如何使用'runserver'可以轻松地测试与Django的https连接? [英] How can I test https connections with Django as easily as I can non-https connections using 'runserver'?
问题描述
./ manage.py runserver 测试未加密的请求一样简单简单的内置开发服务器并不像简单,但使用stunnel作为一个SSL协调中间人,您的浏览器和开发服务器。 Stunnel允许您在计算机上设置轻量级服务器,该服务器接受已配置端口上的连接,使用SSL进行包装,并将它们传递给其他服务器。我们将使用它来打开一个stunnel端口(8443),并将其接收的任何流量传递给Django runserver实例。
首先你需要stunnel 在此下载,或者可能由您的平台的软件包系统提供(例如: apt-get install stunnel )。我将在Ubuntu上使用stunnel的版本4(例如: / usr / bin / stunnel4 ),版本3也可以工作,但具有不同的配置选项。 >
首先在Django项目中创建一个目录来保存必要的配置文件和SSLish的东西。
mkdir stunnel
cd stunnel
接下来我们需要创建一个本地证书和密钥用于SSL通信。为此,我们转到openssl。
创建密钥:
openssl genrsa 1024> stunnel.key
创建使用此密钥的证书(这将会询问一堆信息,被包括在证书中 - 只需回答你感觉很好的东西):
openssl req -new -x509 -nodes -sha1 -days 365 -key stunnel.key> stunnel.cert
现在将这些组合成一个stunnel将用于其SSL通信的单个文件: p>
cat stunnel.key stunnel.cert> stunnel.pem
为具有以下内容的名为dev_https的stunnel创建一个配置文件:
pid =
cert = stunnel / stunnel.pem
sslVersion = SSLv3
foreground = yes
output = stunnel.log
[https]
accept = 8443
connect = 8001
TIMEOUTclose = 1
此文件告诉stunnel需要知道什么。具体来说,你告诉它不要使用证书文件所在的pid文件,要使用什么版本的SSL,它应该在前台运行,应该在哪里记录其输出,并且它应该接受端口上的连接8443并将它们连接到端口8001.最后一个参数(TIMEOUTclose)告诉它在没有活动的情况下经过1秒后自动关闭连接。
现在弹出您的Django项目目录(其中包含manage.py):
cd ..
这里我们将创建一个名为runserver的脚本这将运行stunnel和两个django开发服务器(一个用于正常连接,一个用于SSL连接):
stunnel4 stunnel / dev_https &安培;
python manage.py runserver&
HTTPS = 1 python manage.py runserver 8001
让我们把它打破,线:
- 第1行:启动stunnel并将其指向刚刚创建的配置文件。这在端口8443上进行stunnel监听,将其接收到的任何连接封装在SSL中,并将它们传递到端口8001
- 第2行:启动一个正常的Django runserver实例(在端口8000上)第3行:启动另一个Django runserver实例(在端口8001上),并将其配置为将所有传入连接视为使用HTTPS执行。
制作我们刚刚创建的可执行文件的runscript文件:
chmod a + x runserver
现在,当您要运行开发服务器时,只需执行 ./ runserver 从您的项目目录。要尝试一下,只需将浏览器指向 http:// localhost:8000 ,以获得正常的HTTP流量,并将 https:// localhost:8443 。请注意,您浏览器几乎肯定会抱怨使用的证书,并要求您添加例外或以其他方式明确指示浏览器继续浏览。这是因为您创建了自己的证书,浏览器不信任他们说实话。这对开发是很好的,但显然不会削减它的生产。
不幸的是,在我的机器上,这个runserver脚本不会很好地退出,当我按Ctrl- C。我必须手动杀死这些进程 - 任何人都有建议来解决这个问题?
感谢Michael Gile的 post 和django-weave的 wiki条目参考资料。
I have an application that uses "secure" cookies and want to test it's functionality without needing to set up a complicated SSL enabled development server. Is there any way to do this as simply as I can test non-encrypted requests using ./manage.py runserver?
It's not as simple as the built in development server, but it's not too hard to get something close using stunnel as an SSLifying middleman between your browser and the development server. Stunnel allows you to set up a lightweight server on your machine that accepts connections on a configured port, wraps them with SSL, and passes them along to some other server. We'll use this to open a stunnel port (8443) and pass along any traffic it receives to a Django runserver instance.
First you'll need stunnel which can be downloaded here or may be provided by your platform's package system (e.g.: apt-get install stunnel). I'll be using version 4 of stunnel (e.g.: /usr/bin/stunnel4 on Ubuntu), version 3 will also work, but has different configuration options.
First create a directory in your Django project to hold the necessary configuration files and SSLish stuff.
mkdir stunnel
cd stunnel
Next we'll need to create a local certificate and key to be used for the SSL communication. For this we turn to openssl.
Create the key:
openssl genrsa 1024 > stunnel.key
Create the certificate that uses this key (this will ask you a bunch of information that will be included in the certficate - just answer with whatever feels good to you):
openssl req -new -x509 -nodes -sha1 -days 365 -key stunnel.key > stunnel.cert
Now combine these into a single file that stunnel will use for its SSL communication:
cat stunnel.key stunnel.cert > stunnel.pem
Create a config file for stunnel called dev_https with the following contents:
pid=
cert = stunnel/stunnel.pem
sslVersion = SSLv3
foreground = yes
output = stunnel.log
[https]
accept=8443
connect=8001
TIMEOUTclose=1
This file tells stunnel what it needs to know. Specifically, you're telling it not to use a pid file, where the certificate file is, what version of SSL to use, that it should run in the foreground, where it should log its output, and that it should accept connection on port 8443 and shuttle them along to port 8001. The last parameter (TIMEOUTclose) tells it to automatically close the connection after 1 second has passed with no activity.
Now pop back up to your Django project directory (the one with manage.py in it):
cd ..
Here we'll create a script named runserver that will run stunnel and two django development servers (one for normal connections, and one for SSL connections):
stunnel4 stunnel/dev_https &
python manage.py runserver&
HTTPS=1 python manage.py runserver 8001
Let's break this down, line-by-line:
- Line 1: Starts stunnel and point it to the configuration file we just created. This has stunnel listen on port 8443, wrap any connections it receives in SSL, and pass them along to port 8001
- Line 2: Starts a normal Django runserver instance (on port 8000)
- Line 3: Starts another Django runserver instance (on port 8001) and configures it to treat all incoming connections as if they were being performed using HTTPS.
Make the runscript file we just created executable with:
chmod a+x runserver
Now when you want to run your development server just execute ./runserver from your project directory. To try it out, just point your browser to http://localhost:8000 for normal HTTP traffic, and https://localhost:8443 for HTTPS traffic. Note that you're browser will almost definitely complain about the certificate used and require you to add an exception or otherwise explicitly instruct the browser to continue browsing. This is because you created your own certificate and it isn't trusted by the browser to be telling the truth about who it is. This is fine for development, but obviously won't cut it for production.
Unfortunately, on my machine this runserver script doesn't exit out nicely when I hit Ctrl-C. I have to manually kill the processes - anyone have a suggestion to fix that?
Thanks to Michael Gile's post and django-weave's wiki entry for the reference material.
这篇关于如何使用'runserver'可以轻松地测试与Django的https连接?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
