Reputation: 33
I am trying to restrict a Google Apps API Python client to HTTPS, using Flask-RESTful and mod_wsgi. The API itself appears to work, but I am running into errors when I point web browsers to the HTTPS url.
I'm fairly new to Python, Flask, and mod_wsgi, but I have the following pared-down example code:
/home/myself/testgoogle/testgoogle.py
#!/usr/local/bin/python
import json
import os
import sys
from DirectoryServiceObject import DirectoryServiceObject
from flask import Flask, request
from flask.ext.restful import abort, Api, Resource
from apiclient import errors
from apiclient.discovery import build
directory_service_object = DirectoryServiceObject().service_object
app = Flask( __name__ )
app.debug = True
api = Api( app )
class OrgUnitsList( Resource ):
def get( self ):
all_org_units = {}
params = { "customerId": "my_customer" }
try:
all_org_units = directory_service_object.orgunits().list( **params ).execute()
except errors.HttpError, e:
error = json.loads(e.content)
return error
return all_org_units
api.add_resource( OrgUnitsList, "/orgunitslist" )
if __name__ == "__main__":
app.run( host="secured.example.com", port=5001 )
/home/myself/testgoogle/testgoogle.wsgi
import sys
sys.path.insert( 0, "/home/myself/testgoogle" )
from testgoogle import app as application
/path/to/apache/ssl.conf
<VirtualHost 256.256.256.256:5001>
ServerName secured.example.com:5001
WSGIScriptAlias / /home/myself/testgoogle/testgoogle.wsgi
ErrorLog /home/myself/error.log
LogLevel warn
CustomLog /home/myself/access.log combined
<Directory /home/myself/testgoogle>
WSGIProcessGroup testgoogle
WSGIApplicationGroup %{GLOBAL}
Order deny,allow
Allow from all
</Directory>
</VirtualHost>
When I point my web browser to https://secured.example.com:5001/orgunitslist
to get a list of my Google domain's organization units, I have the error "can't connect to the server 'secured.example.com'".
If I first run "python testgoogle.py" the API starts, but using the web browser ends up with "code 400, message Bad request syntax", and the browser hangs. I am assuming it is because the script is expecting HTTP. Of course, as expected going to the same URL using HTTP works, and I get a list of the org units.
What am I missing? What else do I need, or need to do differently, in order to restrict API calls to HTTPS?
Upvotes: 1
Views: 2259
Reputation: 33
I appear to have fixed the issue by making the following changes:
from TestGoogleClient import app as application
.For some reason, having both .wsgi and .py files with the same name seemed to give me "app not found" errors.
I also modified my Apache config:
Listen 256.256.256.256:5001
and WSGISocketPrefix /var/run/wsgi
outside of the <VirtualHost>
section.<VirtualHost>
:
SSLEngine on
SSLCertificateFile /path/to/my/cert
SSLCertificateKeyFile /path/to/my/key
WSGIDaemonProcess TestGoogleClient python-path=/path/to/python/site-packages
WSGIProcessGroup TestGoogleClient
WSGIScriptAlias / /home/myself/testgoogle/TestGoogleWsgi.wsgi
And to top everything off, I needed my System Administrators to allow my app through the firewall.
Upvotes: 2