Hi Graham,
It has been a few days since I installed your modwsgi update with the knob
for —ssl-certificate-chain-file some/path/file.crt.
Today, I needed to run "python manage.py collectstatic" and I encountered
this error that I hadn't encountered earlier. I get the same error with any
python manage.py xxx command.
I've looked at similar issues reported on StackOverflow but those answers
did not work/apply in my case.
(vishwaas_env)[syt_admin@VM1 vishwaas_django]$ python manage.py
collectstatic
Traceback (most recent call last):
File "manage.py", line 12, in <module>
execute_from_command_line(sys.argv)
File
"/home/syt_admin/.virtualenvs/vishwaas_env/lib/python2.7/site-packages/django/core/management/__init__.py",
line 354, in execute_from_command_line
utility.execute()
File
"/home/syt_admin/.virtualenvs/vishwaas_env/lib/python2.7/site-packages/django/core/management/__init__.py",
line 346, in execute
self.fetch_command(subcommand).run_from_argv(self.argv)
File
"/home/syt_admin/.virtualenvs/vishwaas_env/lib/python2.7/site-packages/django/core/management/__init__.py",
line 182, in fetch_command
settings.INSTALLED_APPS
File
"/home/syt_admin/.virtualenvs/vishwaas_env/lib/python2.7/site-packages/django/conf/__init__.py",
line 48, in __getattr__
self._setup(name)
File
"/home/syt_admin/.virtualenvs/vishwaas_env/lib/python2.7/site-packages/django/conf/__init__.py",
line 44, in _setup
self._wrapped = Settings(settings_module)
File
"/home/syt_admin/.virtualenvs/vishwaas_env/lib/python2.7/site-packages/django/conf/__init__.py",
line 92, in __init__
mod = importlib.import_module(self.SETTINGS_MODULE)
File "/usr/local/lib/python2.7/importlib/__init__.py", line 37, in
import_module
__import__(name)
File
"/home/syt_admin/projects/vishwaas/vishwaas_django/vishwaas_django/settings/production.py",
line 19, in <module>
SECRET_KEY = get_secret('SECRET_KEY')
File
"/home/syt_admin/projects/vishwaas/vishwaas_django/vishwaas_django/settings/production.py",
line 17, in get_secret
raise ImproperlyConfigured(error_msg)
django.core.exceptions.ImproperlyConfigured: Set the SECRET_KEY environment
variable
Note that launching Django using the Apache script generated by modwsgi
works fine and I am able launch and connect to the website.
*However, I do notice that my Django logging file is now written in the
server-root directory instead of in the django project directory as it was
earlier. *They are different directories at the same level of nesting.
Here's what I had used to generate the httpd.conf:
(vishwaas_env)[syt_admin@VM1 www-https]$ mod_wsgi-express setup-server
../vishwaas_django/vishwaas_django/wsgi.py --user apache --group apache
--server-root=/home/syt_admin/projects/vishwaas/www-https --https-port 443
--port 80 --server-name www.xyz.in --ssl-certificate-file
startssl-certs/2_www.xyz.in.crt --ssl-certificate-key-file
startssl-certs/server.key *--ssl-certificate-chain-file
startssl-certs/1_root_bundle.crt* --url-alias
/static/home/syt_admin/projects/vishwaas/vishwaas_django/collected_static
*wsgi.py has the following contents:*
import os, sys
sys.path.append('/home/syt_admin/projects/vishwaas/vishwaas_django')
os.environ['DJANGO_SETTINGS_MODULE'] = "vishwaas_django.settings.production"
*manage.py has the following contents:*
import os
import sys
if __name__ == "__main__":
os.environ.setdefault("DJANGO_SETTINGS_MODULE",
"vishwaas_django.settings.production")
from django.core.management import execute_from_command_line
execute_from_command_line(sys.argv)
*production.py has the following contents (relevant snippet):*
from .base import *
import json
from django.core.exceptions import ImproperlyConfigured
# JSON-based secrets module located at same level as manage.py
with open(root("secrets.json")) as f:
secrets = json.loads(f.read())
def get_secret(setting, secrets=secrets):
"""Get the secret variable or return explicit exception."""
try:
return secrets[setting]
except KeyError:
error_msg = "Set the {0} environment variable".format(setting)
raise ImproperlyConfigured(error_msg)
SECRET_KEY = get_secret('SECRET_KEY')
*where root is defined in settings/base.py as:*
here = lambda *dirs: join(abspath(dirname(__file__)), *dirs)
BASE_DIR = here("..", "..")
root = lambda *dirs: join(abspath(BASE_DIR), *dirs)
Any idea what could have gone wrong?
Regards,
Tanuka
On Mon, Feb 22, 2016 at 4:27 PM, Graham Dumpleton <
[email protected]> wrote:
>
> On 22 Feb 2016, at 9:55 PM, Tanuka Dutta <[email protected]> wrote:
>
> Hi Graham,
>
> It works fine!
