It is a known problem with Anaconda Python that you cannot use it embedded in other applications, where the application embedding it links with SSL and crypto libraries. In other words, you cannot use mod_ssl in Apache if you are going to use Anaconda Python.
This problem is caused by Anaconda Python, due to it bundling its own versions of SSL and crypto libraries that are often incompatible with the system versions of those libraries that Apache is linked against. When they are incompatible you can get obscure errors of the processes can crash. Consider using mod_wsgi-express instead, and have the front end Apache which handles SSL termination using mod_ssl, proxy to the mod_wsgi-express instance. There isn't really any other solution, except for not using Anaconda Python. Graham > On 31 Mar 2020, at 6:40 pm, [email protected] wrote: > > Dear all, > > We have been struggling with our Apache with mod-wsgi for a while now and we > finally managed to break the problem down to a minimum. We try to run a Dash > application that uses datashader, but it kept on crashing. The following > minimal example works fine on our server. > > myDashApp.py > from flask import Flask > import dash > import dash_core_components as dcc > import dash_html_components as html > > server = Flask('app') > app = dash.Dash('app', server=server) > > colors = { > 'background': '#111111', > 'text': '#7FDBFF' > } > app.layout = html.Div(style={'backgroundColor': colors['background']}, > children=[ > html.H1( > children='Hello Dash', > style={ > 'textAlign': 'center', > 'color': colors['text'] > } > ), > html.Div(children='Dash: A web application framework for Python.', style={ > 'textAlign': 'center', > 'color': colors['text'] > }), > dcc.Graph( > id='Graph1', > figure={ > 'data': [ > {'x': [1, 2, 3], 'y': [4, 1, 2], 'type': 'bar', 'name': 'SF'}, > {'x': [1, 2, 3], 'y': [2, 4, 5], 'type': 'bar', 'name': > u'Montréal'}, > ], > 'layout': { > 'plot_bgcolor': colors['background'], > 'paper_bgcolor': colors['background'], > 'font': { > 'color': colors['text'] > } > } > } > ) > ]) > > if __name__ == '__main__': > app.run_server() > (I copied that example from somewhere, but unfortunately forgot from where) > > wsgi.py > sys.path.insert(0, "/data/website/myApp") > > from myDashApp import server as application > > /etc/apache2/sites-enabled/default-ssl.conf > <IfModule mod_ssl.c> > <VirtualHost _default_:443> > ServerName example.com > ServerAdmin [email protected] > > # Flask application > WSGIProcessGroup myApp > WSGIApplicationGroup %{GLOBAL} > > WSGIScriptAlias / /data/website/myApp/wsgi.py > WSGIDaemonProcess myApp > python-home=/usr/share/miniconda3/envs/my_env_36 \ > threads=1 \ > processes=4 \ > display-name=%{GROUP} \ > lang='en_US.UTF-8' \ > locale='en_US.UTF-8' \ > queue-timeout=45 \ > socket-timeout=60 \ > connect-timeout=15 \ > request-timeout=60 \ > inactivity-timeout=0 \ > startup-timeout=15 \ > deadlock-timeout=60 \ > graceful-timeout=15 \ > eviction-timeout=0 \ > restart-interval=0 \ > shutdown-timeout=5 \ > maximum-requests=0 > > <Directory "/data/website/myApp/> > AllowOverride all > AuthType Basic > AuthUserFile /data/passwords/passwords.pwd > AuthName "myDemoApp" > <RequireAll> > Require valid-user > </RequireAll> > </Directory> > > ErrorLog ${APACHE_LOG_DIR}/error.log > CustomLog ${APACHE_LOG_DIR}/access.log combined > > SSLEngine on > > SSLCertificateFile /etc/apache2/cert/host_name.crt.pem > SSLCertificateKeyFile /etc/apache2/cert/host_name.key > > SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 > SSLHonorCipherOrder on > > SSLCipherSuite > ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA > > Header always set Strict-Transport-Security > "max-age=15552000; includeSubDomains" > <FilesMatch "\.