Dear Graham, Thanks for your response.
I removed socket-user=app_user and now I see a different behaviour. One of
the app work while the other does not. Both are exactly identical one is
meant for QA and other for PROD and the QA URL works while for the PROD URL
it shows an error
*Not Found The requested URL /app_prod was not found on this server.*
The QA URL is http://<ip>:8999/app_qa
The PROD URL is http://<ip>:8999/app_prod
The initial reason why I had to move to daemon mode is to be able to set a
python-path for both of them separately as WSGIPythonPath cannot be used
inside <VirtualHost>
This is my httpd.conf setting.
WSGISocketPrefix /run/httpd/wsgi/
<VirtualHost *:8999>
WSGIDaemonProcess app_qa processes=1 display-name=%{GROUP} python-path=/opt/
app/app_qa/app
WSGIProcessGroup app_qa
WSGIScriptAlias /app_qa /opt/app/app_qa/app/wsgi.py process-group=app_qa
Alias /static_app_qa /opt/app/app_qa/staticfiles
<Directory /opt/app/app_qa/app/>
<Files wsgi.py>
Require all granted
</Files>
</Directory>
<Directory /opt/app/app_qa/staticfiles/>
Require all granted
</Directory>
</VirtualHost>
<VirtualHost *:8999>
WSGIDaemonProcess app_prod processes=1 display-name=%{GROUP} python-path=
/opt/app/app_prod/app
WSGIProcessGroup app_prod
WSGIScriptAlias /app_prod /opt/app/app_prod/app/wsgi.py process-group=
app_prod
Alias /static_app_prod /opt/app/app_prod/staticfiles
<Directory /opt/app/app_prod/app/>
<Files wsgi.py>
Require all granted
</Files>
</Directory>
<Directory /opt/app/app_prod/staticfiles/>
Require all granted
</Directory>
</VirtualHost>
The netstat output is as follows indicating that the socket files were
created in the desired folder. The permission on files and directories also
follows
[root@server app]# netstat -an | grep http
unix 2 [ ACC ] STREAM LISTENING 1107556 /run/httpd/wsgi/.
13750.0.1.sock
unix 2 [ ACC ] STREAM LISTENING 1107558 /run/httpd/wsgi/.
13750.0.2.sock
[root@server app]# ls -ltr /run/httpd/wsgi/.13750.0.1.sock
/run/httpd/wsgi/.13750.0.2.sock
srwx------ 1 app_user root 0 Mar 18 19:29 /run/httpd/wsgi/.13750.0.2.sock
srwx------ 1 app_user root 0 Mar 18 19:29 /run/httpd/wsgi/.13750.0.1.sock
[root@server app]# ls -ltr /run/httpd/
total 8
drwx------ 2 apache apache 40 Mar 10 13:50 htcacheclean
-rw-r--r-- 1 root root 8 Mar 18 19:29 authdigest_shm.13750
-rw-r--r-- 1 root root 6 Mar 18 19:29 httpd.pid
drwxr-xr-x 2 app_user app_user 80 Mar 18 19:29 wsgi
[root@server app]# ls -ltr /run | tail -2
-rw-rw-r-- 1 root utmp 3072 Mar 18 19:11 utmp
drwx--x--- 4 root apache 120 Mar 18 19:29 httpd
Also the ps -ef | grep httpd output is
root 13750 1 0 19:29 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND
app_user 13753 13750 0 19:29 ? 00:00:00 /usr/sbin/httpd -
DFOREGROUND
app_user 13754 13750 0 19:29 ? 00:00:00 /usr/sbin/httpd -
DFOREGROUND
app_user 13755 13750 0 19:29 ? 00:00:00 /usr/sbin/httpd -
DFOREGROUND
app_user 13756 13750 0 19:29 ? 00:00:00 /usr/sbin/httpd -
DFOREGROUND
app_user 13757 13750 0 19:29 ? 00:00:00 /usr/sbin/httpd -
DFOREGROUND
I am a bit confused as everything seems alright.
Appreciate your help
On Wednesday, 18 March 2020 18:57:26 UTC-3, Graham Dumpleton wrote:
>
> Why are you setting 'socket-user'?
>
> That is only required when using Apache PrivilegesMode as SECURE, or using
> certain Apache MPMs.
>
> What happens when you don't use that?
>
> I want to see the original error messages and permissions on both the
> socket files, *and* the directory the sockets are in, before changing any
> configuration from what one would normally use.
>
> Graham
>
> On 19 Mar 2020, at 2:10 am, Guddu <[email protected] <javascript:>>
> wrote:
>
> After configuring daemon mode, I started getting a 503 Server Unavailable
> error.
