Hi Graham,
> The log file from Apache would always be in the server root directory
unless you had used the --log-directory option to indicate a different
directory that it should be written to
I don't mean the Apache error_log. It is the Django LOGGING feature that
I'm using and the associated log file used to be written in the Django
project directory before this. Now it is written inside my server-root. Is
that expected ?
> So this suggests your secrets.json file doesn’t contain a SECRET_KEY. Is
it definitely in there?
Yes, it is :-) I haven't touched the contents of that file.
> Have you tried logging the path for the secrets.json file calculated by
root("secrets.json”)? Have you logged what the file contents were when
read? Is the format of the file correct?
I added a print statement inside production.py to display this. The path
computed by root("secrets.json") is correct.
However, one clue is that this line is printed twice. What would cause the
settings file production.py to be loaded twice??
$python manage.py collectstatic
*Path to secrets file
/home/syt_admin/projects/vishwaas/vishwaas_django/secrets.json*
*Path to secrets file
/home/syt_admin/projects/vishwaas/vishwaas_django/secrets.json*
Traceback (most recent call last):
File "manage.py", line 10, in <module>
execute_from_command_line(sys.argv)
File
"/home/syt_admin/.virtualenvs/vishwaas_env/lib/python2.7/site-packages/django/core/management/__init__.py",
line 354, in execute_from_command_line
utility.execute()
File
"/home/syt_admin/.virtualenvs/vishwaas_env/lib/python2.7/site-packages/django/core/management/__init__.py",
line 346, in execute
self.fetch_command(subcommand).run_from_argv(self.argv)
File
"/home/syt_admin/.virtualenvs/vishwaas_env/lib/python2.7/site-packages/django/core/management/__init__.py",
line 182, in fetch_command
settings.INSTALLED_APPS
File
"/home/syt_admin/.virtualenvs/vishwaas_env/lib/python2.7/site-packages/django/conf/__init__.py",
line 48, in __getattr__
self._setup(name)
File
"/home/syt_admin/.virtualenvs/vishwaas_env/lib/python2.7/site-packages/django/conf/__init__.py",
line 44, in _setup
self._wrapped = Settings(settings_module)
File
"/home/syt_admin/.virtualenvs/vishwaas_env/lib/python2.7/site-packages/django/conf/__init__.py",
line 92, in __init__
mod = importlib.import_module(self.SETTINGS_MODULE)
File "/usr/local/lib/python2.7/importlib/__init__.py", line 37, in
import_module
__import__(name)
File
"/home/syt_admin/projects/vishwaas/vishwaas_django/vishwaas_django/settings/production.py",
line 22, in <module>
SECRET_KEY = get_secret("SECRET_KEY")
File
"/home/syt_admin/projects/vishwaas/vishwaas_django/vishwaas_django/settings/production.py",
line 20, in get_secret
raise ImproperlyConfigured(error_msg)
django.core.exceptions.ImproperlyConfigured: Set the SECRET_KEY environment
variable
Regards,
Tanuka
On Wed, Mar 2, 2016 at 3:18 PM, Graham Dumpleton <[email protected]
> wrote:
>
> On 2 Mar 2016, at 7:56 PM, Tanuka Dutta <[email protected]> wrote:
>
> Hi Graham,
>
> It has been a few days since I installed your modwsgi update with the knob
> for —ssl-certificate-chain-file some/path/file.crt.
>
> Today, I needed to run "python manage.py collectstatic" and I encountered
> this error that I hadn't encountered earlier. I get the same error with any
> python manage.py xxx command.
>
> I've looked at similar issues reported on StackOverflow but those answers
> did not work/apply in my case.