(cgi|shtml|phtml|php)$"> > SSLOptions +StdEnvVars > </FilesMatch> > <Directory /usr/lib/cgi-bin> > SSLOptions +StdEnvVars > </Directory> > > </VirtualHost> > </IfModule> > > Now, we can add the following lines to our myDashApp.py: > import ssl > foo = ssl.SSLContext() > > Once we do that, we get the following error in the apache error log: > [Tue Mar 31 06:25:02.092936 2020] [core:notice] [pid 28668] AH00094: Command > line: '/usr/sbin/apache2' > [Tue Mar 31 09:31:37.336007 2020] [wsgi:error] [pid 30411] [remote > 172.27.1.200:55576] mod_wsgi (pid=30411): Failed to exec Python script file > '/data/website/myApp/wsgi.py'. > [Tue Mar 31 09:31:37.336081 2020] [wsgi:error] [pid 30411] [remote > 172.27.1.200:55576] mod_wsgi (pid=30411): Exception occurred processing WSGI > script '/data/website/myApp/wsgi.py'. > [Tue Mar 31 09:31:37.337969 2020] [wsgi:error] [pid 30411] [remote > 172.27.1.200:55576] Traceback (most recent call last): > [Tue Mar 31 09:31:37.338011 2020] [wsgi:error] [pid 30411] [remote > 172.27.1.200:55576] File "/data/website/myApp/wsgi.py", line 5, in <module> > [Tue Mar 31 09:31:37.338016 2020] [wsgi:error] [pid 30411] [remote > 172.27.1.200:55576] from myDashApp import server as application > [Tue Mar 31 09:31:37.338024 2020] [wsgi:error] [pid 30411] [remote > 172.27.1.200:55576] File "/data/website/myApp/myDashApp.py", line 7, in > <module> > [Tue Mar 31 09:31:37.338028 2020] [wsgi:error] [pid 30411] [remote > 172.27.1.200:55576] bla = ssl.SSLContext() > [Tue Mar 31 09:31:37.338034 2020] [wsgi:error] [pid 30411] [remote > 172.27.1.200:55576] File > "/usr/share/miniconda3/envs/my_env_36/lib/python3.6/ssl.py", line 391, in > __new__ > [Tue Mar 31 09:31:37.338038 2020] [wsgi:error] [pid 30411] [remote > 172.27.1.200:55576] self = _SSLContext.__new__(cls, protocol) > [Tue Mar 31 09:31:37.338059 2020] [wsgi:error] [pid 30411] [remote > 172.27.1.200:55576] ssl.SSLError: ('No cipher can be selected.',) > [Tue Mar 31 09:31:38.189212 2020] [wsgi:error] [pid 30409] [remote > 172.27.1.200:55575] mod_wsgi (pid=30409): Failed to exec Python script file > '/data/website/myApp/wsgi.py'. > [Tue Mar 31 09:31:38.189269 2020] [wsgi:error] [pid 30409] [remote > 172.27.1.200:55575] mod_wsgi (pid=30409): Exception occurred processing WSGI > script '/data/website/myApp/wsgi.py'. > [Tue Mar 31 09:31:38.189782 2020] [wsgi:error] [pid 30409] [remote > 172.27.1.200:55575] Traceback (most recent call last): > [Tue Mar 31 09:31:38.189810 2020] [wsgi:error] [pid 30409] [remote > 172.27.1.200:55575] File "/data/website/myApp/wsgi.py", line 5, in <module> > [Tue Mar 31 09:31:38.189813 2020] [wsgi:error] [pid 30409] [remote > 172.27.1.200:55575] from myDashApp import server as application > [Tue Mar 31 09:31:38.189818 2020] [wsgi:error] [pid 30409] [remote > 172.27.1.200:55575] File "/data/website/myApp/myDashApp.py", line 7, in > <module> > [Tue Mar 31 09:31:38.189821 2020] [wsgi:error] [pid 30409] [remote > 172.27.1.200:55575] bla = ssl.SSLContext() > [Tue Mar 31 09:31:38.189825 2020] [wsgi:error] [pid 30409] [remote > 172.27.1.200:55575] File > "/usr/share/miniconda3/envs/my_env_36/lib/python3.6/ssl.py", line 391, in > __new__ > [Tue Mar 31 09:31:38.189828 2020] [wsgi:error] [pid 30409] [remote > 172.27.1.200:55575] self = _SSLContext.__new__(cls, protocol) > [Tue Mar 31 09:31:38.189842 2020] [wsgi:error] [pid 30409] [remote > 172.27.1.200:55575] ssl.SSLError: ('No cipher can be selected.',) > > Did anybody encounter a similar problem or does anybody have an idea on how > to fix that? > > Just for a bit of context, we don't want to use SSL in our application, but > somehow datashader uses it for something and our goal is to get datashader to > work. > > Thanks, > Raphael > > -- > You received this message because you are subscribed to the Google Groups > "modwsgi" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected] > <mailto:[email protected]>. > To view this discussion on the web visit > https://groups.google.com/d/msgid/modwsgi/f3044394-eff1-4df3-8238-d9caeed3dcc0%40googlegroups.com > > <https://groups.google.com/d/msgid/modwsgi/f3044394-eff1-4df3-8238-d9caeed3dcc0%40googlegroups.com?utm_medium=email&utm_source=footer>. -- You received this message because you are subscribed to the Google Groups "modwsgi" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/modwsgi/534C5793-6E59-4A6C-9D8A-CB483BC4C05D%40gmail.com.
