Looks like your Apache may be running with:
PrivilegesMode SECURE
See:
https://httpd.apache.org/docs/2.4/mod/mod_privileges.html#privilegesmode
<https://httpd.apache.org/docs/2.4/mod/mod_privileges.html#privilegesmode>
In that case you will need to supply the socket-user option to
WSGIDaemonProcess.
http://modwsgi.readthedocs.io/en/develop/configuration-directives/WSGIDaemonProcess.html
<http://modwsgi.readthedocs.io/en/develop/configuration-directives/WSGIDaemonProcess.html>
So add to WSGIDaemonProcess:
socket-user=#1000
You possibly don't then need to override WSGISocketPrefix.
Graham
> On 29 Jun 2018, at 6:12 pm, [email protected] wrote:
>
> Thanks for the very prompt response!
>
> You're absolutely right. There is another python 3.6 installation. I had
> originally tried using this one, but I ran into some issues, which at the
> time, I suspected were caused by the install not being configured as a shared
> library
> (https://modwsgi.readthedocs.io/en/develop/user-guides/checking-your-installation.html#python-shared-library
>
> <https://modwsgi.readthedocs.io/en/develop/user-guides/checking-your-installation.html#python-shared-library>).
> Since this is a shared system and I'm not entirely sure how my predecessor
> installed python3.6 and I failed to remove it via yum, I ended up just
> installing another version via conda.
>
> Here is the output of the ldd command (unchanged by running `unset
> LD_LIBRARY_PATH`)
>
> [root@server1 ~]# ldd
> /home/user/.conda/envs/djangotest/lib/python3.6/site-packages/mod_wsgi/server/mod_wsgi-py36.cpython-36m-x86_64-linux-gnu.so
> linux-vdso.so.1 => (0x00007ffe24e66000)
> libpython3.6m.so.1.0 => /opt/miniconda3/lib/libpython3.6m.so.1.0
> (0x00007f7b932db000)
> libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f7b930b1000)
> libc.so.6 => /lib64/libc.so.6 (0x00007f7b92ce4000)
> libdl.so.2 => /lib64/libdl.so.2 (0x00007f7b92ae0000)
> libutil.so.1 => /lib64/libutil.so.1 (0x00007f7b928dc000)
> librt.so.1 => /lib64/librt.so.1 (0x00007f7b926d4000)
> libm.so.6 => /lib64/libm.so.6 (0x00007f7b923d2000)
> /lib64/ld-linux-x86-64.so.2 (0x00007f7b93a5d000)
>
> Consequently, I updated my /etc/apache2/conf.d/includes/pre_main_global.conf
> file to:
>
> LoadFile /opt/miniconda3/lib/libpython3.6m.so.1.0
> LoadModule wsgi_module
> "/home/user/.conda/envs/djangotest/lib/python3.6/site-packages/mod_wsgi/server/mod_wsgi-py36.cpython-36m-x86_64-l$
> WSGIPythonHome "/home/user/.conda/envs/djangotest"
>
> After rebuilding and restarting apache I encountered the following error:
>
> [Wed Jun 27 15:54:46.595526 2018] [wsgi:error] [pid 32903] (13)Permission
> denied: [client 81.82.4.116:51822] mod_wsgi (pid=32903): Unable to connect to
> WSGI daemon process 'djangotest' on '/var/run/apache2/wsgi.26067.90.1.sock'
> as user with uid=1000.
> [Wed Jun 27 15:54:46.595261 2018] [wsgi:error] [pid 32903] (13)Permission
> denied: [client 81.82.4.116:51822] mod_wsgi (pid=32903): Unable to connect to
> WSGI daemon process 'djangotest' on '/var/run/apache2/wsgi.26067.90.1.sock'
> as user with uid=1000.
>
> Following the advice on
> https://modwsgi.readthedocs.io/en/develop/user-guides/configuration-issues.html
>
> <https://modwsgi.readthedocs.io/en/develop/user-guides/configuration-issues.html>
> and https://stackoverflow.com/a/49767824
> <https://stackoverflow.com/a/49767824>, I tried adding various forms of the
> following line to /etc/apache2/conf.d/wsgi-django.conf (if I understand
> easyapache correctly, this conf file just gets included in the main directive
> of the global httpd.conf file).
