Django OpenSSL setting

INSTALL openssl

$ openssl version                                     
OpenSSL 1.0.2s  28 May 2019

version์ด ๋‚˜์˜ค์ง€์•Š์œผ๋ฉด ์„ค์น˜๊ฐ€ ๋˜์–ด์žˆ์ง€ ์•Š์€ ๊ฒƒ์ด๋ฏ€๋กœ ์„ค์น˜๊ฐ€ ํ•„์š”ํ•˜๋‹ค.

homebrew๋กœ ์„ค์น˜ํ•˜๊ธฐ

$ brew install openssl

Key ์ƒ์„ฑํ•˜๊ธฐ

$ openssl genrsa 1024 > {{keyname}}.key
Generating RSA private key, 1024 bit long modulus
..................+++++
......+++++
e is 65537 (0x10001)

Cert ํŒŒ์ผ ์ƒ์„ฑํ•˜๊ธฐ

$ openssl req -new -x509 -nodes -sha256 -days 365 -key {{keyname}}.key > {{certname}}.cert

You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:
Email Address []:

์ด๋•Œ .key ํŒŒ์ผ๊ณผ .cert ํŒŒ์ผ์€ manage.py ํŒŒ์ผ๊ณผ ๊ฐ™์€ depth์— ์ƒ์„ฑํ•œ๋‹ค.

์ธ์ฆ์„œ๋Š” ์„ค์น˜ํ›„์— ํ‚ค์ฒด์ธ๊ด€๋ฆฌ์—์„œ ์ด ์ธ์ฆ์„œ ์‚ฌ์šฉ ์‹œ ํ•ญ์ƒ ์‹ ๋ขฐ๋กœ ๋ณ€๊ฒฝํ•ด์ค€๋‹ค.

Install django-sslserver

$ pip install django-sslserver

์ด๋•Œ ์™ธ๋ถ€ ๋„คํŠธ์›Œํฌ ์ ‘์†์ด ์ž์œ ๋กญ์ง€ ๋ชปํ•œ ๋„คํŠธ์›Œํฌ (ํšŒ์‚ฌ ๋„คํŠธ์›Œํฌ ๋“ฑ)์—์„œ๋Š” SSL ์ธ์ฆ์„œ ๋ฌธ์ œ ๋“ฑ์œผ๋กœ pip๋ฅผ ํ†ตํ•œ ๋ผ์ด๋ธŒ๋Ÿฌ๋ฆฌ ๋‹ค์šด ๋ฐ ์„ค์น˜๊ฐ€ ๋˜์ง€ ์•Š์„ ์ˆ˜ ์žˆ๋‹ค.

WARNING: Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1056)'))': /simple/django-sslserver/
WARNING: Retrying (Retry(total=3, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1056)'))': /simple/django-sslserver/
WARNING: Retrying (Retry(total=2, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1056)'))': /simple/django-sslserver/
WARNING: Retrying (Retry(total=1, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1056)'))': /simple/django-sslserver/
WARNING: Retrying (Retry(total=0, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1056)'))': /simple/django-sslserver/
Could not fetch URL https://pypi.org/simple/django-sslserver/: There was a problem confirming the ssl certificate: HTTPSConnectionPool(host='pypi.org', port=443): Max retries exceeded with url: /simple/django-sslserver/ (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1056)'))) - skipping
ERROR: Could not find a version that satisfies the requirement django-sslserver (from versions: none)
ERROR: No matching distribution found for django-sslserver
Could not fetch URL https://pypi.org/simple/pip/: There was a problem confirming the ssl certificate: HTTPSConnectionPool(host='pypi.org', port=443): Max retries exceeded with url: /simple/pip/ (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1056)'))) - skipping

pip์˜ ์˜ต์…˜ ์ค‘ --trusted-host ์˜ต์…˜์„ ์‚ฌ์šฉํ•ด ๋ผ์ด๋ธŒ๋Ÿฌ๋ฆฌ๋ฅผ ์„ค์น˜ํ•˜๋Š” url์„ ์˜ต์…˜์œผ๋กœ ์ง€์ • ํ›„ ์„ค์น˜ํ•ด์ฃผ๋ฉด๋œ๋‹ค.

$ pip --trusted-host pypi.python.org --trusted-host files.pythonhosted.org --trusted-host pypi.org install django-sslserver

๋งค๋ฒˆ --trusted-host ์˜ต์…˜์„ ์ถ”๊ฐ€ํ•˜๊ธฐ ๊ท€์ฐฎ์€ ๊ฒฝ์šฐ์—๋Š” .zshrc์— alias ์„ค์ •์„ ํ•˜๋ฉด๋œ๋‹ค.

alias pip='pip --trusted-host pypi.org --trusted-host files.pythonhosted.org --trusted-host pypi.org'

INSTALLED_APP

์„ค์น˜๊ฐ€ ์™„๋ฃŒ๋˜๋ฉด Django ํ”„๋กœ์ ํŠธ settings.py์˜ INSTALLED_APP์— ์ถ”๊ฐ€ํ•ด์ค€๋‹ค.

์„œ๋ฒ„๋ณ„๋กœ ํ™˜๊ฒฝ์„ค์ •์„ ๋ถ„๋ฆฌํ•œ ๊ฒฝ์šฐ์—๋Š” ์•Œ๋งž๊ฒŒ ์ถ”๊ฐ€ํ•ด์ค€๋‹ค.(settings/base.py)

 INSTALLED_APPS = [
     ...
    # django third-party-apps
    'sslserver',
    ...
]

runsslserver

$ python manage.py runsslserver --certificate {{certname}}.cert --key {{keyname}}.key

Watching for file changes with StatReloader
Validating models...

System check identified some issues:

January 14, 2020 - 15:03:43
Django version 2.2.6, using settings 'config.settings.development'
Starting development server at https://127.0.0.1:8000/
Using SSL certificate: django.cert
Using SSL key: django.key
Quit the server with CONTROL-C.

https ๋กœ ์ ‘์†ํ•  ์ˆ˜ ์žˆ๋Š” ๊ฒƒ์„ ํ™•์ธํ•  ์ˆ˜ ์žˆ๋‹ค.

์ฐธ๊ณ 

PreviousDjango Model PackageNextREST framework

Last updated