>
> The generated http.conf has sections like this that repeat for different
> VirtualHosts:
>
> <VirtualHost _default_:443>
> <Location />
> Order deny,allow
> Deny from all
> <IfDefine MOD_WSGI_ALLOW_LOCALHOST>
> Allow from localhost
> </IfDefine>
> </Location>
> SSLEngine On
> SSLCertificateFile
> /home/syt_admin/projects/vishwaas/www-https/startssl-certs/server.crt
> SSLCertificateKeyFile
> /home/syt_admin/projects/vishwaas/www-https/startssl-certs/server.key
> <IfDefine MOD_WSGI_VERIFY_CLIENT>
> SSLCACertificateFile None
> SSLVerifyClient none
> </IfDefine>
> <IfDefine MOD_WSGI_CERTIFICATE_CHAIN>
> *SSLCertificateChainFile
> /home/syt_admin/projects/vishwaas/www-https/startssl-certs/1_root_bundle.crt*
> </IfDefine>
> </VirtualHost>
>
>
> I am able to connect to the website using Chrome or IE on my Windows 8
> laptop and also using Chrome on Android 5.1.1 - all browsers show the
> secure padlock icon.
>
> I can also connect to the server using my Android app for the application.
>
> Thanks so much! Will this become part of an official release that I can
> download later?
>
>
> Yes, it will be in the next release.
>
> Right now the only change in that develop version I had you install
> relative to last released version is this specific change, so there should
> be no unexpected issues and should be safe to use for now.
>
> Graham
>
> Regards,
> Tanuka
>
>
>
>
>
>
> On Mon, Feb 22, 2016 at 4:10 PM, Graham Dumpleton <
> [email protected]> wrote:
>
>> Quickly hacked it in while listening in to meeting. :-)
>>
>> Can you try:
>>
>> pip install -U
>> https://github.com/GrahamDumpleton/mod_wsgi/archive/develop.zip
>>
>> Then add the extra option:
>>
>> —ssl-certificate-chain-file some/path/file.crt
>>
>> Tell me if that works and if does will add change note. Otherwise tell me
>> how it fails with further clues for how generated httpd.conf should be set
>> up.
>>
>> Thanks.
>>
>> Graham
>>
>> On 22 Feb 2016, at 9:26 PM, Tanuka Dutta <[email protected]> wrote:
>>
>> > Is it replacing the SSLCertificateFile line or adding to it?
>>
>> Adding to it.
>>
>> - Tanuka
>>
>> On Mon, Feb 22, 2016 at 3:43 PM, Graham Dumpleton <
>> [email protected]> wrote:
>>
>>> Is it replacing the SSLCertificateFile line or adding to it?
>>>
>>> On 22 Feb 2016, at 9:11 PM, Tanuka Dutta <[email protected]> wrote:
>>>
>>> A follow-on question:
>>>
>>> I was encountering issues with Chrome browser on Android 5.1.1 trying to
>>> connect to my website. The browser was flagging it as not secure. It turned
>>> out that my certificate chain was not properly installed on Apache. (My
>>> certificate was obtained from https://www.startssl.com/)
>>>
>>> If I explicitly add this line in the httpd.conf where ever
>>> SSLCertificateFile is configured:
>>>
>>> SSLCertificateChainFile
>>> /home/syt_admin/projects/vishwaas/www-https/startssl-certs/1_root_bundle.crt
>>>
>>> (I am using Apache version 2.2.15)
>>>
>>> then Android does not flag any issue and the browser shows the secure
>>> padlock icon.
>>>
>>> But how do I provide this option via mod_wsgi-express setup-server ? I
>>> didn't see anything under mod_wsgi-express --help.
>>>
>>> Regards,
>>> Tanuka
>>>
>>>
>>> On Mon, Feb 22, 2016 at 9:37 AM, Tanuka Dutta <[email protected]>
>>> wrote:
>>>
>>>> Thanks, Graham!
>>>>
>>>> Adding the --url-alias option worked perfectly.
>>>>
>>>> Also, I went over my old notes and realized that I had in fact executed
>>>> "python manage.py runmodwsgi --setup-only" after having played around with
>>>> the "mod_wsgi-express setup-server" command. So that explains the mystery
>>>> of why it had worked in the past.
>>>>
>>>> Is there a recommendation of which command to use?
>>>>
>>>> Thanks for this great piece of infrastructure!!
>>>>
>>>> Regards,
>>>> Tanuka
>>>>
>>>>
>>>>
>>>> On Saturday, 20 February 2016 06:11:21 UTC+5:30, Graham Dumpleton wrote:
>>>>>
>>>>>
>>>>> On 19 Feb 2016, at 9:31 PM, Tanuka Dutta <[email protected]> wrote:
>>>>>
>>>>> Hello,
>>>>>
>>>>> I have a CentOS 6.7 installation on a VM, and am running Django 1.8.8
>>>>> over Apache 2.2.15 using mod_wsgi version 4.4.21 (that I had compiled from
>>>>> source using Python 2.7.8 in a virtualenv).
>>>>>
>>>>> I've used mod_wsgi-express to generate the Apache scripts (it's
>>>>> extremely helpful!) and it works fine for http. I am able to connect to
>>>>> the
>>>>> website over http and view all the images on the site.
