> On 13 May 2020, at 1:06 am, 'OwlHoot' via modwsgi <[email protected]> > wrote: > > > I have used mod_wsgi-express to produce an Apache config, but I would like to > convert my httpd.conf file to run Apache using the "vanilla" mod_wsgi module.
It would be a really bad idea to try and copy what mod_wsgi-express created if you are not experienced in how to configure Apache. That configuration also relies on bits installed by the mod_wsgi Python package, which you wouldn't necessarily have access to. I can't recommend strongly enough, don't try and use the generated configuration. If you insist on configuring Apache manually, start with the Apache default config and system mod_wsgi package and then add bits to it, following the Django documentation (https://docs.djangoproject.com/en/3.0/howto/deployment/wsgi/modwsgi/ <https://docs.djangoproject.com/en/3.0/howto/deployment/wsgi/modwsgi/>) on what you need to add for it. What is the reasons you can' t use mod_wsgi-express to do everything? It is designed to be used in containers and make it easy explicitly because setting up Apache yourself to work in a container is painful and hard to get right. > My intention from the outset was to use "express" only to get the actual > config running, but currently it returns "500 Internal Server" for both > "http" and "httpd" URLS, with no error indication that I can see in _any_ of > the Apache logs or in the Django app log! I have been struggling with this > Apache + Django setup for nearly a week now, despite mod_wsgi-express maybe > making it easier. So you have in part struggled for a week with this because you don't want to use a Python virtual environment, when you could work out what Python virtual environments are and what they do in an hour or so. > I can see from the httpd output that all the TLS certificate validation works > fine. So that is one less thing to worry about. > > As I explained in my previous post, this is all running in a Docker > container, and I have managed to install all the relevant Django modules and > other modules need by the app in the system-wide python3, by adding the > option "--prefix=/usr" to every "pip3 install" and "python3 setup.py install" > command in my Dockefile So I can run the httpd server as user "apache" > without having to worry about pipenv etc. ( I have no desire whatever to run > python in a virtual environment, as I have not used these before and this > would add to the many complications besetting me!! In general virtual python > environments should not be needed in Docker containers! ) And I pointed you at a blog post which laid out why not using a virtual environment is a bad idea. That it is taking more than a week is because it seems at every point you are choosing the hardest way possible to do things which goes against all advice. There isn't really much I can do to help you if you are going to go off on a path which is not recommended. It will consume a lot of my time to try and fix the problems you are creating for yourself by not following the guidance as to what is the simpler path. I don't have that much free time. > I am aware the present httpd.conf (copied below) is somewhat lax in security. > But for now I am _only_ interested in getting the blasted thing to a state > where Apache at least works, and only then I will worry about nailing down > the security, such as further limiting the "Allow all" scope. > > When Apache is running, I don't see a separate process with port 8443 in its > name. So I'm not convinced anything is listening on port 8443. > > > <IfModule !version_module> > LoadModule version_module '${MOD_WSGI_MODULES_DIRECTORY}/mod_version.so' > </IfModule> > > Include /application/apache/ssl.conf > > ServerName jrsurveys.com > ServerRoot '/application/apache' > PidFile '/application/apache/httpd.pid' > > DefaultRuntimeDir '/application/apache' > > WSGIScriptAlias / /application/source/bos2.wsgi > > ServerTokens ProductOnly > ServerSignature Off > > User ${MOD_WSGI_USER} > Group ${MOD_WSGI_GROUP} > > Listen 8000 > Listen 8443 > > <IfModule !mpm_event_module> > <IfModule !mpm_worker_module> > <IfModule !mpm_prefork_module> > LoadModule mpm_event_module '${MOD_WSGI_MODULES_DIRECTORY}/mod_mpm_event.so' > </IfModule> > </IfModule> > </IfModule> > > <IfModule !access_compat_module> > LoadModule access_compat_module > '${MOD_WSGI_MODULES_DIRECTORY}/mod_access_compat.so' > </IfModule> > > <IfModule !unixd_module> > LoadModule unixd_module '${MOD_WSGI_MODULES_DIRECTORY}/mod_unixd.so' > </IfModule> > > <IfModule !authn_core_module> > LoadModule authn_core_module '${MOD_WSGI_MODULES_DIRECTORY}/mod_authn_core.so' > </IfModule> > > <IfModule !authz_core_module> > LoadModule authz_core_module '${MOD_WSGI_MODULES_DIRECTORY}/mod_authz_core.so' > </IfModule> > > <IfModule !authz_host_module> > LoadModule authz_host_module '${MOD_WSGI_MODULES_DIRECTORY}/mod_authz_host.so' > </IfModule> > > <IfModule !mime_module> > LoadModule mime_module '${MOD_WSGI_MODULES_DIRECTORY}/mod_mime.so' > </IfModule> > > <IfModule !rewrite_module> > LoadModule rewrite_module '${MOD_WSGI_MODULES_DIRECTORY}/mod_rewrite.so' > </IfModule> > > <IfModule !alias_module> > LoadModule alias_module '${MOD_WSGI_MODULES_DIRECTORY}/mod_alias.so' > </IfModule> > > <IfModule !dir_module> > LoadModule dir_module '${MOD_WSGI_MODULES_DIRECTORY}/mod_dir.so' > </IfModule> > > <IfModule !env_module> > LoadModule env_module '${MOD_WSGI_MODULES_DIRECTORY}/mod_env.so' > </IfModule> > > <IfModule !headers_module> > LoadModule headers_module '${MOD_WSGI_MODULES_DIRECTORY}/mod_headers.so' > </IfModule> > > <IfModule !filter_module> > LoadModule filter_module '${MOD_WSGI_MODULES_DIRECTORY}/mod_filter.so' > </IfModule> > > <IfModule !reqtimeout_module> > LoadModule reqtimeout_module '${MOD_WSGI_MODULES_DIRECTORY}/mod_reqtimeout.so' > </IfModule> > > <IfModule mpm_prefork_module> > </IfModule> > > LoadModule wsgi_module > '/usr/lib64/python3.6/site-packages/mod_wsgi/server/mod_wsgi-py36.cpython-36m-x86_64-linux-gnu.so' > > TypesConfig '/etc/mime.types' > > HostnameLookups Off > MaxMemFree 64 > Timeout 60 > ListenBacklog 500 > > RequestReadTimeout header=15-30,MinRate=500 body=15,MinRate=500 > > LimitRequestBody 10485760 > > <Directory /> > AllowOverride None > Require all granted > Options FollowSymLinks > </Directory> > > WSGIPythonHome '/usr' > > WSGIVerboseDebugging 'Off' > > WSGISocketPrefix /application/apache/wsgi > > WSGISocketRotation Off > > WSGIRestrictEmbedded On > > WSGIDaemonProcess localhost:8000 \ > display-name='(wsgi:localhost:8000:0)' \ > home='/application/apache' \ > threads=5 \ > maximum-requests=0 \ > python-path='' \ > python-eggs='/application/apache/python-eggs' \ > lang='en_US.UTF-8' \ > locale='en_US.UTF-8' \ > listen-backlog=100 \ > queue-timeout=45 \ > socket-timeout=60 \ > connect-timeout=15 \ > request-timeout=60 \ > inactivity-timeout=0 \ > startup-timeout=15 \ > deadlock-timeout=60 \ > graceful-timeout=15 \ > eviction-timeout=0 \ > restart-interval=0 \ > cpu-time-limit=0 \ > shutdown-timeout=5 \ > send-buffer-size=0 \ > receive-buffer-size=0 \ > response-buffer-size=0 \ > response-socket-timeout=0 \ > server-metrics=Off > > WSGICallableObject 'application' > WSGIPassAuthorization On > WSGIMapHEADToGET Auto > > WSGIServerMetrics Off > > KeepAlive Off > > ErrorLog "/application/apache/error.log" > LogLevel warn > > <IfModule !log_config_module> > LoadModule log_config_module ${MOD_WSGI_MODULES_DIRECTORY}/mod_log_config.so > </IfModule> > LogFormat "%h %l %u %t \"%r\" %>s %b" common > LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" > combined > LogFormat "undefined" custom > CustomLog "/application/apache/access.log" common > > <IfModule !ssl_module> > LoadModule ssl_module ${MOD_WSGI_MODULES_DIRECTORY}/mod_ssl.so > </IfModule> > > <IfModule mpm_prefork_module> > ServerLimit 20 > StartServers 1 > MaxClients 20 > MinSpareServers 1 > MaxSpareServers 2 > MaxRequestsPerChild 0 > </IfModule> > > <IfModule mpm_worker_module> > ServerLimit 2 > ThreadLimit 10 > StartServers 1 > MaxClients 20 > MinSpareThreads 10 > MaxSpareThreads 10 > ThreadsPerChild 10 > MaxRequestsPerChild 0 > ThreadStackSize 262144 > </IfModule> > > <IfModule mpm_event_module> > ServerLimit 2 > ThreadLimit 10 > StartServers 1 > MaxClients 20 > MinSpareThreads 10 > MaxSpareThreads 10 > ThreadsPerChild 10 > MaxRequestsPerChild 0 > ThreadStackSize 262144 > </IfModule> > > # See https://httpd.apache.org/docs/2.4/vhosts/name-based.html > > <VirtualHost *:8000> > ServerName jrsurveys.com > ServerAlias jrsurveys.com *.jrsurveys.com > <Directory /> > Require all granted > </Directory> > LogLevel trace4 > ErrorLog /application/apache/error_https.log > CustomLog /application/apache/access_https.log combined > </VirtualHost> > > <VirtualHost *:8443> > ServerName jrsurveys.com > ServerAlias jrsurveys.com *.jrsurveys.com > <Directory /> > Require all granted > </Directory> > LogLevel trace4 > ErrorLog /application/apache/error_https.log > CustomLog /application/apache/access_https.log combined > SSLEngine On > SSLCertificateFile /etc/pki/tls/certs/jrsurveys.com.crt > SSLCertificateKeyFile /etc/pki/tls/private/jrsurveys.com.key > </VirtualHost> > > DocumentRoot '/application/apache' > > AccessFileName .htaccess > > <Directory '/application/apache'> > AllowOverride None > RewriteEngine On > Include /application/apache/rewrite.conf > RewriteCond %{REQUEST_FILENAME} !-f > RewriteRule .* - [H=wsgi-handler] > Require all granted > </Directory> > > WSGIHandlerScript wsgi-handler '/application/apache/handler.wsgi' \ > process-group='localhost:8000' application-group=%{GLOBAL} > WSGIImportScript '/application/apache/handler.wsgi' \ > process-group='localhost:8000' application-group=%{GLOBAL} > > > > Regards > > John R > > > > > -- > You received this message because you are subscribed to the Google Groups > "modwsgi" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected] > <mailto:[email protected]>. > To view this discussion on the web visit > https://groups.google.com/d/msgid/modwsgi/3f36b53b-c370-4bfa-83c2-fef94f9b541a%40googlegroups.com > > <https://groups.google.com/d/msgid/modwsgi/3f36b53b-c370-4bfa-83c2-fef94f9b541a%40googlegroups.com?utm_medium=email&utm_source=footer>. -- You received this message because you are subscribed to the Google Groups "modwsgi" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/modwsgi/B0AE550E-81B4-4230-86CC-57C2E8ACF241%40gmail.com.