>
> WSGISocketPrefix ../../var/run/wsgi
> # or
> WSGISocketPrefix /var/run/wsgi
> # or just for testing purposes
> WSGISocketPrefix /tmp/wsgi
>
> I also double checked my VirtualHost file and it has a `socket-user`
> statement referring to the same one the apache error reports.
>
> ---
>
> On the mod_wsgi-express side of things, I've also tried adding the `LoadFile
> /opt/miniconda3/lib/libpythonX.Y.so` statement to a httpd-include.conf file,
> but that didn't seem to have any effect.
>
> ---
>
> I'll also try removing the conflicting python install again.
>
> Apologies if I misinterpreted any of your instructions.
>
> Cheers!
>
> On Thursday, June 28, 2018 at 1:39:21 AM UTC+2, Graham Dumpleton wrote:
> Is there a system package for Python 3.6 installed? That is, different to
> Anaconda Python 3.6.
>
> If yes, it is likely picking up wrong Python library. For some reason this
> occurs sometimes with Anaconda Python because they break Python shared
> library loading for embedded systems.
>
> The solution is to add before LoadModule in the Apache configuration:
>
> LoadFile /opt/miniconda3/lib/libpythonX.Y.so <http://libpythonx.y.so/>
>
> Replace 'libpythonX.Y.so <http://libpythonx.y.so/>' with the actual name of
> the Python shared library. Change the path for the lib directory as well if
> need be.
>
> This will force load the Anaconda Python shared library so the system Python
> shared library is not found.
>
> Also run the check:
>
>
> http://modwsgi.readthedocs.io/en/develop/user-guides/checking-your-installation.html#python-shared-library
>
> <http://modwsgi.readthedocs.io/en/develop/user-guides/checking-your-installation.html#python-shared-library>
>
> to try and work out what shared library mod_wsgi.so file is trying to use by
> default, and post result.
>
> Graham
>
>> On 28 Jun 2018, at 12:26 am, doe...@ <>gmail.com <http://gmail.com/> wrote:
>>
>> I'm trying to deploy a Django app on a CentOS 7 server (hosted at
>> WHM/cPanel), but I'm running into some difficulties. I've tried reading the
>> docs and as many guides/forum topics as I could, but I must still be missing
>> something crucial, because I can't seem to figure out what is going wrong.
>> Note that I don't have any real experience working with web servers up until
>> now, so I might be overlooking something obvious.
>>
>> Some information about my system:
>>
>> Server version: Apache/2.4.33 (cPanel)
>> ~/.conda/envs/djangotest/bin/mod_wsgi-express
>> mod-wsgi 4.6.4 <pip>
>> Python 3.6.5 :: Anaconda, Inc.
>>
>>
>>
>> I'll list the steps I've undertaken so far. Unless specified, all these
>> actions were performed via SSH as a non-root user. For demonstration
>> purposes, I've created a brand new Django app as a minimal reproducible
>> example (basically, what is outlined here:
>> https://www.digitalocean.com/community/tutorials/how-to-serve-django-applications-with-apache-and-mod_wsgi-on-centos-7
>>
>> <https://www.digitalocean.com/community/tutorials/how-to-serve-django-applications-with-apache-and-mod_wsgi-on-centos-7>,
>> and here:
>> https://docs.djangoproject.com/en/2.0/howto/deployment/wsgi/modwsgi/
>> <https://docs.djangoproject.com/en/2.0/howto/deployment/wsgi/modwsgi/>).
>> Ideally, I'd like to deploy the final app via the main Apache installation
>> (or alternatively via mod_wsgi-express's setup-only option) and serve it
>> over HTTPS.
>>
>> Create a new subdomain `test` inside the cPanel webpanel.
>> Create a new directory `/home/user/public_html/test/myproject`,
>> As root, install miniconda at `/opt/miniconda3/`.
>> As a regular user, create a new conda environment `djangotest` (with
>> python3, pip and django) and install `mod_wsgi` via `pip`
>> (https://pypi.org/project/mod_wsgi/ <https://pypi.org/project/mod_wsgi/>).
