My solution thanks to Graham:
<Location /dirname>
SSLVerifyClient none
SSLOptions +FakeBasicAuth
SSLRequireSSL
AuthName "name Authentication"
AuthType Basic
AuthUserFile /etc/httpd/stuff.passwd
require valid-user
RequestHeader set X-Url-Scheme https
</Location>
ProxyPass /dirname http://django.test/dirname
ProxyPassReverse /dirname http://django.test/dirname
On django.test I added this :
SetEnvIf X-Url-Scheme https HTTPS=1
after
WSGIScriptAlias /dirname /path_to_wsgi_script/django.wsgi
Use method described in:
http://code.google.com/p/modwsgi/wiki/ConfigurationGuidelines#The_Apache_Alias_Directive
Thus have DocumentRoot setup as normal for static files and php files etc. Then add:
AddHandler wsgi-script .wsgi
to Directory block for DocumentRoot, or globally for server.
You will though need to have:
Options ExecCGI
enabled for DocumentRoot now if you don't already.
Then also add:
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ /site.wsgi/$1 [QSA,PT,L]
where site.wsgi is in DocumentRoot and is the WSGI script file which maps to your Django application.
In Django WSGI script file change it to use:
import django.core.handlers.wsgi
_application = django.core.handlers.wsgi.WSGIHandler()
import posixpath
def application(environ, start_response):
# Wrapper to set SCRIPT_NAME to actual mount point.
environ['SCRIPT_NAME'] = posixpath.dirname(environ['SCRIPT_NAME'])
if environ['SCRIPT_NAME'] == '/':
environ['SCRIPT_NAME'] = ''
return _application(environ, start_response)
That should be it.
Any request that maps to an actual file based resource under DocumentRoot, be it static file or php file, including as setup by DirectoryIndex, eg., index.php, will be handled normally. Any other URL which would otherwise result in 404, will instead be routed into the Django application.
The /johnfreep and /pages/john would have to have corresponding URL as if mounted at root, in the urls.py file.
If Django doesn't know what to do with a URL, then Django will return 404.
Read the wiki document for more information.
Best Answer
Writing the question made me think about how it works, so I then worked out the answer. As I could not find an answer to what must be a common issue I thought I'd post what I have found.
There are other solutions, E.g. certbot-django and django-letsencrypt but both are fare more hastle than just letting the stock certbot handle it.
The --apache certbot handler places it's files in /var/lib/letsencrypt/http_challenges, so all that is required is to have Apache handle those files in the same way as the docs recommend for static files.