Re: [modwsgi] When use mod_wsgi.../apachectl status, Error loading https://localhost:443/server-status: SSL error

[Graham Dumpleton]

> On 13 Feb 2018, at 7:47 am, Rafael Karosuo  wrote:
> 
> OH!, thank you so much, this is a lot of new useful information.
> I'm testing it right away.
> 
> Do you mean mod_wsgi-express, not mod_wsgi-httpd? Or are you actually using 
> both?
>  I'm using the mod_wsgi as far as I know, since I use
> python manage.py runmodwsgi --reload-on-changes
>  And in my virtual env I have installed the mod_wsgi-httpd, and mod_wsgi.
> A misunderstood that when installing mod_wsgi-httpd you had your configs in 
> an independent mode (separate apache on /tmp for example), and when you don't 
> install mod_wsgi-httpd you have it configured in the main apache 
> installation, which is wrong.

That is not correct.

When you use either mod_wsgi-express start-server/setup-server or runmodwsgi 
Django management command, a generated Apache config is used. This has got 
nothing to do with whether you use mod_wsgi-httpd. The mod_wsgi-httpd package 
only needs to be installed if your system package isn't complete and doesn't 
have header files to allow mod_wsgi to be used. Even when the system Apache can 
be used to compile mod_wsgi against, neither start-server/setup-server or 
runmodwsgi modify the system Apache.

If you want you can still use pip install mod_wsgi method to build mod_wsgi.so 
and then manually configure system Apache to use it, but that is an option and 
not default.

> I'm gonna try to use the mod_wsgi-express script instead of the above command 
> then, to use what you suggested me.

Using runmodwsgi is fine.

Graham

-- 
You received this message because you are subscribed to the Google Groups 
"modwsgi" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to modwsgi+unsubscr...@googlegroups.com.
To post to this group, send email to modwsgi@googlegroups.com.
Visit this group at https://groups.google.com/group/modwsgi.
For more options, visit https://groups.google.com/d/optout.

Re: [modwsgi] When use mod_wsgi.../apachectl status, Error loading https://localhost:443/server-status: SSL error

[Rafael Karosuo]

OH!, thank you so much, this is a lot of new useful information.
I'm testing it right away.

Do you mean mod_wsgi-express, not mod_wsgi-httpd? Or are you actually using 
> both?
>
 I'm using the mod_wsgi as far as I know, since I use

python manage.py runmodwsgi --reload-on-changes

 And in my virtual env I have installed the mod_wsgi-httpd, and mod_wsgi.
A misunderstood that when installing mod_wsgi-httpd you had your configs in 
an independent mode (separate apache on /tmp for example), and when you 
don't install mod_wsgi-httpd you have it configured in the main apache 
installation, which is wrong.

I'm gonna try to use the mod_wsgi-express script instead of the above 
command then, to use what you suggested me.

Thanks again, I'll let you know if I solved it.

-- 
You received this message because you are subscribed to the Google Groups 
"modwsgi" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to modwsgi+unsubscr...@googlegroups.com.
To post to this group, send email to modwsgi@googlegroups.com.
Visit this group at https://groups.google.com/group/modwsgi.
For more options, visit https://groups.google.com/d/optout.

Re: [modwsgi] When use mod_wsgi.../apachectl status, Error loading https://localhost:443/server-status: SSL error

[Graham Dumpleton]

BTW, run:

mod_wsgi-express start-server --help

to see all options.

