--
You received this message because you are subscribed to the Google Groups "modwsgi" group.
To unsubscribe from this group and stop receiving emails from it, send an email to modwsgi+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/modwsgi/fc14abce-0f43-4e35-a91e-05310847947an%40googlegroups.com.
server01.corp.com sent an invalid response. ERR_SSL_PROTOCOL_ERROR
In this case, I get an ambiguous ssl error. I do know that the browser changing my URL can be a proxy issue, but am unsure how to solve it in this case.
So here my question is, how/what am I doing wrong to serve my app using mod_wsgi-express to upgrade insecure requests and use https behind an apache proxy?
As a side note, being able to use the apachectl start and stop with systemd will be a blessing. I'm not sure exactly how you are able to recreate/serve an apache module outside of apache like this but its very cool, very smart, and I cant wait to show my friends it working.
Along the way, I used these resources:
https://pypi.org/project/mod-wsgi/
https://groups.google.com/g/modwsgi/c/nVNtX4zJGBY
https://github.com/GrahamDumpleton/mod_wsgi/issues/411
Aforementioned blog posts
Thank you for your time,
Matthew Johnson
On 17 Aug 2021, at 7:26 am, Matt J <matthew.ja...@outlook.com> wrote:Hi Graham,
Thank you for your response. I am now using mod_wsgi-express, and running into what I believe is a final issue - SSL errors. Please see this new configuration:
conf.d/djangosite.conf - it can be noted that most, but not all other apps on this server use localhost in the proxy pass, but I believe it should be the hostname for our case. Maybe you can correct me on this.<Location "/apps/onequeue">ProxyPass "http://server01.corp.com:9889" retry=0ProxyPassReverse "http://server01.corp.com:9889"
<IF "req('Authorization') =~ /^Bearer/">stuff</IF><ELSE>stuff but with LDAP</ELSE>Require valid-userRequestHeader set X-Remote-User %{REMOTE_USER}sRequestHeader set X-Remote-Host %{REMOTE_HOST}s</Location>conf/httpd.conf - only relevant items shown (save a bunch of location-specific ldap crap)# LoadModule foo_module modules/mod_foo.soInclude conf.modules.d/*.conf#MOD_WSGI installed from SOURCE using source python3.7 with shared flagsLoadFile /deployment/tools/lib/libpython3.7m.so.1.0
#LoadModule wsgi_module modules/mod_wsgi.so#MOD_WSGI-EXPRESS installed from PyEnv with mod_wsgi installed via PIPLoadModule wsgi_module modules/mod_wsgi-py37.cpython-37m-x86_64-linux-gnu.soWSGIPythonHome "/deployment/apps/envs/djangosite-api"
Issue Occuring:Alas, we are at the command I am trying to use to test the server: (I have an identical variant for manage.py runmodwsgi that produces the same error).setup @
mod_wsgi-express setup-server /deployment/source/djangosite/mysite/wsgi.py --reload-on-changes --port=9889 --https-port=443 --https-only --server-name=server01.corp.com --mount-point=/apps/djangosite --url-alias /apps/djangosite/static /deployment/source/djangosite/mysite/static/ --ssl-certificate-file=/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt --ssl-certificate-key-file=/etc/pki/tls/private/server.key --user=opc --group=cad --server-root=/deployment/source/djangosite/mysite/mod_wsgi-express
start server @/deployment/source/mysite/mod_wsgi-express/apachectl startcommand output:(13)Permission denied: AH00072: make_sock: could not bind to address [::]:443(13)Permission denied: AH00072: make_sock: could not bind to address 0.0.0.0:443no listening sockets available, shutting downAH00015: Unable to open logsIn this case it cannot use 443.
setup again @ (without specify --https-port and --https-only)mod_wsgi-express setup-server /deployment/source/djangosite/mysite/wsgi.py --reload-on-changes --port=9889 --server-name server01.corp.com --mount-point=/apps/djangosite --url-alias /apps/djangosite/static /deployment/source/djangosite/mysite/static/ --ssl-certificate-file=/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt --ssl-certificate-key-file=/etc/pki/tls/private/server.key --user opc --group cad --server-root=/deployment/source/djangosite/mysite/mod_wsgi-express --startup-log --access-log
start server @/deployment/source/mysite/mod_wsgi-express/apachectl startweb browser output: (chrome)[URL CHANGED BY BROWSER]
server01.corp.com sent an invalid response. ERR_SSL_PROTOCOL_ERROR
In this case, I get an ambiguous ssl error. I do know that the browser changing my URL can be a proxy issue, but am unsure how to solve it in this case.
So here my question is, how/what am I doing wrong to serve my app using mod_wsgi-express to upgrade insecure requests and use https behind an apache proxy?
As a side note, being able to use the apachectl start and stop with systemd will be a blessing. I'm not sure exactly how you are able to recreate/serve an apache module outside of apache like this but its very cool, very smart, and I cant wait to show my friends it working.
To view this discussion on the web visit https://groups.google.com/d/msgid/modwsgi/3abeb300-ad35-4e8c-b1ac-faf682f116f0n%40googlegroups.com.
On 19 Aug 2021, at 1:54 am, Matt J <matthew.ja...@outlook.com> wrote:
Hi Graham,
Ahh, my mistake, missed those two article about proxying. This now works as expected. On typical apachectl start and stop the application runs as expected. Hoewever, I cant seem to have the service start correctly from systemd. Interestingly, it reports the same information as a manual start, but chooses to die. I know you said you are not a systemd expert, but would you know what is causing mod_wsgi-express to deregister itself immediately?
SETUP COMMAND:/my/envs/compute-api-prod/bin/python3.7 manage.py runmodwsgi --setup-only --reload-on-changes --port=9889 --user opc --group faim --document-root /prod-path/compute/mysite/ --server-root=/var/run/compute-express --startup-log --access-log --log-level debugNORMAL START & LOG:
/var/run/compute-express/apachectl start&
To view this discussion on the web visit https://groups.google.com/d/msgid/modwsgi/93287245-44ec-4031-ba51-3ba3c3dbcbb4n%40googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/modwsgi/16aa65e3-3ab8-41df-bf66-57f27acf2cabn%40googlegroups.com.