How to use SSL with Django app (deployed using mod_wsgi and virtualenv)

Question

Disclaimer: I don't really know what I'm doing, so I may have phrased things wrong. I've also never asked/answered a question on here before!

I have a Django app running on Apache that I deployed using mod_wsgi and virtualenv. I want some parts of the app to use SSL, however when I install the SSL certificate, the https URL goes to the index.html file from my public_html folder instead of the app (which is outside of public_html)

For example, visit https://tradekandi.com. That URL is just a basic HTML file: public_html/index.html Then visit http://tradekandi.com. That's my Django page (in maintenance mode).

I've searched stackoverflow and Google all day. I've tried removing the documentroot from the virtual hosts file but that did nothing. I tried adding a SetEnvIf X-Forwarded-Proto https HTTPS=1 line to it but that did nothing either.

My virtual hosts file has these lines in it:

SSLEngine on 
SSLCertificateFile /etc/ssl/certs/tradekandi.com.crt
SSLCertificateKeyFile /etc/ssl/private/tradekandi.com.key
SSLCACertificateFile /etc/ssl/certs/tradekandi.com.cabundle

Whenever I make any changes, I restart apache and "touch" the app's wsgi file.

How can I make the https URL load the Django app? Any help would be much appreciated. Thank you.

More of httpd configuration:

<VirtualHost 69.65.42.153:80>
ServerName tradekandi.com
ServerAlias www.tradekandi.com
DocumentRoot /home/trade/public_html
ServerAdmin [email protected]
UseCanonicalName Off
CustomLog /usr/local/apache/domlogs/tradekandi.com combined
CustomLog /usr/local/apache/domlogs/tradekandi.com-bytes_log "%{%s}t %I .\n%{%s}t %O ."
## User trade # Needed for Cpanel::ApacheConf
<IfModule mod_suphp.c>
    suPHP_UserGroup trade trade
</IfModule>
<IfModule !mod_disable_suexec.c>
    SuexecUserGroup trade trade
</IfModule>
ScriptAlias /cgi-bin/ /home/trade/public_html/cgi-bin/

Include "/usr/local/apache/conf/userdata/*.conf"  
Include "/usr/local/apache/conf/userdata/*.owner-root" 
Include "/usr/local/apache/conf/userdata/std/*.conf" 
Include "/usr/local/apache/conf/userdata/std/*.owner-root" 
Include "/usr/local/apache/conf/userdata/std/2/*.conf" 
Include "/usr/local/apache/conf/userdata/std/2/*.owner-root" 
Include "/usr/local/apache/conf/userdata/std/2/trade/*.conf"  
Include "/usr/local/apache/conf/userdata/std/2/trade/tradekandi.com/*.conf"

</VirtualHost>

<VirtualHost 69.65.42.153:443>
ServerName tradekandi.com
ServerAlias www.tradekandi.com
DocumentRoot /home/trade/public_html
ServerAdmin [email protected]
UseCanonicalName Off
CustomLog /usr/local/apache/domlogs/tradekandi.com combined
CustomLog /usr/local/apache/domlogs/tradekandi.com-bytes_log "%{%s}t %I .\n%{%s}t %O ."
## User nobody # Needed for Cpanel::ApacheConf
<IfModule mod_suphp.c>
    suPHP_UserGroup nobody nobody
</IfModule>
ScriptAlias /cgi-bin/ /home/trade/public_html/cgi-bin/
SSLEngine on

SSLCertificateFile /etc/ssl/certs/tradekandi.com.crt
SSLCertificateKeyFile /etc/ssl/private/tradekandi.com.key
SSLCACertificateFile /etc/ssl/certs/tradekandi.com.cabundle
CustomLog /usr/local/apache/domlogs/tradekandi.com-ssl_log combined
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
<Directory "/home/trade/public_html/cgi-bin">
    SSLOptions +StdEnvVars
</Directory>
Include "/usr/local/apache/conf/userdata/*.conf"
</VirtualHost>

If it's relevant, this is a dedicated server running CentOS & I am also using it to host one PHP-based site.

Wsgi file:

import os
import sys
sys.stdout = sys.stderr

from os.path import abspath, dirname, join
from site import addsitedir
sys.path.append('/home/trade/sites/tradekandi.com.env/lib/python2.7/site-packages')
sys.path.insert(0, abspath(join(dirname(__file__), "../../")))

from django.conf import settings
os.environ["DJANGO_SETTINGS_MODULE"] = "trade.settings"

sys.path.insert(0, join(settings.PROJECT_ROOT, "apps"))

from django.core.handlers.wsgi import WSGIHandler
application = WSGIHandler()

extra.conf with mod_wsgi directives:

Alias /static/ /home/trade/public_html/static/

<Directory /home/trade/public_html/static>
Order deny,allow
Allow from all
</Directory>

WSGIDaemonProcess trade python-path=/home/trade/sites/tradekandi.com.env/lib/python2.7/site-packages
WSGIProcessGroup trade

WSGIScriptAlias / /home/trade/sites/tradekandi.com.env/site/trade/deploy/pinax.wsgi

<Directory /home/trade/sites/tradekandi.com.env/site/trade/deploy>
Order deny,allow
Allow from all
</Directory>

Answer 1

Answering my own question for the benefit of anyone who may come across this:

I added the following lines:

WSGIProcessGroup tradek

WSGIScriptAlias / /home/trade/sites/tradekandi.com.env/site/trade/deploy/pinax.wsgi

to a .conf file located in /usr/local/apache/conf/userdata/ssl/2/trade/tradekandi.com, then used the command /scripts/ensure_vhost_includes --user=trade

(I also happened to change the ProcessGroup name)

Seems to have done the trick, although now I need to get rid of the insecure elements on the page! Thanks to Graham, because it was one of your answers to someone else that helped me figure this out.