>>>>>
>>>>> The commands used were:
>>>>>
>>>>> (vishwaas_env)[syt_admin@VM1 www]$ mod_wsgi-express setup-server
>>>>> /home/syt_admin/projects/vishwaas/vishwaas_django/vishwaas_django/wsgi.py
>>>>> --host=0.0.0.0 --port=80 --user apache --group apache
>>>>> --server-root=/home/syt_admin/projects/vishwaas/www
>>>>>
>>>>> (vishwaas_env)[syt_admin@VM1 www]$ sudo ./apachectl start
>>>>>
>>>>> However, when I try to do the same for https (I followed instructions
>>>>> at https://gist.github.com/GrahamDumpleton/b79d336569054882679e, but
>>>>> left out the client authentication bit).
>>>>>
>>>>> (vishwaas_env)[syt_admin@VM1 www-https]$ mod_wsgi-express
>>>>> setup-server ../vishwaas_django/vishwaas_django/wsgi.py --user apache
>>>>> --group apache --server-root=/home/syt_admin/projects/vishwaas/www-https
>>>>> --https-port 443 --port 80 --https-only --server-name www.xyz.in
>>>>> --ssl-certificate-file
>>>>> ssl-certs/server.crt --ssl-certificate-key-file ssl-certs/server.key
>>>>>
>>>>> the http.conf file that is generated does not have the Alias 'static'
>>>>> directive. As I result, I can connect to the website but not view any
>>>>> images.
>>>>>
>>>>> If I insert the missing lines (copied over from the http.conf
>>>>> generated earlier):
>>>>>
>>>>> Alias '/static'
>>>>> '/home/syt_admin/projects/vishwaas/vishwaas_django/collected_static'
>>>>>
>>>>> <Directory
>>>>> '/home/syt_admin/projects/vishwaas/vishwaas_django/collected_static'>
>>>>> Order allow,deny
>>>>> Allow from all
>>>>> </Directory>
>>>>>
>>>>> then I can see the static files on the website.
>>>>>
>>>>> Is this a bug in mod_wsgi-express or am I doing something wrong?
>>>>>
>>>>>
>>>>> You would only get a Alias directive for /static if you had used the
>>>>> option:
>>>>>
>>>>> —url-alias
>>>>> /static /home/syt_admin/projects/vishwaas/vishwaas_django/collected_static
>>>>>
>>>>> I can’t see that you have used that in what you ran.
>>>>>
>>>>> The /static Alias would only be generated automatically if you were
>>>>> using the Django management command integration so you could run ‘python
>>>>> manage.py runmodwsgi', which you aren’t.
>>>>>
>>>>> Graham
>>>>>
>>>>>
>>>> --
>>>> You received this message because you are subscribed to a topic in the
>>>> Google Groups "modwsgi" group.
>>>> To unsubscribe from this topic, visit
>>>> https://groups.google.com/d/topic/modwsgi/1Aad8DeGUjo/unsubscribe.
>>>> To unsubscribe from this group and all its topics, send an email to
>>>> [email protected].
>>>> To post to this group, send email to [email protected].
>>>> Visit this group at https://groups.google.com/group/modwsgi.
>>>> For more options, visit https://groups.google.com/d/optout.
>>>>
>>>
>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "modwsgi" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to [email protected].
>>> To post to this group, send email to [email protected].
>>> Visit this group at https://groups.google.com/group/modwsgi.
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>>
>>>
>>> --
>>> You received this message because you are subscribed to a topic in the
>>> Google Groups "modwsgi" group.
>>> To unsubscribe from this topic, visit
>>> https://groups.google.com/d/topic/modwsgi/1Aad8DeGUjo/unsubscribe.
>>> To unsubscribe from this group and all its topics, send an email to
>>> [email protected].
>>> To post to this group, send email to [email protected].
>>> Visit this group at https://groups.google.com/group/modwsgi.
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "modwsgi" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to [email protected].
>> To post to this group, send email to [email protected].
>> Visit this group at https://groups.google.com/group/modwsgi.
>> For more options, visit https://groups.google.com/d/optout.
>>
>>
>>
>> --
>> You received this message because you are subscribed to a topic in the
>> Google Groups "modwsgi" group.
>> To unsubscribe from this topic, visit
>> https://groups.google.com/d/topic/modwsgi/1Aad8DeGUjo/unsubscribe.
>> To unsubscribe from this group and all its topics, send an email to
>> [email protected].
>> To post to this group, send email to [email protected].
>> Visit this group at https://groups.google.com/group/modwsgi.
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "modwsgi" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> To post to this group, send email to [email protected].
> Visit this group at https://groups.google.com/group/modwsgi.
> For more options, visit https://groups.google.com/d/optout.
>
>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "modwsgi" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/modwsgi/1Aad8DeGUjo/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> [email protected].
> To post to this group, send email to [email protected].
> Visit this group at https://groups.google.com/group/modwsgi.
> For more options, visit https://groups.google.com/d/optout.
>
--
You received this message because you are subscribed to the Google Groups
"modwsgi" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/group/modwsgi.
For more options, visit https://groups.google.com/d/optout.