>
> (vishwaas_env)[syt_admin@VM1 vishwaas_django]$ python manage.py
> collectstatic
>
> Traceback (most recent call last):
> File "manage.py", line 12, in <module>
> execute_from_command_line(sys.argv)
> File
> "/home/syt_admin/.virtualenvs/vishwaas_env/lib/python2.7/site-packages/django/core/management/__init__.py",
> line 354, in execute_from_command_line
> utility.execute()
> File
> "/home/syt_admin/.virtualenvs/vishwaas_env/lib/python2.7/site-packages/django/core/management/__init__.py",
> line 346, in execute
> self.fetch_command(subcommand).run_from_argv(self.argv)
> File
> "/home/syt_admin/.virtualenvs/vishwaas_env/lib/python2.7/site-packages/django/core/management/__init__.py",
> line 182, in fetch_command
> settings.INSTALLED_APPS
> File
> "/home/syt_admin/.virtualenvs/vishwaas_env/lib/python2.7/site-packages/django/conf/__init__.py",
> line 48, in __getattr__
> self._setup(name)
> File
> "/home/syt_admin/.virtualenvs/vishwaas_env/lib/python2.7/site-packages/django/conf/__init__.py",
> line 44, in _setup
> self._wrapped = Settings(settings_module)
> File
> "/home/syt_admin/.virtualenvs/vishwaas_env/lib/python2.7/site-packages/django/conf/__init__.py",
> line 92, in __init__
> mod = importlib.import_module(self.SETTINGS_MODULE)
> File "/usr/local/lib/python2.7/importlib/__init__.py", line 37, in
> import_module
> __import__(name)
> File
> "/home/syt_admin/projects/vishwaas/vishwaas_django/vishwaas_django/settings/production.py",
> line 19, in <module>
> SECRET_KEY = get_secret('SECRET_KEY')
> File
> "/home/syt_admin/projects/vishwaas/vishwaas_django/vishwaas_django/settings/production.py",
> line 17, in get_secret
> raise ImproperlyConfigured(error_msg)
> django.core.exceptions.ImproperlyConfigured: Set the SECRET_KEY
> environment variable
>
>
> Note that launching Django using the Apache script generated by modwsgi
> works fine and I am able launch and connect to the website.
> *However, I do notice that my Django logging file is now written in the
> server-root directory instead of in the django project directory as it was
> earlier. *They are different directories at the same level of nesting.
>
>
> The log file from Apache would always be in the server root directory
> unless you had used the --log-directory option to indicate a different
> directory that it should be written to.
>
> Here's what I had used to generate the httpd.conf:
>
> (vishwaas_env)[syt_admin@VM1 www-https]$ mod_wsgi-express setup-server
> ../vishwaas_django/vishwaas_django/wsgi.py --user apache --group apache
> --server-root=/home/syt_admin/projects/vishwaas/www-https --https-port 443
> --port 80 --server-name www.xyz.in --ssl-certificate-file
> startssl-certs/2_www.xyz.in.crt --ssl-certificate-key-file
> startssl-certs/server.key *--ssl-certificate-chain-file
> startssl-certs/1_root_bundle.crt* --url-alias
> /static/home/syt_admin/projects/vishwaas/vishwaas_django/collected_static
>
> *wsgi.py has the following contents:*
>
> import os, sys
> sys.path.append('/home/syt_admin/projects/vishwaas/vishwaas_django')
> os.environ['DJANGO_SETTINGS_MODULE'] =
> "vishwaas_django.settings.production"
>
>
> *manage.py has the following contents:*
>
> import os
> import sys
>
> if __name__ == "__main__":
> os.environ.setdefault("DJANGO_SETTINGS_MODULE",
> "vishwaas_django.settings.production")
>
> from django.core.management import execute_from_command_line
>
> execute_from_command_line(sys.argv)
>
>
> *production.py has the following contents (relevant snippet):*
> from .base import *
>
> import json
> from django.core.exceptions import ImproperlyConfigured
>
> # JSON-based secrets module located at same level as manage.py
> with open(root("secrets.json")) as f:
> secrets = json.loads(f.read())
>
> def get_secret(setting, secrets=secrets):
> """Get the secret variable or return explicit exception."""
> try:
> return secrets[setting]
> except KeyError:
> error_msg = "Set the {0} environment variable".format(setting)
> raise ImproperlyConfigured(error_msg)
>
> SECRET_KEY = get_secret('SECRET_KEY')
>
> *where root is defined in settings/base.py as:*
> here = lambda *dirs: join(abspath(dirname(__file__)), *dirs)
> BASE_DIR = here("..", "..")
> root = lambda *dirs: join(abspath(BASE_DIR), *dirs)
>
>
> Any idea what could have gone wrong?
