I was getting a bunch of annoying warnings with the devpi index, so I decided to add SSL.
I don’t think it was worth it, because the config is a lot harder. Also, I’ve migrated the entire provisioning to Ansible, so this is just a fragment to add on. You will need to find another howto that explains setting up an HTTPS server. Make a self-signed certificate, enable the mod_ssl apache module, and replace devpi.conf with:
<VirtualHost 192.168.111.19:80>
ServerName devpi.hif.lo
ServerAdmin webmaster@localhost
DocumentRoot /var/www
ErrorLog /var/log/apache2/error.log
CustomLog /var/log/apache2/access.log combined
RequestHeader set X-outside-url "http://192.168.111.19"
RequestHeader set X-Real-IP "192.168.111.19"
ProxyPass / "http://localhost:4040/"
ProxyPassReverse / "http://localhost:4040/"
<Directory /var/www>
Options +Includes
</Directory>
</VirtualHost>
<VirtualHost 192.168.111.19:443>
ServerName devpi.hif.lo
SSLEngine on
SSLCertificateFile "/etc/ssl/devpi.hif.lo/devpi.hif.lo.pem"
SSLCertificateKeyFile "/etc/ssl/devpi.hif.lo/devpi.hif.lo.key"
ServerAdmin webmaster@localhost
DocumentRoot /var/www
ErrorLog /var/log/apache2/error.log
CustomLog /var/log/apache2/access.log combined
RequestHeader set X-outside-url "https://192.168.111.19"
RequestHeader set X-Real-IP "192.168.111.19"
ProxyPass / "http://localhost:4040/"
ProxyPassReverse / "http://localhost:4040/"
<Directory /var/www>
Options +Includes
</Directory>
</VirtualHost>
Put the cert and key into the indicated files, and restart the server.
Now you need to modify your ~/.pip/pip.conf or pip.conf in your virtualenv.
[global]
index-url = https://devpi.hif.lo/root/pypi/+simple/
trusted-host = devpi.hif.lo
[search]
index = https://devpi.hif.lo/root/pypi/
trusted-host = devpi.hif.lo
[easy_install]
index_url = http://devpi.hif.lo/root/pypi/+simple/
The “trusted-host” parameter prevents an error that’s raised because the certificate is self-signed.