>> Path: `/home/user/.conda/envs/djangotest/`. The reason for using the pip
>> version is that CentOS' repoistory version (`yum install ea4-experimental
>> ea-apache24-mod_wsgi`) is compiled against python2.7, which from what I've
>> gathered wouldn't work if your Django app uses python3. While installing
>> `mod_wsgi` via pip, the following packages were also installed via yum:
>> `ea-apache24-devel libxml2-devel libxml++-devel python-devel`.
>> Start a new Django project at `/home/user/public_html/test/myproject`:
>> `django-admin.py startproject myproject .`. Add `STATIC_ROOT =
>> os.path.join(BASE_DIR, "static/")` to the `settings.py` file. Collect all
>> static files via `python manage.py collectstatic`, `python manage.py
>> makemigrations` and `python manage.py migrate`. And finally add my domain to
>> ALLOWED_HOSTS in the settings.py file.
>> At this point, I can run a development server via `./manage.py runserver
>> 0.0.0.0:8000` and access it at `test.domain.com:8000
>> <http://test.domain.com:8000/>`.
>>
>> Now, moving on to mod_wsgi:
>> I added 'mod_wsgi.server' to the INSTALLED_APPS list of my settings.py file.
>> I can make both the HTTP and HTTPS site reachable by using
>> `python manage.py runmodwsgi --port=8001 --server-name test.domain.com
>> <http://test.domain.com/> --https-port=8002 --ssl-certificate-file
>> /home/user/ssl/certs/test_domain_com_#####.crt --ssl-certificate-key-file
>> /home/user/ssl/keys/#####.key --access-log`
>>
>> . Side-question: I actually found multiple .crt files for this subdomain, am
>> I supposed to use a specific one?
>> This command runs successfully (although I do have to add a security
>> exception for the https version on port 8002). I can't run it without
>> specifying any ports, because then my main apache complains that ports
>> 80/443 are already in use. So my first question is, how do I disable these
>> ports and use 80/443 via mod_wsgi-express?
>>
>> As I understand, to automate things it's better to use the `setup-only`
>> version of mod_wsgi-express. I added the following options to the above
>> command and ran it as root: `--setup-only --user nobody --group nobody
>> --server-root=/etc/mod_wsgi-express-test`. Again, this works for non-default
>> ports, but not for 80/443. Interestingly, I also noticed I can't use port
>> 8000 if I'm running mod_wsgi-express on the same port for another subdomain.
>>
>> Finally, I tried integrating everything into my main apache install. cPanel
>> uses an include file for use subdomain's virtualhost directive:
>>
>> ```
>> Alias /static /home/user/public_html/django/myproject/static
>>
>> <Directory /home/user/public_html/django/myproject/static>
>> Require all granted
>> </Directory>
>>
>> <Directory /home/user/public_html/django/myproject/myproject>
>> <Files wsgi.py>
>> Require all granted
>> </Files>
>> </Directory>
>>
>> WSGIDaemonProcess djangotest socket-user=user
>> python-home=/home/user/.conda/envs/djangotest
>> WSGIProcessGroup djangotest
>> WSGIScriptAlias / /home/user/public_html/django/myproject/myproject/wsgi.py
>> ```
>>
>>
>> I also added this to the `pre_main_global` conf file (generated by
>> `mod_wsgi-express module-config`) and verified that mod_wsgi is being picked
>> up by apache (`httpd -M`).
>>
>>
>> ```
>> LoadModule wsgi_module
>> "/home/user/.conda/envs/app/lib/python3.6/site-packages/mod_wsgi/server/mod_wsgi-py36.cpython-36m-x86_64-linux-gnu.so
>> <http://mod_wsgi-py36.cpython-36m-x86_64-linux-gnu.so/>"
>> WSGIPythonHome "/home/user/.conda/envs/djangotest"
>> ```
>>
>>
>> After rebuilding httpd.conf and restarting apache, I'm greeted by my site's
>> HTML index. I can't find any errors in the error_log though.
>>
>> -------------------
>>
>> I then moved on to my actual django app.
>>
>> The interactive `python manage.py runmodwsgi` works fine, as long as I don't
>> try to use port 80/443.