>
>
> So this suggests your secrets.json file doesn’t contain a SECRET_KEY. Is
> it definitely in there?
>
> Have you tried logging the path for the secrets.json file calculated by
> root("secrets.json”)? Have you logged what the file contents were when
> read? Is the format of the file correct?
>
> Graham
>
> Regards,
> Tanuka
>
>
>
>
>
>
>
>
>
>
> On Mon, Feb 22, 2016 at 4:27 PM, Graham Dumpleton <
> [email protected]> wrote:
>
>>
>> On 22 Feb 2016, at 9:55 PM, Tanuka Dutta <[email protected]> wrote:
>>
>> Hi Graham,
>>
>> It works fine!
>>
>> The generated http.conf has sections like this that repeat for different
>> VirtualHosts:
>>
>> <VirtualHost _default_:443>
>> <Location />
>> Order deny,allow
>> Deny from all
>> <IfDefine MOD_WSGI_ALLOW_LOCALHOST>
>> Allow from localhost
>> </IfDefine>
>> </Location>
>> SSLEngine On
>> SSLCertificateFile
>> /home/syt_admin/projects/vishwaas/www-https/startssl-certs/server.crt
>> SSLCertificateKeyFile
>> /home/syt_admin/projects/vishwaas/www-https/startssl-certs/server.key
>> <IfDefine MOD_WSGI_VERIFY_CLIENT>
>> SSLCACertificateFile None
>> SSLVerifyClient none
>> </IfDefine>
>> <IfDefine MOD_WSGI_CERTIFICATE_CHAIN>
>> *SSLCertificateChainFile
>> /home/syt_admin/projects/vishwaas/www-https/startssl-certs/1_root_bundle.crt*
>> </IfDefine>
>> </VirtualHost>
>>
>>
>> I am able to connect to the website using Chrome or IE on my Windows 8
>> laptop and also using Chrome on Android 5.1.1 - all browsers show the
>> secure padlock icon.
>>
>> I can also connect to the server using my Android app for the application.
>>
>> Thanks so much! Will this become part of an official release that I can
>> download later?
>>
>>
>> Yes, it will be in the next release.
>>
>> Right now the only change in that develop version I had you install
>> relative to last released version is this specific change, so there should
>> be no unexpected issues and should be safe to use for now.
>>
>> Graham
>>
>> Regards,
>> Tanuka
>>
>>
>>
>>
>>
>>
>> On Mon, Feb 22, 2016 at 4:10 PM, Graham Dumpleton <
>> [email protected]> wrote:
>>
>>> Quickly hacked it in while listening in to meeting. :-)
>>>
>>> Can you try:
>>>
>>> pip install -U
>>> https://github.com/GrahamDumpleton/mod_wsgi/archive/develop.zip
>>>
>>> Then add the extra option:
>>>
>>> —ssl-certificate-chain-file some/path/file.crt
>>>
>>> Tell me if that works and if does will add change note. Otherwise tell
>>> me how it fails with further clues for how generated httpd.conf should be
>>> set up.
>>>
>>> Thanks.
>>>
>>> Graham
>>>
>>> On 22 Feb 2016, at 9:26 PM, Tanuka Dutta <[email protected]> wrote:
>>>
>>> > Is it replacing the SSLCertificateFile line or adding to it?
>>>
>>> Adding to it.
>>>
>>> - Tanuka
>>>
>>> On Mon, Feb 22, 2016 at 3:43 PM, Graham Dumpleton <
>>> [email protected]> wrote:
>>>
>>>> Is it replacing the SSLCertificateFile line or adding to it?
>>>>
>>>> On 22 Feb 2016, at 9:11 PM, Tanuka Dutta <[email protected]>
>>>> wrote:
>>>>
>>>> A follow-on question:
>>>>
>>>> I was encountering issues with Chrome browser on Android 5.1.1 trying
>>>> to connect to my website. The browser was flagging it as not secure. It
>>>> turned out that my certificate chain was not properly installed on Apache.
>>>> (My certificate was obtained from https://www.startssl.com/)
>>>>
>>>> If I explicitly add this line in the httpd.conf where ever
>>>> SSLCertificateFile is configured:
>>>>
>>>> SSLCertificateChainFile
>>>> /home/syt_admin/projects/vishwaas/www-https/startssl-certs/1_root_bundle.crt
>>>>
>>>> (I am using Apache version 2.2.15)
>>>>
>>>> then Android does not flag any issue and the browser shows the secure
>>>> padlock icon.
