
One factor may be that the server has four network interfaces.
To get to this solution, I first noticed that the SSL access logs in /var/log/apache2 were empty suggesting that the SSL site was not even being served. I then tried running the SSL site on 127.0.0.1 and testing locally which worked - it did complain about the SSL certificate since that was created with a DNS entry. Some more searching led me to the solution above. If this is not a good solution, please let me know however it seems to work fine for me.