如何像使用“runserver"进行非 https 连接一样轻松地测试与 Django 的 https 连接? [英] How can I test https connections with Django as easily as I can non-https connections using 'runserver'?

查看:14
本文介绍了如何像使用“runserver"进行非 https 连接一样轻松地测试与 Django 的 https 连接?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我有一个使用安全"cookie 的应用程序,我想测试它的功能,而无需设置复杂的启用 SSL 的开发服务器.有没有什么办法可以像我可以使用 ./manage.py runserver 测试非加密请求一样简单地做到这一点?

I have an application that uses "secure" cookies and want to test it's functionality without needing to set up a complicated SSL enabled development server. Is there any way to do this as simply as I can test non-encrypted requests using ./manage.py runserver?

推荐答案

它不像内置的开发服务器那么简单,但是使用 stunnel 作为 SSLifying 中间人来解决问题并不难在您的浏览器和开发服务器之间.Stunnel 允许你在你的机器上设置一个轻量级服务器,它接受配置端口上的连接,用 SSL 包装它们,并将它们传递给其他服务器.我们将使用它来打开一个 stunnel 端口 (8443) 并将它接收到的任何流量传递给 Django runserver 实例.

It's not as simple as the built in development server, but it's not too hard to get something close using stunnel as an SSLifying middleman between your browser and the development server. Stunnel allows you to set up a lightweight server on your machine that accepts connections on a configured port, wraps them with SSL, and passes them along to some other server. We'll use this to open a stunnel port (8443) and pass along any traffic it receives to a Django runserver instance.

首先,您需要 stunnel,它可以在此处下载,也可以由您平台的软件包系统提供(例如:apt-get install stunnel).我将使用 stunnel 版本 4(例如:Ubuntu 上的 /usr/bin/stunnel4),版本 3 也可以使用,但有不同的配置选项.

First you'll need stunnel which can be downloaded here or may be provided by your platform's package system (e.g.: apt-get install stunnel). I'll be using version 4 of stunnel (e.g.: /usr/bin/stunnel4 on Ubuntu), version 3 will also work, but has different configuration options.

首先在你的 Django 项目中创建一个目录来保存必要的配置文件和 SSLish.

First create a directory in your Django project to hold the necessary configuration files and SSLish stuff.

mkdir stunnel
cd stunnel

接下来,我们需要创建用于 SSL 通信的本地证书和密钥.为此,我们求助于 openssl.

Next we'll need to create a local certificate and key to be used for the SSL communication. For this we turn to openssl.

创建密钥:

openssl genrsa 2048 > stunnel.key

创建使用此密钥的证书(这将询问您一系列将包含在证书中的信息 - 只需回答您认为合适的任何内容):

Create the certificate that uses this key (this will ask you a bunch of information that will be included in the certficate - just answer with whatever feels good to you):

openssl req -new -x509 -nodes -sha1 -days 365 -key stunnel.key > stunnel.cert

现在将这些组合成一个文件,stunnel 将用于其 SSL 通信:

Now combine these into a single file that stunnel will use for its SSL communication:

cat stunnel.key stunnel.cert > stunnel.pem

为 stunnel 创建一个名为 dev_https 的配置文件,内容如下:

Create a config file for stunnel called dev_https with the following contents:

pid=

cert = stunnel/stunnel.pem
sslVersion = SSLv3
foreground = yes
output = stunnel.log

[https]
accept=8443
connect=8001
TIMEOUTclose=1

这个文件告诉 stunnel 它需要知道什么.具体来说,您要告诉它不要使用 pid 文件、证书文件所在的位置、要使用的 SSL 版本、它应该在前台运行、它应该记录其输出的位置以及它应该接受端口上的连接8443 并将它们传送到端口 8001.最后一个参数 (TIMEOUTclose) 告诉它在没有活动的情况下经过 1 秒后自动关闭连接.

This file tells stunnel what it needs to know. Specifically, you're telling it not to use a pid file, where the certificate file is, what version of SSL to use, that it should run in the foreground, where it should log its output, and that it should accept connection on port 8443 and shuttle them along to port 8001. The last parameter (TIMEOUTclose) tells it to automatically close the connection after 1 second has passed with no activity.

现在返回到您的 Django 项目目录(其中包含 manage.py 的目录):

Now pop back up to your Django project directory (the one with manage.py in it):

cd ..

在这里,我们将创建一个名为 runserver 的脚本,该脚本将运行 stunnel 和两个 django 开发服务器(一个用于普通连接,一个用于 SSL 连接):

Here we'll create a script named runserver that will run stunnel and two django development servers (one for normal connections, and one for SSL connections):

stunnel4 stunnel/dev_https &
python manage.py runserver&
HTTPS=1 python manage.py runserver 8001

让我们逐行分解:

  • 第 1 行:启动 stunnel 并将其指向我们刚刚创建的配置文件.这在端口 8443 上有 stunnel 侦听,将它接收到的任何连接包装在 SSL 中,并将它们传递到端口 8001
  • 第 2 行:启动一个普通的 Django runserver 实例(在端口 8000)
  • 第 3 行:启动另一个 Django runserver 实例(在端口 8001 上)并将其配置为将所有传入连接视为使用 HTTPS 执行.

使我们刚刚创建的 runscript 文件可执行:

Make the runscript file we just created executable with:

chmod a+x runserver

现在,当您想要运行开发服务器时,只需从项目目录中执行 ./runserver.要尝试一下,只需将浏览器指向 http://localhost:8000 以获取正常 HTTP 流量,将 https://localhost:8443 指向 HTTPS 流量.请注意,您的浏览器几乎肯定会抱怨所使用的证书,并要求您添加例外或以其他方式明确指示浏览器继续浏览.这是因为您创建了自己的证书,并且浏览器不信任它说出它是谁的真相.这对开发来说很好,但显然不会削减生产.

Now when you want to run your development server just execute ./runserver from your project directory. To try it out, just point your browser to http://localhost:8000 for normal HTTP traffic, and https://localhost:8443 for HTTPS traffic. Note that you're browser will almost definitely complain about the certificate used and require you to add an exception or otherwise explicitly instruct the browser to continue browsing. This is because you created your own certificate and it isn't trusted by the browser to be telling the truth about who it is. This is fine for development, but obviously won't cut it for production.

不幸的是,在我的机器上,当我按下 Ctrl-C 时,这个 runserver 脚本并没有很好地退出.我必须手动终止进程 - 有人建议解决这个问题吗?

Unfortunately, on my machine this runserver script doesn't exit out nicely when I hit Ctrl-C. I have to manually kill the processes - anyone have a suggestion to fix that?

感谢 Michael Gile 的 post 和 django-weave 的 维基条目 参考资料.

Thanks to Michael Gile's post and django-weave's wiki entry for the reference material.

这篇关于如何像使用“runserver"进行非 https 连接一样轻松地测试与 Django 的 https 连接?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