>>>>
>>>> But how do I provide this option via mod_wsgi-express setup-server ? I
>>>> didn't see anything under mod_wsgi-express --help.
>>>>
>>>> Regards,
>>>> Tanuka
>>>>
>>>>
>>>> On Mon, Feb 22, 2016 at 9:37 AM, Tanuka Dutta <[email protected]>
>>>> wrote:
>>>>
>>>>> Thanks, Graham!
>>>>>
>>>>> Adding the --url-alias option worked perfectly.
>>>>>
>>>>> Also, I went over my old notes and realized that I had in fact
>>>>> executed "python manage.py runmodwsgi --setup-only" after having played
>>>>> around with the "mod_wsgi-express setup-server" command. So that explains
>>>>> the mystery of why it had worked in the past.
>>>>>
>>>>> Is there a recommendation of which command to use?
>>>>>
>>>>> Thanks for this great piece of infrastructure!!
>>>>>
>>>>> Regards,
>>>>> Tanuka
>>>>>
>>>>>
>>>>>
>>>>> On Saturday, 20 February 2016 06:11:21 UTC+5:30, Graham Dumpleton
>>>>> wrote:
>>>>>>
>>>>>>
>>>>>> On 19 Feb 2016, at 9:31 PM, Tanuka Dutta <[email protected]> wrote:
>>>>>>
>>>>>> Hello,
>>>>>>
>>>>>> I have a CentOS 6.7 installation on a VM, and am running Django 1.8.8
>>>>>> over Apache 2.2.15 using mod_wsgi version 4.4.21 (that I had compiled
>>>>>> from
>>>>>> source using Python 2.7.8 in a virtualenv).
>>>>>>
>>>>>> I've used mod_wsgi-express to generate the Apache scripts (it's
>>>>>> extremely helpful!) and it works fine for http. I am able to connect to
>>>>>> the
>>>>>> website over http and view all the images on the site.
>>>>>>
>>>>>> The commands used were:
>>>>>>
>>>>>> (vishwaas_env)[syt_admin@VM1 www]$ mod_wsgi-express setup-server
>>>>>> /home/syt_admin/projects/vishwaas/vishwaas_django/vishwaas_django/wsgi.py
>>>>>> --host=0.0.0.0 --port=80 --user apache --group apache
>>>>>> --server-root=/home/syt_admin/projects/vishwaas/www
>>>>>>
>>>>>> (vishwaas_env)[syt_admin@VM1 www]$ sudo ./apachectl start
>>>>>>
>>>>>> However, when I try to do the same for https (I followed instructions
>>>>>> at https://gist.github.com/GrahamDumpleton/b79d336569054882679e, but
>>>>>> left out the client authentication bit).
>>>>>>
>>>>>> (vishwaas_env)[syt_admin@VM1 www-https]$ mod_wsgi-express
>>>>>> setup-server ../vishwaas_django/vishwaas_django/wsgi.py --user apache
>>>>>> --group apache --server-root=/home/syt_admin/projects/vishwaas/www-https
>>>>>> --https-port 443 --port 80 --https-only --server-name www.xyz.in
>>>>>> --ssl-certificate-file
>>>>>> ssl-certs/server.crt --ssl-certificate-key-file ssl-certs/server.key
>>>>>>
>>>>>> the http.conf file that is generated does not have the Alias 'static'
>>>>>> directive. As I result, I can connect to the website but not view any
>>>>>> images.
>>>>>>
>>>>>> If I insert the missing lines (copied over from the http.conf
>>>>>> generated earlier):
>>>>>>
>>>>>> Alias '/static'
>>>>>> '/home/syt_admin/projects/vishwaas/vishwaas_django/collected_static'
>>>>>>
>>>>>> <Directory
>>>>>> '/home/syt_admin/projects/vishwaas/vishwaas_django/collected_static'>
>>>>>> Order allow,deny
>>>>>> Allow from all
>>>>>> </Directory>
>>>>>>
>>>>>> then I can see the static files on the website.
