Skip to first unread message
Tobias Locsei
Feb 17, 2014, 5:48:02 AM2/17/14
to web...@googlegroups.com
Hi,
I'm new to web2py and I really like how easy it is to use and how excellent the documentation is.
However, I'm having some trouble deploying my "hello world" app on a vps (digital ocean droplet). I used the script scripts/setup-web2py-nginx-uwsgi-ubuntu.sh from http://web2py.com/book/default/chapter/13#Nginx. The welcome app works fine but I can't access admin. When I try to access it I get the message "Admin is disabled because insecure channel". If I try the same link prefixed with https (i.e. https://mydomain.com/admin/default/index) then I get a blank screen and after a couple of minutes "the server is taking too long to respond".
Here are the things I've checked
- changed "listen 80" to "listen 8080" in the configuration file because I'm using port forwarding
- checked that web2py.crt and web2py.key are in the /etc/nginx/ssl/ directory
Any ideas what I might be doing wrong? Thanks in advance for any help,
Tobias
P.S. Not sure if it's relevant, but before I used the nginx setup script I used the apache one step setup script, but I couldn't get even the welcome app to display.
I'm new to web2py and I really like how easy it is to use and how excellent the documentation is.
However, I'm having some trouble deploying my "hello world" app on a vps (digital ocean droplet). I used the script scripts/setup-web2py-nginx-uwsgi-ubuntu.sh from http://web2py.com/book/default/chapter/13#Nginx. The welcome app works fine but I can't access admin. When I try to access it I get the message "Admin is disabled because insecure channel". If I try the same link prefixed with https (i.e. https://mydomain.com/admin/default/index) then I get a blank screen and after a couple of minutes "the server is taking too long to respond".
Here are the things I've checked
- changed "listen 80" to "listen 8080" in the configuration file because I'm using port forwarding
- checked that web2py.crt and web2py.key are in the /etc/nginx/ssl/ directory
Any ideas what I might be doing wrong? Thanks in advance for any help,
Tobias
P.S. Not sure if it's relevant, but before I used the nginx setup script I used the apache one step setup script, but I couldn't get even the welcome app to display.
Tim Richardson
Feb 17, 2014, 1:41:32 PM2/17/14
to web...@googlegroups.com
What OS? I've used ubuntu 12.04 a few times and the apache script works perfectly.
Tobias Locsei
Feb 17, 2014, 2:54:05 PM2/17/14
to web...@googlegroups.com
Hi Tim,
I'm using ubuntu 13.10. Is there an error log or something I can post here to help figure out what went wrong?
Tobias
I'm using ubuntu 13.10. Is there an error log or something I can post here to help figure out what went wrong?
Tobias
Anthony
Feb 17, 2014, 3:09:02 PM2/17/14
to web...@googlegroups.com
Why are you port forwarding? Is SSL still on port 443?
Anthony
Anthony
Janos Tobias Locsei
Feb 17, 2014, 4:37:16 PM2/17/14
to web...@googlegroups.com
Thanks Anthony, that's the problem - I hadn't opened port 443 in my iptables. I knew it would be something silly. It works now.
I also had to change a couple of other things to make it work. Would either of the below compromise the security of my setup?
1. I removed the "-u www-data" option in the line of the script that sets the admin password, because I don't have a user called www-data. So, my script says something like:
sudo python -c "from gluon.main import save_password; save_password(raw_input('admin password: '),443)"
Should I create a user called www-data, and if so what privileges should I give them? Sorry if this is a naive question.
I also had to change a couple of other things to make it work. Would either of the below compromise the security of my setup?
1. I removed the "-u www-data" option in the line of the script that sets the admin password, because I don't have a user called www-data. So, my script says something like:
sudo python -c "from gluon.main import save_password; save_password(raw_input('admin password: '),443)"
Should I create a user called www-data, and if so what privileges should I give them? Sorry if this is a naive question.
2. I had to add sudo for the following commands in the script, otherwise they wouldn't run
sudo start uwsgi-emperor
sudo /etc/init.d/nginx restart
sudo start uwsgi-emperor
sudo /etc/init.d/nginx restart
I'm guessing that once again this is because I don't have a user called www-data, and I haven't updated the uid and gid lines of the uwsgi config file to reflect the user that I'm running as.
Tobias
P.S. For completeness, here's the whole script I'm using to launch the server now:
# Set the password for the administrative interface
cd /home/www-data/web2py
sudo python -c "from gluon.main import save_password; save_password(raw_input('admin password: '),443)"
# Stop server if it was already running
sudo stop uwsgi-emperor
sudo /etc/init.d/nginx stop
# Start the server
sudo start uwsgi-emperor
sudo /etc/init.d/nginx restart
# Set the password for the administrative interface
cd /home/www-data/web2py
sudo python -c "from gluon.main import save_password; save_password(raw_input('admin password: '),443)"
# Stop server if it was already running
sudo stop uwsgi-emperor
sudo /etc/init.d/nginx stop
# Start the server
sudo start uwsgi-emperor
sudo /etc/init.d/nginx restart
Janos Tobias Locsei
Feb 17, 2014, 5:06:09 PM2/17/14
to web2py
Update: actually I do have a user called www-data, and things are working as expected now.
What tripped me up was that using "sudo -u www-data <command>" gave an error "No such file or directory", and it turned out it was because I had an alias for sudo. So, using "/usr/bin/sudo -u www-data <command>" works as expected. I'm posting this here in case another linux newbie gets tripped up by the same thing in the future.Tobias
# Check if user has root privileges
if [[ $EUID -ne 0 ]]; then
echo "You must run the script as root or using sudo"
exit 1
fi
# Set ownership of web2py directory recursively (-R)
cd /home/www-data
chown -R www-data:www-data web2py
# Set the password for the administrative interface
cd /home/www-data/web2py
/usr/bin/sudo -u www-data python -c "from gluon.main import save_password; save_password(raw_input('admin password: '),443)"
# Stop server if it was already running
stop uwsgi-emperor
/etc/init.d/nginx stop
# Start the server
start uwsgi-emperor
/etc/init.d/nginx restart
/etc/init.d/nginx restart
Janos Tobias Locsei
Feb 17, 2014, 5:19:24 PM2/17/14
to web2py
Lol, please bear with me...
I still have a question about what read/write privileges the www-data user and group should have. I changed them along the way as I was trying to get things to work, and I suspect I've given too strong permissions. The permissions as they stand now for the web2py folder are (as reported by ls -l):drwxrwsr-x 11 www-data www-data 4096 Feb 17 21:07 web2py
Are these permissions OK?
Thanks!
Thanks!
Tobias
Reply all
Reply to author
Forward
0 new messages