>>
>> The `setup-only` method fails however:
>>
>> ```
>> [Wed Jun 27 16:03:06.675478 2018] [ssl:warn] [pid 33391] AH01909:
>> localhost:8443:0 server certificate does NOT include an ID which matches the
>> server name
>> [Wed Jun 27 16:03:06.684517 2018] [ssl:warn] [pid 33393] AH01873: Init:
>> Session Cache is not configured [hint: SSLSessionCache]
>> [Wed Jun 27 16:03:06.685467 2018] [ssl:warn] [pid 33393] AH01909:
>> localhost:8443:0 server certificate does NOT include an ID which matches the
>> server name
>> [Wed Jun 27 16:03:06.686555 2018] [mpm_prefork:notice] [pid 33393] AH00163:
>> Apache/2.4.33 (cPanel) mod_wsgi/4.6.4 Python/3.6 OpenSSL/1.0.2o configured
>> -- resuming normal operations
>> [Wed Jun 27 16:03:06.686586 2018] [core:notice] [pid 33393] AH00094: Command
>> line: 'httpd (mod_wsgi-express) -f /etc/mod_wsgi-express-app/httpd.conf -D
>> MOD_WSGI_VIRTUAL_HOST -D MOD_WSGI_WITH_HTTPS -D MOD_WSGI_HTTPS_ONLY -D
>> MOD_WSGI_ACCESS_LOG -D MOD_WSGI_MPM_ENABLE_PREFORK_MODULE -D
>> MOD_WSGI_MPM_EXISTS_PREFORK_MODULE'
>> [Wed Jun 27 16:03:06.752358 2018] [wsgi:error] [pid 33394] mod_wsgi
>> (pid=33394): Failed to exec Python script file
>> '/etc/mod_wsgi-express-app/handler.wsgi'.
>> [Wed Jun 27 16:03:06.752434 2018] [wsgi:error] [pid 33394] mod_wsgi
>> (pid=33394): Exception occurred processing WSGI script
>> '/etc/mod_wsgi-express-app/handler.wsgi'.
>> [Wed Jun 27 16:03:06.753427 2018] [wsgi:error] [pid 33394] Traceback (most
>> recent call last):
>> [Wed Jun 27 16:03:06.753478 2018] [wsgi:error] [pid 33394] File
>> "/etc/mod_wsgi-express-app/handler.wsgi", line 94, in <module>
>> [Wed Jun 27 16:03:06.753484 2018] [wsgi:error] [pid 33394]
>> recorder_directory=recorder_directory)
>> [Wed Jun 27 16:03:06.753494 2018] [wsgi:error] [pid 33394] File
>> "/home/user/.conda/envs/app/lib/python3.6/site-packages/mod_wsgi/server/__init__.py",
>> line 1391, in __init__
>> [Wed Jun 27 16:03:06.753499 2018] [wsgi:error] [pid 33394]
>> __import__(entry_point)
>> [Wed Jun 27 16:03:06.753524 2018] [wsgi:error] [pid 33394]
>> ModuleNotFoundError: No module named 'internal_app_module'
>> ```
>>
>> Froms the docs, PyCon AU 2010 slides and various threads I've gathered that
>> my apache user might not have access to my home directory if I use the
>> express module (in contrast to integrating mod_wsgi into my system-wide
>> apache install that is run by root). Suggestions range from adding o+rx
>> permissions on specific files, making the entire home directory 755 (which
>> seems like a security hazard?) or installing the environment somewhere else.