>
> There are lot of posts on stackoverflow and a dedicate section in the
> troubleshooting page at
> https://modwsgi.readthedocs.io/en/develop/user-guides/frequently-asked-questions.html
>
> and
> https://modwsgi.readthedocs.io/en/develop/user-guides/configuration-issues.html
>
> but none of the suggestions seem to be helping me at the moment. Appreciate
> your guidance.
>
> The error logs have the following
>
> [Wed Mar 18 09:30:17.649428 2020] [wsgi:error] [pid 14044] (13)Permission
> denied: [client 10.52.7.18:2505] mod_wsgi (pid=14044): Unable to connect
> to WSGI daemon process 'app_qa' on '/run/httpd/wsgi/.14039.0.1.sock' as
> user with uid=1001.
>
>
>
>
> The directory in question has read and write permission to *app_user*
>
> The httpd processes start fine. Below is the ps output
>
> root 14197 1 0 09:30 ? 00:00:00 /usr/sbin/httpd -
> DFOREGROUND
> app_user 14202 14197 0 09:30 ? 00:00:00 /usr/sbin/httpd -
> DFOREGROUND
> app_user 14203 14197 0 09:30 ? 00:00:00 /usr/sbin/httpd -
> DFOREGROUND
> app_user 14204 14197 0 09:30 ? 00:00:00 /usr/sbin/httpd -
> DFOREGROUND
> app_user 14205 14197 0 09:30 ? 00:00:00 /usr/sbin/httpd -
> DFOREGROUND
> app_user 14206 14197 0 09:30 ? 00:00:00 /usr/sbin/httpd -
> DFOREGROUND
>
>
>
> The socket flies get written
>
> [root@server wsgi]# ls -ltra
> total 0
> srwx------ 1 app_user root 0 Mar 18 09:30 .14197.0.1.sock
> srwx------ 1 app_user root 0 Mar 18 09:30 .14197.0.2.sock
>
>
>
>
> My apache build info is as follows
>
> [app_user@server app_qa]$ httpd -V
> AH00558: httpd: Could not reliably determine the server's fully qualified
> domain name, using 10.21.2.136. Set the 'ServerName' directive globally
> to suppress this message
> Server version: Apache/2.4.6 (Red Hat Enterprise Linux)
> Server built: Jun 9 2019 13:01:04
> Server's Module Magic Number: 20120211:24
> Server loaded: APR 1.4.8, APR-UTIL 1.5.2
> Compiled using: APR 1.4.8, APR-UTIL 1.5.2
> Architecture: 64-bit
> Server MPM: prefork
> threaded: no
> forked: yes (variable process count)
> Server compiled with....
> -D APR_HAS_SENDFILE
> -D APR_HAS_MMAP
> -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
> -D APR_USE_SYSVSEM_SERIALIZE
> -D APR_USE_PTHREAD_SERIALIZE
> -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
> -D APR_HAS_OTHER_CHILD
> -D AP_HAVE_RELIABLE_PIPED_LOGS
> -D DYNAMIC_MODULE_LIMIT=256
> -D HTTPD_ROOT="/etc/httpd"
> -D SUEXEC_BIN="/usr/sbin/suexec"
> -D DEFAULT_PIDLOG="/run/httpd/httpd.pid"
> -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
> -D DEFAULT_ERRORLOG="logs/error_log"
> -D AP_TYPES_CONFIG_FILE="conf/mime.types"
> -D SERVER_CONFIG_FILE="conf/httpd.conf"
>
> [app_user@server app_qa]$ httpd -l
> Compiled in modules:
> core.c
> mod_so.c
> http_core.c
>
>
>
>
> My httpd conf is as follows
>
> WSGISocketPrefix /run/httpd/wsgi/
> <VirtualHost *:8999>
> WSGIDaemonProcess app_qa processes=2 display-name=%{GROUP} python-path=
> /opt/app/app_qa socket-user=app_user
> WSGIProcessGroup app_qa
> WSGIScriptAlias /app_qa /opt/app/app_qa/app/wsgi.py process-group=app_qa
> Alias /static_app_qa /opt/app/app_qa/staticfiles
>
> <Directory /opt/app/app_qa/app/>
> <Files wsgi.py>
> Require all granted
> </Files>
> </Directory>
>
> <Directory /opt/app/app_qa/staticfiles/>
> Require all granted
> </Directory>
> </VirtualHost>
>
>
> Appreciate your help on this matter.
>
> --
> You received this message because you are subscribed to the Google Groups
> "modwsgi" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected] <javascript:>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/modwsgi/82ab46fe-adc1-42fd-90ad-abaf05f58613%40googlegroups.com
>
> <https://groups.google.com/d/msgid/modwsgi/82ab46fe-adc1-42fd-90ad-abaf05f58613%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
>
>
>
--
You received this message because you are subscribed to the Google Groups
"modwsgi" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/modwsgi/21647165-18ba-4f06-92d0-b224f06e8311%40googlegroups.com.