Graham

> On 11 Feb 2018, at 10:56 am, Graham Dumpleton  
> wrote:
> 
> 
> 
>> On 11 Feb 2018, at 10:07 am, Rafael Karosuo > > wrote:
>> 
>> Thanks for your work Graham.
>> I'm currently using mod_wsgi with django, running the site with http without 
>> further problems.
>> Now I want to use https, I bought the certificate and used WHM to install it 
>> on main Apache and using a simple php index page, I can see that it's 
>> correctly installed.
>> Here's where the things get fuzzy for me, I'm not an expert in apache 
>> config, the thing is that as I'm using mod_wsgi-httpd,
> 
> Do you mean mod_wsgi-express, not mod_wsgi-httpd? Or are you actually using 
> both?
> 
>> it created a separated config apache module (in the default /tmp),
> 
> For permanent setups, you should not use the default /tmp. Use --server-root 
> option to specify a more permanent directory. This is explained in:
> 
> https://pypi.python.org/pypi/mod_wsgi 
> 
>> I searched for the httpd.conf on that mod_wsgi-localhost:443:500/ directory, 
>> found it, but found 3 places where you could put certs.. I just filled the 3 
>> with the same cert location.
>> Result:
>> When open page in the browser, ERR_SSL_PROTOCOL_ERROR
>> When use mod_wsgi.../apachectl status, Error loading 
>> https://localhost:443/server-status:  SSL 
>> error
>> When less mod_wsgi.../error_log, just shows the last move which is execute 
>> the command
>> 
>> I'm pretty lost here on where should I go next to fix this, could you please 
>> give some hint?
> 
> You should never modify the generated httpd.conf file by hand when using 
> mod_wsgi-express.
> 
> If you want to supply a SSL certificate, you supply options to 
> mod_wsgi-express for it.
> 
> The options you want to look at for typical case are:
> 
>   --server-name HOSTNAME
> The primary host name of the web server. If this name
> starts with 'www.' then an automatic redirection from
> the parent domain name to the 'www.' server name will
> created.
> 
>   --ssl-certificate-file FILE-PATH
> Specify the path to the SSL certificate file.
>   --ssl-certificate-key-file FILE-PATH
> Specify the path to the private key file corresponding
> to the SSL certificate file.
> 
>   --ssl-certificate FILE-PATH
> Specify the common path to the SSL certificate files.
> This is a convenience function so that only one option
> is required to specify the location of the certificate
> file and the private key file. It is expected that the
> files have '.crt' and '.key' extensions. This option
> should refer to the common part of the names for both
> files which appears before the extension.
> 
>   --https-onlyFlag indicating whether any requests made using a HTTP
> request over the non secure connection should be
> redirected automatically to use a HTTPS request over
> the secure connection.
> 
> So you must supply at least use --server-name and --ssl-certificate.
> 
> Graham
> 

-- 
You received this message because you are subscribed to the Google Groups 
"modwsgi" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to modwsgi+unsubscr...@googlegroups.com.
To post to this group, send email to modwsgi@googlegroups.com.
Visit this group at https://groups.google.com/group/modwsgi.
For more options, visit https://groups.google.com/d/optout.

Re: [modwsgi] When use mod_wsgi.../apachectl status, Error loading https://localhost:443/server-status: SSL error

[Graham Dumpleton]

> On 11 Feb 2018, at 10:07 am, Rafael Karosuo  wrote:
> 
> Thanks for your work Graham.
> I'm currently using mod_wsgi with django, running the site with http without 
> further problems.
> Now I want to use https, I bought the certificate and used WHM to install it 
> on main Apache and using a simple php index page, I can see that it's 
> correctly installed.
> Here's where the things get fuzzy for me, I'm not an expert in apache config, 
> the thing is that as I'm using mod_wsgi-httpd,

Do you mean mod_wsgi-express, not mod_wsgi-httpd? Or are you actually using 
both?

> it created a separated config apache module (in the default /tmp),

For permanent setups, you should not use the default /tmp. Use --server-root 
option to specify a more permanent directory. This is explained in:

https://pypi.python.org/pypi/mod_wsgi 

> I searched for the httpd.conf on that mod_wsgi-localhost:443:500/ directory, 
> found it, but found 3 places where you could put certs.. I just filled the 3 
> with the same cert location.
> Result:
> When open page in the browser, ERR_SSL_PROTOCOL_ERROR
> When use mod_wsgi.../apachectl status, Error loading 
> https://localhost:443/server-status: SSL error
> When less mod_wsgi.../error_log, just shows the last move which is execute 
> the command
> 
> I'm pretty lost here on where should I go next to fix this, could you please 
> give some hint?

You should never modify the generated httpd.conf file by hand when using 
mod_wsgi-express.

If you want to supply a SSL certificate, you supply options to mod_wsgi-express 
for it.

The options you want to look at for typical case are:

  --server-name HOSTNAME
The primary host name of the web server. If this name
starts with 'www.' then an automatic redirection from
the parent domain name to the 'www.' server name will
created.

  --ssl-certificate-file FILE-PATH
Specify the path to the SSL certificate file.
  --ssl-certificate-key-file FILE-PATH
Specify the path to the private key file corresponding
to the SSL certificate file.

  --ssl-certificate FILE-PATH
Specify the common path to the SSL certificate files.
This is a convenience function so that only one option
is required to specify the location of the certificate
file and the private key file. It is expected that the
files have '.crt' and '.key' extensions. This option
should refer to the common part of the names for both
files which appears before the extension.

  --https-onlyFlag indicating whether any requests made using a HTTP
request over the non secure connection should be
redirected automatically to use a HTTPS request over
the secure connection.

So you must supply at least use --server-name and --ssl-certificate.

Graham

-- 
You received this message because you are subscribed to the Google Groups 
"modwsgi" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to modwsgi+unsubscr...@googlegroups.com.
To post to this group, send email to modwsgi@googlegroups.com.
Visit this group at https://groups.google.com/group/modwsgi.
For more options, visit https://groups.google.com/d/optout.