>>>>>>
>>>>>> Is this a bug in mod_wsgi-express or am I doing something wrong?
>>>>>>
>>>>>>
>>>>>> You would only get a Alias directive for /static if you had used the
>>>>>> option:
>>>>>>
>>>>>> —url-alias
>>>>>> /static
>>>>>> /home/syt_admin/projects/vishwaas/vishwaas_django/collected_static
>>>>>>
>>>>>> I can’t see that you have used that in what you ran.
>>>>>>
>>>>>> The /static Alias would only be generated automatically if you were
>>>>>> using the Django management command integration so you could run ‘python
>>>>>> manage.py runmodwsgi', which you aren’t.
>>>>>>
>>>>>> Graham
>>>>>>
>>>>>>
>>>>> --
>>>>> You received this message because you are subscribed to a topic in the
>>>>> Google Groups "modwsgi" group.
>>>>> To unsubscribe from this topic, visit
>>>>> https://groups.google.com/d/topic/modwsgi/1Aad8DeGUjo/unsubscribe.
>>>>> To unsubscribe from this group and all its topics, send an email to
>>>>> [email protected].
>>>>> To post to this group, send email to [email protected].
>>>>> Visit this group at https://groups.google.com/group/modwsgi.
>>>>> For more options, visit https://groups.google.com/d/optout.
>>>>>
>>>>
>>>>
>>>> --
>>>> You received this message because you are subscribed to the Google
>>>> Groups "modwsgi" group.
>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>> an email to [email protected].
>>>> To post to this group, send email to [email protected].
>>>> Visit this group at https://groups.google.com/group/modwsgi.
>>>> For more options, visit https://groups.google.com/d/optout.
>>>>
>>>>
>>>>
>>>> --
>>>> You received this message because you are subscribed to a topic in the
>>>> Google Groups "modwsgi" group.
>>>> To unsubscribe from this topic, visit
>>>> https://groups.google.com/d/topic/modwsgi/1Aad8DeGUjo/unsubscribe.
>>>> To unsubscribe from this group and all its topics, send an email to
>>>> [email protected].
>>>> To post to this group, send email to [email protected].
>>>> Visit this group at https://groups.google.com/group/modwsgi.
>>>> For more options, visit https://groups.google.com/d/optout.
>>>>
>>>
>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "modwsgi" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to [email protected].
>>> To post to this group, send email to [email protected].
>>> Visit this group at https://groups.google.com/group/modwsgi.
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>>
>>>
>>> --
>>> You received this message because you are subscribed to a topic in the
>>> Google Groups "modwsgi" group.
>>> To unsubscribe from this topic, visit
>>> https://groups.google.com/d/topic/modwsgi/1Aad8DeGUjo/unsubscribe.
>>> To unsubscribe from this group and all its topics, send an email to
>>> [email protected].
>>> To post to this group, send email to [email protected].
>>> Visit this group at https://groups.google.com/group/modwsgi.
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "modwsgi" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to [email protected].
>> To post to this group, send email to [email protected].
>> Visit this group at https://groups.google.com/group/modwsgi.
>> For more options, visit https://groups.google.com/d/optout.
>>
>>
>>
>> --
>> You received this message because you are subscribed to a topic in the
>> Google Groups "modwsgi" group.
>> To unsubscribe from this topic, visit
>> https://groups.google.com/d/topic/modwsgi/1Aad8DeGUjo/unsubscribe.
>> To unsubscribe from this group and all its topics, send an email to
>> [email protected].
>> To post to this group, send email to [email protected].
>> Visit this group at https://groups.google.com/group/modwsgi.
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "modwsgi" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> To post to this group, send email to [email protected].
> Visit this group at https://groups.google.com/group/modwsgi.
> For more options, visit https://groups.google.com/d/optout.
>
>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "modwsgi" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/modwsgi/1Aad8DeGUjo/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> [email protected].
> To post to this group, send email to [email protected].
> Visit this group at https://groups.google.com/group/modwsgi.
> For more options, visit https://groups.google.com/d/optout.
>
--
You received this message because you are subscribed to the Google Groups
"modwsgi" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/group/modwsgi.
For more options, visit https://groups.google.com/d/optout.
