Has anyone cracked how to get HTTPS working on the dev_appserver.py? I need it for Facebook canvas app testing. I've had a search of the docs and nothing suggests there's a way to do it (sticking 'secure' in the app.yaml doesn't nothing locally).
I was think there may be a way to proxy it, but has anyone got any experience of this?
The dev_appserver doesn't support HTTPS. The only practical way to do this is to set up a reverse proxy in front of your app - such as with nginx or Apache - and have it proxy SSL traffic to your app.
I know this is late, in case anybody else finds this question:
ngrok is quiet easy to setup for a custom reverse HTTPS proxy..
The only downside is that my webapp2 application still believes it's being served over HTTP, so using redirect() doesn't work well because it resolves relative URLs to absolute URLs using request.url.
My workaround was to overwrite RequestHandler.redirect as follows:
class BaseRequestHandler(RequestHandler):
def redirect(self, uri, permanent = False, abort = False, code = None, body = None):
if uri.startswith(('.', '/')):
base_url = self.request.url
if base_url.startswith('http://'):
base_url = 'https://' + base_url[7:]
uri = str(urlparse.urljoin(base_url, uri))
super(RequestHandler, self).redirect(uri, permanent, abort, code, body)
I needed a BaseRequestHandler class anyways for implementing other utility functions.
I put this in my Appache httpd.conf to proxy the connection:
<Location /myproject/>
ProxyPass http://localhost:8080/
</Location>
Now going to https://localhost/myproject/ in my browser worked.
Note: SSL needs to be enabled on your Apache server. On my OS X machine I uncommented out the line Include /private/etc/apache2/extra/httpd-ssl.conf in /etc/apache2/httpd.conf and ran sudo apachectl restart
Related
I have installed the Varnish with Apach2 and setup that using the HTTP proxy apache module and used the headers to get the Data over HTTP and send it to HTTPS using reverse proxy.
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:80/
ProxyPassReverse / http://127.0.0.1:80/
RequestHeader set X-Forwarded-Port “443”
RequestHeader set X-Forwarded-Proto “https
But the issue I am facing this setup is the Browser error Content is loading from HTTP over HTTPS has been blocked.
Mixed Content: The page at '' was loaded over HTTPS, but
requested an insecure stylesheet ''. This request has been
blocked; the content must be served over HTTPS.
Please help to understand where I am wrong and how can I make this work?
Thank you in Advance.
There's not a whole lot of context about the setup and the configuration, but based on the information you provided I'm going to assume you're using Apache to first terminate the TLS connection and then forward that traffic to Varnish.
I'm also assuming Apache is also configured as the backend in Varnish listening on a port like 8080 whereas Varnish is on 80 and the HTTPS Apache vhost is on 443.
Vary header
The one thing that might be missing in your setup is a cache variation based on the X-Forwarded-Proto header.
I would advise you to set that cache variation using the following configuration:
Header append Vary: X-Forwarded-Proto
This uses mod_headers and can either be set in your .htaccess file or your vhost configuration.
It should allow Varnish to be aware of the variations based on the Vary: X-Forwarded-Proto header and store a version for HTTP and one for HTTPS.
This will prevent HTTP content being stored when HTTPS content is requested and vice versa.
A good way to simulate the issue
If you want to make sure the issue behaves as I'm expecting it to, please perform a test using the following steps:
Clear your cache through sudo varnishadm ban obj.status "!=" 0
Run varnishlog -g request -q "ReqUrl eq '/'" to filter logs for the. homepage
Call the HTTP version of the homepage and ensure its stored in the cache
Capture the log output for this transaction and store it somewhere
Call that same page over HTTPS and check whether or not the mixed content errors occur
Capture the log output for this transaction and store it somewhere
Then fix the issue through the Vary: X-Forwarded-Proto header and try the testcase again.
In case of problems, just add the 2 log transactions to your question (1 for the miss, 1 for the hit) and I'll examine it for you
Okay so:
I'm running a LightSail instance at www.gethatext.com.
FrontEnd - React, BackEnd - Django
On the homepage, I'm making 2 get requests to the Django server.
It is important to say that both Django & React are being served in the apache server.
.conf file of apache (http & https)
ProxyPass /api http://localhost:8000. # Django.
ProxyPassReverse /api http://localhost:8000 # Django.
ProxyPass / http://localhost:3000/. # React.
ProxyPassReverse / http://localhost:3000/. #React.
So I investigated and read that i need to add the following to the .conf file in either <Directory>, <Location> or <VirtualHost>. and so I did (and restarted all services of source).
<IfModule mod_headers.c>
Header set Access-Control-Allow-Origin "*"
</IfModule>
BUT it did not help.
