Re: setup server from scratch (with or without apache?)
News123 news1...@free.fr writes: 1.) What alternatives would exist compared to apache / mod_python I think you could use stunnel to listen on port 443 and forward it to a local port, where you'd have a python httpd, perhaps using the SimpleHTTPServer module. Stunnel uses OpenSSL which handles client certificates pretty well as far as I can tell. There are various Python openssl bindings that I haven't used and I get they impression that at least some of them are sloppy about certificates at either end. I've never used stunnel but have been wanting to. mod_python is pretty dead. Frankly I've always used apache whenever I've used https for web pages. You could use mod_wsgi (I haven't tried this yet) or again, set it up as a proxy forwarding to a local port for a python httpd to listen to. Or for that matter, you use old-fashioned cgi's. That's what I usually do if there's not a load issue. -- http://mail.python.org/mailman/listinfo/python-list
Re: setup server from scratch (with or without apache?)
Paul Rubin no.em...@nospam.invalid wrote: mod_python is pretty dead. It's now totally dead[1]. (Not pining for the fjords, either.) 1: http://blog.dscpl.com.au/2010/06/modpython-project-is-now-officially.html -- http://mail.python.org/mailman/listinfo/python-list
Re: setup server from scratch (with or without apache?)
News123, 20.06.2010 13:12: Now I have the opportunity to setup a server from scratch. 90% of the content will be non visual content over https with client AND server certificates. Access privileges will depend on the client certificate. I will only have one IP address and only port 443. 1.) What alternatives would exist compared to apache / mod_python 5.) What about mod_wsgi vs. mod_python As others have pointed out, mod_wsgi is preferable over mod_python. In any case, you want your code to run on top of WSGI, as it makes it independent of a specific web server environment (i.e. much more future proof). I've read happy comments on nginx as an HTTP/S server for WSGI apps, both for being easy to install and set up, and for being fast, versatile and resource friendly. I'd try that before going for an Apache installation. I'd also second the advice to start with a WSGI setup on top of CGI that's simple to set up, redeploy and test, and then move on to more involved and less agile deployments when you see that you need them. Stefan -- http://mail.python.org/mailman/listinfo/python-list
Re: setup server from scratch (with or without apache?)
News123 a écrit : Hi, So far I never really had to ask this question and this is also, why I am stil a little shaky on this topic: So far the typical LAMP server existed already and contained already a lot of existing PHP web applications, which I couldn't remove. Therefore I just used mod_python to implement some minor functionality next to it. Now I have the opportunity to setup a server from scratch. 90% of the content will be non visual content over https with client AND server certificates. Access privileges will depend on the client certificate. I will only have one IP address and only port 443. 1.) What alternatives would exist compared to apache / mod_python wsgi + any wsgi-compatible web server. 2.) What disadvantage would I have using apache and mod_python compared to other solutions Err... I guess you already got the most important answer on this !-) 3.) What's the stability / security aspect of other solutions, especially concerning client / server certificates Can't tell, sorry. 4.) How could I prepare for the case, that customer might lateron require PHP? (not very probably, but who knows. Just make sure you can run PHP with the web server you choose. -- http://mail.python.org/mailman/listinfo/python-list
Re: setup server from scratch (with or without apache?)
I will only have one IP address and only port 443. 1.) What alternatives would exist compared to apache / mod_python You can use a combination of mod_proxy and mod_rewrite to set up a forwarding proxy in your Apache server. Let Apache deal with SSL, virtual hosting etc. Then bind your application to a local port (e.g. localhost:8080) and configure the Apache proxy to rewrite your requests. Pound offers a similar setup. Christian -- http://mail.python.org/mailman/listinfo/python-list
Re: setup server from scratch (with or without apache?)
News123 wrote: Hi, So far I never really had to ask this question and this is also, why I am stil a little shaky on this topic: So far the typical LAMP server existed already and contained already a lot of existing PHP web applications, which I couldn't remove. Therefore I just used mod_python to implement some minor functionality next to it. Now I have the opportunity to setup a server from scratch. 90% of the content will be non visual content over https with client AND server certificates. Access privileges will depend on the client certificate. Thanks a lot for all your answers. So it seems it's rather smart to not stick with mod_python, though it might be, that it's just restin' . As a first test I tried to use apache with mod_wsgi and a hello world python wsgi script. This works fine. Almost everything of my mod_python code should translate rather easily. The one problem, that I have is following. my mod_python code uses: req.add_common_vars() ssh_dn_o = req.ssl_var_lookup(SSL_CLIENT_S_DN_O) How could I obtain apache's SSL variable 'SSL_CLIENT_S_DN_O' I'd like, that my script reacts differently depending on the client's SSL certificate. If that problem is solved then I could probably get rid of mod_python. -- http://mail.python.org/mailman/listinfo/python-list
Re: setup server from scratch (with or without apache?)
Hi Kruptein, Kruptein wrote: I think that apache and mod_python are good enough, but I'm not an expert. but I think that the security aspect for a large part depends on how secure your code is. You can have a very secure server setting, but somewhere a bug in your code that makes it insecure. Agreed. There's a lot of potential to make stupid things in one's own code. In my case however I'd like to reject access to anybody not having a client certificate. Though users should be identified by their certificcates it would (in my current case) not be a major disaster if one user would gain control over another user's data. The group of users is limited and all users are trusted during the live time of their certificate. Most important for me is, that my python script is only called when the certificate is valid. -- http://mail.python.org/mailman/listinfo/python-list
setup server from scratch (with or without apache?)
Hi, So far I never really had to ask this question and this is also, why I am stil a little shaky on this topic: So far the typical LAMP server existed already and contained already a lot of existing PHP web applications, which I couldn't remove. Therefore I just used mod_python to implement some minor functionality next to it. Now I have the opportunity to setup a server from scratch. 90% of the content will be non visual content over https with client AND server certificates. Access privileges will depend on the client certificate. I will only have one IP address and only port 443. 1.) What alternatives would exist compared to apache / mod_python 2.) What disadvantage would I have using apache and mod_python compared to other solutions 3.) What's the stability / security aspect of other solutions, especially concerning client / server certificates 4.) How could I prepare for the case, that customer might lateron require PHP? (not very probably, but who knows. 5.) What about mod_wsgi vs. mod_python Thanks a lot for suggestions / ideas. -- http://mail.python.org/mailman/listinfo/python-list
Re: setup server from scratch (with or without apache?)
I think that apache and mod_python are good enough, but I'm not an expert. but I think that the security aspect for a large part depends on how secure your code is. You can have a very secure server setting, but somewhere a bug in your code that makes it insecure. -- http://mail.python.org/mailman/listinfo/python-list