如何获得 ssl 证书来使用我的 django 应用程序
我已经购买了 ssl 证书并将其按照颁发者的指示安装在我的 ubuntu apache2 服务器上。然后,我将以下内容添加到 /etc/apache2/sites-available/ssl-[mysite]:
<VirtualHost *:443>
ServerAdmin [me]@[mysite]
ServerName www.[mysite]
ServerAlias [mysite]
# Indexes + Directory Root.
# DirectoryIndex index.html index.htm index.php
DocumentRoot [mysite htdocs]
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/[mysite].crt
SSLCertificateKeyFile /etc/apache2/ssl/[mysite].key
SSLCertificateChainFile /etc/apache2/ssl/sf_bundle.crt
WSGIScriptAlias /[myapp] /[myapp location]
</VirtualHost>
ssl 证书对于我的基本 url 来说就像梦一样,给了我绿色的锁符号,但是当我转到我的应用程序目录时锁符号上有一个大的红色十字,我收到以下令人担忧的消息:
您与 [mysite] 的连接已使用 256 位加密进行加密。 但是,此页面包含其他不安全的资源。 这些资源在传输过程中可以被其他人查看,并且可以 被攻击者修改以改变页面的行为。
这显然会吓跑几乎任何人,这是 Django 还是我的 apache 配置的问题还是什么?
我知道从哪里开始,所以欢迎提出建议
I have purchased an ssl certificate and installed it on my ubuntu apache2 server as directed by the issuer. I then then added the following to /etc/apache2/sites-available/ssl-[mysite]:
<VirtualHost *:443>
ServerAdmin [me]@[mysite]
ServerName www.[mysite]
ServerAlias [mysite]
# Indexes + Directory Root.
# DirectoryIndex index.html index.htm index.php
DocumentRoot [mysite htdocs]
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/[mysite].crt
SSLCertificateKeyFile /etc/apache2/ssl/[mysite].key
SSLCertificateChainFile /etc/apache2/ssl/sf_bundle.crt
WSGIScriptAlias /[myapp] /[myapp location]
</VirtualHost>
The ssl certificate is working like a dream for my base url, giving my the green lock symbol, but when I go to my app directory the lock symbol has a big red cross over it and I get this worrying message:
Your connection to [mysite] is encrypted with 256-bit encryption.
However, this page includes other resources which are not secure.
These resources can be viewed by others while in transit, and can be
modified by an attacker to change the behavior of the page.
This obviously will scare away practically anyone, is this an issue with Django or with my apache config or what?
I have know idea where to start with this, so suggestions are welcomed
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
此警告意味着,即使您重定向到 HTTPS 链接,您也会通过纯 HTTP 发送页面的部分内容。
您应该确保一切都通过 HTTPS 进行,以避免此警告和潜在的漏洞。
我无法给您任何关于如何解决此问题的提示,因为您没有对您的应用程序说太多,而且我不知道
apache2配置,但希望您现在有一个起点来了解什么修复。通常您会在有广告或嵌入图像的网站上看到此警告
This warning means that you even though you are redirecting to an HTTPS link you are sending parts of your page over plain HTTP.
You should make sure that everything is over HTTPS to avoid this warning and pottential vulnerability.
I can't give you any hints on how to fix this since you haven't said much on your application and I don't know the
apache2configuration but hopefully you now have a starting point to see what to fix.Usually you will see this warning on sites that have advertisments or embedded images