You will need only one machine of your choice to complete this assignment. Ensure that you have Apache 2 installed together with wsgi module. The modules for serving user directory contents, rewriting URLs and setting up SSL should come with Apache by default.

Shut down any other web servers that you might be running on your virtual machine.

Set up SSH port forwarding for HTTP and HTTPS so that you can test the server on your local machine (loopback) with your favourite web browser. You should also forward port 8000 (used by Django's internal server).

ssh -L :8080:localhost:80 -L :8443:localhost:443 -L :8000:localhost:8000 -p [port] labrat@farm1.niksula.hut.fi

1.1	In the above command ":8080:localhost:80" where is the 'localhost' resolved?	0.5p
1.2	What do the ports '8080' and '8443' refer to? Whats the idea?	0.5p
1.3	How is it possible to do multiple port forwards with a single SSH connection?	0.5p

2. Serve pages using an application framework (Django)

Check that Django (1.4) and Python 2.7 are installed. Install Django with pip rather than apt-get so you get the correct version. Note: you are allowed to do this assignment with a framework other than Django but assistants won't give any help and the example application (which is written in Python) probably won't work without serious modifications.

Start new Django project in your home directory. You can name it whatever you want (e.g. mysite)
Launch Django's internal development server. A test page will appear at localhost:8000 (you can specify some other port but remember not to use 80 or 443 because Apache already listens to them)

Next, modify your project's settings:

Enable sqlite3 as database engine and choose a file name for your project's database
Enable admin application and set admin interface appear at the url /admin
Sync database and create an admin user.
Note! You may encounter "ValueError: unknown locale: UTF-8", fix it with command export LC_ALL=en_US.UTF-8 prior to syncdb
Test admin interface at localhost:8000/admin

Next, install application helloapp, which you can download from Material-section of this page, unzip and place the helloapp folder in your Django project folder. Do the following modifications to your project:

Modify urls so that (helloapp's views.py will give hints where to point)

helloapp's index is found at url /hello/

details of a hellotext is found at /hello/hello_id/

page informing about a newly received hellotext is at /hello/newmsg/

Remember to add helloapp's template directory (helloapp/templates) to the project settings
Test at localhost:8000/hello

2.1	Provide a working solution (both helloapp and admin interface work)	3p
2.2	Why are we using sqlite in this exercise? Is it a good database backend for a "real" web service?	1p
2.3	What's the difference between the templates and static files?	1p

3. Configuring SSL

Start by creating a 2048-bit key for the server. Then create a certificate that matches to the key. Configure Apache to use this certificate for HTTPS traffic. Set up again another SSH port forwarding to test HTTPS using loopback.

Note: Taking a shortcut with CA.pl is not accepted, you need to understand the process! Only a few commands are needed, though. Also, do not use a private key with a passphrase, because it messes up the VM boot scripts (you can't reboot your VM).

3.1	Provide and explain your solution.	1p
3.2	What information can a certificate include? What is necessary for it to work in the context of a web server?	1p
3.3	What do PKI and requesting a certificate mean?	1p

4. Enforcing HTTPS

Create a subdirectory called "secure_secrets" to public_html directory of the "labrat" user. Use the userdir module to serve public_html from users' home directories.

Enforce access to this directory with HTTPS by using mod_rewrite and .htaccess, so that apache forwards "http://localhost/~labrat/secure_secrets" to "https://localhost/~labrat/secure_secrets". Please note that this is a bit more complicated to test with the ssh forwarding, so just test it locally with lynx or netcat at the virtual machine. If your demo requires, you may hard-code your port numbers to the forwarding rules.

4.1	Provide and explain your solution.	2p
4.2	What is HSTS?	1p

5. Serve Django on Apache

Your task is to move your Django project (assignment 2) to production use, that is to configure Apache to serve it using the wsgi module. First check that mod-wsgi is enabled.

Configure Apache and your project to serve static files under url /static/
Make sure the user that runs Apache (www-data) has access to your project's files
Remember to restart Apache

5.1	Provide a working solution (1p) with correctly displayed UI (1p)	2p
5.2	What is REST? What do HTTP methods GET and POST have to do with it?	1p
5.3	Can the helloapp example be considered as RESTful?	1p
5.4	What kind of representation (formats) would be preferred if we want to create a machine-readable REST API?	1p

6. Additional questions

6.1	When to use .htaccess? In contrast, when not to use it?	1p
6.2	Are there other application frameworks for web services than Django?	1p

Helloapp

Django application for assingments 2 & 5 (updated Oct 3rd, removed unnecessary files)