But when I'm making the same request from POSTMAN in my computer I get a the expected response (After running from the instance terminal python manage.py runserver 0.0.0.0:8000)
I Also added https://cors-anywhere.herokuapp.com to my request
So it looked like:
axois.get("https://cors-anywhere.herokuapp.com/https://gethatext.com/api/account/quantity/")....
and surprisingly IT WORKED..
But it doesn't feel like a good practice and also in terms of data privacy.
So I wonder what is it the problem here?
Is it related to that, that Django and React are both served in the same apache service?
Also add to axois header:
"Access-Control-Allow-Origin": "*"
But with no luck
Browser console error:
Cheers guys & Thanks in advnace.
So the solution for this one was
Adding:
"proxy" : "https:my-domain.com".
to the package.json and in the axios requests.
axios.get("/upload/quantity/").then()...
And it worked
I should be able to intercept the request using apache modules and after that I should be able to forward that request to application server.
I wrote one module in apache web server, that module will intercept the requests and sending the response.
When I try only with apache module using following configuration it is working fine.
<Location "/test.html">
SetHandler my_module
</Location>
When I try only with ProxyPass configuration as below in that case also it is working fine.
<Location "/test.html">
ProxyPass "http://192.168.124.1:8080/test/myservlet"
</Location>
But, if I want both functionalities in that case it is not working. i.e initially I should be able to intercept the request and after that I should be able to forward that request to application server.
Can someone please suggest me the approach for this?.
You should return DECLINED from your ap_hook_handler() function, or use a different "hook" such as "ap_hook_fixups" which allows more than 1 module to take action.
When working with Angular and its routes, if you reload the page in, let's say, localhost:9000/products, the response will be a 404.
I am using Python server created using python -m SimpleHTTPServer port no. How to solve this problem since .htaccess file is not working in this?
.htaccess files are for apache http server not the python server, the .htaccess is for setting up redirects that the apache server will observe but if you use nginx or in this case python simple http server you'd have to use redirects specific to that particular http server this may help:
https://gist.github.com/chrisbolin/2e90bc492270802d00a6
copied here not written by myself apparently also from SO
''' Taken from: http://stackoverflow.com/users/1074592/fakerainbrigand http://stackoverflow.com/questions/15401815/python-simplehttpserver '''
import SimpleHTTPServer, SocketServer import urlparse, os
PORT = 3000 INDEXFILE = 'index.html'
class MyHandler(SimpleHTTPServer.SimpleHTTPRequestHandler): def do_GET(self):
# Parse query data to find out what was requested
parsedParams = urlparse.urlparse(self.path)
# See if the file requested exists
if os.access('.' + os.sep + parsedParams.path, os.R_OK):
# File exists, serve it up
SimpleHTTPServer.SimpleHTTPRequestHandler.do_GET(self);
else:
# send index.html, but don't redirect
self.send_response(200)
self.send_header('Content-Type', 'text/html')
self.end_headers()
with open(INDEXFILE, 'r') as fin:
self.copyfile(fin, self.wfile)
Handler = MyHandler
httpd = SocketServer.TCPServer(("", PORT), Handler)
print "serving at port", PORT httpd.serve_forever()
Also personally I use apache locally and just have browsersync proxy to the apache server and that handles the redirect if a file isn't found, from there the angular page takes over and routing kicks in to restore the view or go to a page not found view.
I recently bought a Namecheap domain and have been trying to hook it up to my GAE website. The GAE URL is domain.appspot.com and it works just fine. I have followed the instructions outlined in https://cloud.google.com/appengine/docs/domain but when I try to visit my custom domain I get an error saying:
The webpage at https://www.domain.com/ might be temporarily down or it may have moved permanently to a new web address.
Error code: ERR_CONNECTION_CLOSED
I have no idea what I'm doing wrong. I have confirmed that domain.com and www.domain.com are both listed as custom domain names in the GAE console, and I've added all the IPs/CNAME stuff as specified. A dig domain.com command confirms that:
;; ANSWER SECTION:
domain.com 1234 IN A 216.239.34.21
domain.com 1234 IN A 216.239.36.21
domain.com 1234 IN A 216.239.32.21
domain.com 1234 IN A 216.239.38.21
I'm wondering if this is a HTTPS issue because trying domain.com in Safari tells me that:
Safari can't open "https://domain.com" because Safari can't establish a secure connection to the server "domain.com".
I don't want to get a cert for HTTPS but I don't see any way around the problem? How can I successfully use a custom domain with my GAE app?
The problem was in my app.yaml file. I had set secure: always which was forcing https, but I didn't have a cert. Now I changed it to secure: never to require http, and it should work fine.