>>
>> I opted for the latter and created a new environment (virtualenv this time
>> around, to also exclude any conda-shennanigans from messing up things)
>> inside `/opt/virtualenvtest`. This results in a different error:
>>
>> ```
>> [Wed Jun 27 16:06:35.925225 2018] [ssl:warn] [pid 33589] AH01909:
>> localhost:8443:0 server certificate do
>> es NOT include an ID which matches the server name
>> [Wed Jun 27 16:06:35.934826 2018] [ssl:warn] [pid 33591] AH01873: Init:
>> Session Cache is not configured
>> [hint: SSLSessionCache]
>> [Wed Jun 27 16:06:35.935537 2018] [ssl:warn] [pid 33591] AH01909:
>> localhost:8443:0 server certificate do
>> es NOT include an ID which matches the server name
>> [Wed Jun 27 16:06:35.936611 2018] [mpm_prefork:notice] [pid 33591] AH00163:
>> Apache/2.4.33 (cPanel) mod_w
>> sgi/4.6.4 Python/3.6 OpenSSL/1.0.2o configured -- resuming normal operations
>> [Wed Jun 27 16:06:35.936661 2018] [core:notice] [pid 33591] AH00094: Command
>> line: 'httpd (mod_wsgi-expr
>> ess) -f /etc/mod_wsgi-express-app/httpd.conf -D MOD_WSGI_VIRTUAL_HOST -D
>> MOD_WSGI_WITH_HTTPS -D MOD_WS
>> GI_HTTPS_ONLY -D MOD_WSGI_ACCESS_LOG -D MOD_WSGI_MPM_ENABLE_PREFORK_MODULE
>> -D MOD_WSGI_MPM_EXISTS_PREFOR
>> K_MODULE'
>> Fatal Python error: Py_Initialize: Unable to get the locale encoding
>> ModuleNotFoundError: No module named 'encodings'
>>
>> Current thread 0x00007f57ca144880 (most recent call first):
>> Fatal Python error: Py_Initialize: Unable to get the locale encoding
>> ModuleNotFoundError: No module named 'encodings'
>>
>> Current thread 0x00007f57ca144880 (most recent call first):
>> [Wed Jun 27 16:06:36.937821 2018] [core:notice] [pid 33591] AH00052: child
>> pid 33592 exit signal Aborted
>> (6)
>> [Wed Jun 27 16:06:36.938559 2018] [core:notice] [pid 33591] AH00052: child
>> pid 33593 exit signal Aborted
>> (6)
>> Fatal Python error: Py_Initialize: Unable to get the locale encoding
>> ModuleNotFoundError: No module named 'encodings'
>>
>> Current thread 0x00007f57ca144880 (most recent call first):
>> Fatal Python error: Py_Initialize: Unable to get the locale encoding
>> ModuleNotFoundError: No module named 'encodings'
>>
>> Current thread 0x00007f57ca144880 (most recent call first):
>> [Wed Jun 27 16:06:37.940557 2018] [core:notice] [pid 33591] AH00052: child
>> pid 33595 exit signal Aborted (6)
>> [Wed Jun 27 16:06:37.941081 2018] [core:notice] [pid 33591] AH00052: child
>> pid 33596 exit signal Aborted (6)
>> Fatal Python error: Py_Initialize: Unable to get the locale encoding
>> ModuleNotFoundError: No module named 'encodings'
>>
>> Current thread 0x00007f57ca144880 (most recent call first):
>> Fatal Python error: Py_Initialize: Unable to get the locale encoding
>> ModuleNotFoundError: No module named 'encodings'
>> ```
>>
>> Google taught me that this could be related to a messed up PYTHONHOME
>> variable, but from what I can tell, the virtualenv works as intended (i.e. I
>> can import everything I need, including encodings, in an interactive python
>> session.)
>>
>> So I'm at a loss here! Summary of my issues:
>>
>> - `setup-only` method leads to import errors for custom python packages, but
>> not for a bare-bones django project
>> - interactive and `setup-only` method can't override port 80/443
>> - integration into system-wide apache install fails
>>
>> Any help would be much appreciated!
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "modwsgi" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to modwsgi+u...@ <>googlegroups.com <http://googlegroups.com/>.
>> To post to this group, send email to mod...@ <>googlegroups.com
>> <http://googlegroups.com/>.
>> Visit this group at https://groups.google.com/group/modwsgi
>> <https://groups.google.com/group/modwsgi>.
>> For more options, visit https://groups.google.com/d/optout
>> <https://groups.google.com/d/optout>.
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "modwsgi" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected]
> <mailto:[email protected]>.
> To post to this group, send email to [email protected]
> <mailto:[email protected]>.
> Visit this group at https://groups.google.com/group/modwsgi
> <https://groups.google.com/group/modwsgi>.
> For more options, visit https://groups.google.com/d/optout
> <https://groups.google.com/d/optout>.
--
You received this message because you are subscribed to the Google Groups
"modwsgi" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/group/modwsgi.
For more options, visit https://groups.google.com/d/optout.
