Regarding setting the image to a user or group that doesn't exist I expected this Dockerfile to set things up enough RUN useradd flask_user && groupadd flask_group
since the same user name and group name are referenced in the httpd.conf: WSGIDaemonProcess molmod user=flask_user group=flask_group threads=5 A similar setup worked earlier when doing a test on a CentOS box. Regardless, I will try using your Docker image instead and look forward to the new more secure version. Thanks for taking the time to help! On Friday, July 1, 2016 at 12:18:46 AM UTC-4, Graham Dumpleton wrote: > > > On 30 Jun 2016, at 7:54 PM, Russell Parker <[email protected] > <javascript:>> wrote: > > Hi all, > > I've been banging my head against the wall trying to fix this. This issue > <https://github.com/GrahamDumpleton/mod_wsgi-docker/issues/6> seems > similar but I haven't been able to wrangle a solution out of it. > > - mod_wsgi 4.3 > - Apache 2.4 > - Debian Jessie > - Python 2.7.9 > > > I'm trying to setup a Docker image running a Flask app and I've gotten to > a point where I can run the Flask local development server and retrieve > (pretty simple, templated html) pages. When I try to run it on Apache > though, there is a gateway timeout and I find the following error in my > VirutalHost log file: > [wsgi:error] ... Timeout when reading response headers from daemon > process 'molmod': /var/www/app/molmod.wsgi > > In the genreal Apache log file there is the following error over and over: > [wsgi:alert] ... mod_wsgi (pid=<x>): Failure to configure the daemon > process correctly and process left in unspecified state. Restarting daemon > process after delay. > > > This would usually indicate you are trying to set the user/group of the > mod_wsgi daemon process with a user or group that doesn’t exist inside of > the Docker image. > > I seriously would advise against you trying to construct your own Docker > image. Creating Docker images properly that follow best practices, > especially if trying to run Apache is non trivial. > > For now I would suggest you use my base image: > > * https://github.com/GrahamDumpleton/mod_wsgi-docker > > I have an even better base image than this one which can do a lot more and > security wise is much better, but not yet ready to let people use the newer > one. So try the grahamdumpleton/mod-wsgi-docker ones first. > > If you think that creating Docker images is trivial, you might want to > read some of my blog posts about some of the issues you need to deal with. > > * > http://blog.dscpl.com.au/2016/01/roundup-of-docker-issues-when-hosting.html > > The image above I reference doesn’t adhere to all the things one should > do, but the newer one will and more. > > Graham > > It seems like the daemon gets stuck restarting over and over instead of > serving the Flask site. > > Here is my config file: > ErrorLog logs/error_log > WSGISocketPrefix /var/run > # turn off initialization of Python interpreter > WSGIRestrictEmbedded On > > <VirtualHost *:80> > Alias /static/ /var/www/app/static/ > <Directory /var/www/app/static/> > Require all granted > </Directory> > > WSGIDaemonProcess molmod user=flask_user group=flask_group threads=5 > WSGIScriptAlias / /var/www/app/molmod.wsgi > <Directory /var/www/app> > WSGIProcessGroup molmod > WSGIApplicationGroup %{GLOBAL} > Require all granted > </Directory> > LogLevel info > ErrorLog logs/flask_log > </VirtualHost> > > If it helps at all, here is the Dockerfile I am using as well: > FROM httpd:2.4 > > RUN apt-get -y update && \ > apt-get install -y libapache2-mod-wsgi > RUN useradd flask_user && groupadd flask_group > > COPY ./molmod /var/www/app > RUN apt-get install -y python-pip && \ > pip install -r /var/www/app/requirements.txt > > COPY ./httpd.conf /tmp/httpd.conf > RUN echo "LoadModule wsgi_module /usr/lib/apache2/modules/mod_wsgi.so" >> \ > "$HTTPD_PREFIX"/conf/httpd.conf > RUN cat /tmp/httpd.conf >> "$HTTPD_PREFIX"/conf/httpd.conf && \ > rm /tmp/httpd.conf > > > EXPOSE 80 > CMD ["httpd-foreground"] > > Thanks in advance! > > -- > You received this message because you are subscribed to the Google Groups > "modwsgi" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected] <javascript:>. > To post to this group, send email to [email protected] <javascript:> > . > Visit this group at https://groups.google.com/group/modwsgi. > For more options, visit https://groups.google.com/d/optout. > > > -- You received this message because you are subscribed to the Google Groups "modwsgi" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/modwsgi. For more options, visit https://groups.google.com/d/optout.
