settings in apache for django app which need ssl for some pages
First of all, let's separate the concerns here: one thing is to require login, other is to require SSL. The former is specific to Django, and should be handled in your views; and for the latter, IMHO you should consider the possibiilty of serving everything through SSL, that would simplify your setup a lot. Sure, there's some overhead, and it's up to you to decide whether it matters or not for your particular case.
That said, for your proposed scenario:
To serve anything from plain HTTP, you need to listen to the port
80
(or, in your case,8080
). So you need a separateVirtualHost
bound to that port, with a separate WSGI application for itself.To allow a single path (your index file) from this virtual host, but require everything else to be served by the SSL protected one, you can use
mod_rewrite
:RewriteEngine OnRewriteRule ^/partlysecureapp$ - [L,NC]RewriteRule (.*) https://127.0.0.1/partlysecureapp%{REQUEST_URI} [L,R=301]
The first rule tells Apache not to perform any redirect if the path is exactly like your root path; the second redirects everything else to
https
(which will be handled by your*:443
virtual host).(Note: you might want to serve
/site_media
without SSL as well)Then you can simply add your WSGI alias; even if Django sends the user to a different page, Apache will ensure that page is served through SSL.
You final code would be something like:
<VirtualHost *:8080> ServerAdmin webmaster@localhost DocumentRoot /home/dev/python/django/partlysecureapp RewriteEngine On RewriteRule ^/partlysecureapp$ - [L,NC] RewriteRule ^/site_media - [L,NC] RewriteRule (.*) https://127.0.0.1/partlysecureapp%{REQUEST_URI} [L,R=301] ... WSGIScriptAlias /partlysecureapp /home/dev/python/django/partlysecureapp/partlysecureapp.wsgi Alias /site_media/ /home/dev/python/django/partlysecureapp/media/</VirtualHost>
And your code for the SSL protected virtual host would be identical to the mysecureapp
one (using partlysecureapp
instead, of course; note also that you can have both apps running side-by-side, just pay attention to your MEDIA
and STATIC
paths).