Difference between revisions of "Apache"
Line 124: | Line 124: | ||
==Permissions== | ==Permissions== | ||
In addition to granting permissions in the Apache configuration file (an example is given below), correct permissions need to be set for the directory tree containing wsgi.py and other crucial files. If for example the tree is contained in your home directory and it's not readable to others, it won't work. One example (perhaps not the best) of how to make it work is to set 755 to your home dir. There are good practices which involve some skills in using Apache configuration files. | In addition to granting permissions in the Apache configuration file (an example is given below), correct permissions need to be set for the directory tree containing wsgi.py and other crucial files. If for example the tree is contained in your home directory and it's not readable to others, it won't work. One example (perhaps not the best) of how to make it work is to set 755 to your home dir. There are good practices which involve some skills in using Apache configuration files. | ||
+ | |||
+ | Again, for wsgi to work the whole tree containing the scripts it needs to execute needs to have "rx" permissions in it. | ||
==SELinux enforcement== | ==SELinux enforcement== |
Revision as of 18:43, 4 October 2017
Contents
Installation
Ubuntu
sudo apt-get install apache2 # Apache sudo apt-get install libapache2-mod-wsgi-py3 # mod_wsgi for Python3
CentOS
With minor variations...
sudo yum update sudo yum install httpd # start: sudo systemctl start httpd.service # enable on boot: sudo systemctl enable httpd.service
Don't forget the firewall:
sudo firewall-cmd --permanent --add-port=80/tcp sudo firewall-cmd --permanent --add-port=443/tcp sudo firewall-cmd --reload
Start it:
sudo systemctl start httpd
...and you can now check on it using "curl".
https://www.liquidweb.com/kb/how-to-install-apache-on-centos-7/ https://www.godaddy.com/help/build-a-lamp-stack-linux-apache-mysql-php-centos-7-17344
Start-Stop-Restart
Ubuntu
To start/stop/restart Apache 2 web server, enter one of the commands in each category:
### START /etc/init.d/apache2 start sudo /etc/init.d/apache2 start sudo service apache2 start ### STOP /etc/init.d/apache2 stop sudo /etc/init.d/apache2 stop sudo service apache2 stop ### RESTART /etc/init.d/apache2 restart sudo /etc/init.d/apache2 restart sudo service apache2 restart
System status:
systemctl status apache2.service
CentOS/RH
On RedHat Linux, the name of the daemon is httpd. Also, "service" command may be aliased to systemctl.
systemctl status -l httpd.service # or: sudo systemctl start httpd.service
Apache Configuration
General Items
KeepAlive sets the tradeoff between memory and CPU usage by Apache.
Serving static files: https://docs.djangoproject.com/en/1.10/howto/deployment/wsgi/modwsgi/#serving-files
Official Layout of the Config Files: https://wiki.apache.org/httpd/DistrosDefaultLayout This, however, is not written in stone. Some details are given below.
Ubuntu
See /etc/apache2/apache2.conf
Snippet from 000-default.conf on Ubuntu:
ServerName promptproc ServerAlias promptproc WSGIScriptAlias / /home/maxim/projects/p3s/promptproc/promptproc/wsgi.py Alias /static/ /var/www/static/ <Directory /var/www/static> Require all granted </Directory> <Directory /home/maxim/projects/p3s/promptproc/promptproc> <Files wsgi.py> Require all granted </Files> </Directory>
The "static directory must contain static content such as themes for the tables2 package. Keep in mind that while this is served automatically by the Django development server, it's not the case under Apache.
The file wsgi.conf needs to contain a reference to Python runtime like:
WSGIPythonPath /home/maxim/.local/lib/python3.5/site-packages
CentOS
See /etc/httpd/. Examples:
[mxp@neutdqm p3s]$ ls /etc/httpd/ conf conf.d conf.modules.d logs modules run [mxp@neutdqm p3s]$ ls /etc/httpd/conf.d/ autoindex.conf django.conf php.conf README userdir.conf welcome.conf [mxp@neutdqm p3s]$ ls /etc/httpd/conf/ httpd.conf magic
Permissions
In addition to granting permissions in the Apache configuration file (an example is given below), correct permissions need to be set for the directory tree containing wsgi.py and other crucial files. If for example the tree is contained in your home directory and it's not readable to others, it won't work. One example (perhaps not the best) of how to make it work is to set 755 to your home dir. There are good practices which involve some skills in using Apache configuration files.
Again, for wsgi to work the whole tree containing the scripts it needs to execute needs to have "rx" permissions in it.
SELinux enforcement
If installed, SELinux will impose its own restrictions. See:
getenforce
If it shows "Enforcing", try
sudo setenforce 0
mod_wsgi
- When using mod_wsgi one has to make sure the version matches the Python version, this needs to be specified when mod_wsgi is installed (see "Installation" above). You can use "ldd" on mod_wsgi.so to check dependencies including python version required. There is a possibility that mod_wsgi you installed has a long library name containing various metadata, and there is also still an older mod_wsgi file that get loaded instead. This needs to be taken care of.
- https://www.sitepoint.com/deploying-a-django-app-with-mod_wsgi-on-ubuntu-14-04/
- Methods of setting up the environment for wsgi described in the current Django documentation may or may not work on a particular installation/release/distro affiliation of Apache due to a few subtle bugs and relative complexity of *.conf and related files
- If you decide to build mod_wsgi from source, make sure your Python was also built from source with "./config -enable-shared" option
- It's easy to miss the fact that one segment of the path leading to wsgi.py doesn't have the right permissions, while httpd is run by user apache (or similar)
If you are willing to brave building mod_wsgi from source, here is a template:
wget -q "https://github.com/GrahamDumpleton/mod_wsgi/archive/4.4.21.tar.gz" tar -xzf '4.4.21.tar.gz' cd ./mod_wsgi-4.4.21 ./configure --with-python=/usr/local/bin/python3.5 LD_RUN_PATH=/usr/local/lib make make make install
You'll likely see "axps missing" or similar message, this component may be obtained by installing httpd-devel.
Ports and Firewalls
NB. In most cases you need to run the utilities mentioned above as root or via sudo.
SELinux may prevent you from configuring Apache with a non-standard port. Useful commands:
semanage port -l # list ports semanage port -a -t http_port_t -p tcp 81 # add a rule
List ports
sudo nmap -sT -O localhost # or sudo lsof -i
In addition to that, CentOS "may" have firewall settings which are beyond and above what you can learn with the tools listed above. See http://ask.xmodulo.com/open-port-firewall-centos-rhel.html. To check the firewall rules:
$ sudo iptables -L
To open port 80 permanently:
$ sudo firewall-cmd --zone=public --add-port=80/tcp --permanent $ sudo firewall-cmd --reload