How to use Let's Encrypt with Web2Py on Apache
700 views
Skip to first unread message
Jean-François Milants
Jan 23, 2016, 10:30:52 AM1/23/16
to web2py-users
Hi,
I would like to get certificates from Let's Encrypt (https://letsencrypt.org/) for my Web2Py applications, but I don't know how to make it work with Let's Encrypt.
I already manage to get a certificate for a PHP application, using the --webroot method. This method creates a temporary file in "
I would like to get certificates from Let's Encrypt (https://letsencrypt.org/) for my Web2Py applications, but I don't know how to make it work with Let's Encrypt.
I already manage to get a certificate for a PHP application, using the --webroot method. This method creates a temporary file in "
${webroot-path}/.well-known/acme-challenge" to check the validity of the domain/server/... Then, the server from Let's Encrypt do an HTTP GET command on this file.
How to do this with Web2Py? How to make Web2Py answer to a request on a file that is not in a controller/view?
NOTE : my applications runs on Apache2.2, using the WSGI handler.
Thanks!
Anthony
Jan 23, 2016, 10:52:33 AM1/23/16
to web2py-users
You could configure Apache itself to respond, or you can use web2py's routes.py to route the incoming request to a controller that then returns the requested file.
Anthony
Jean-François Milants
Jan 23, 2016, 12:36:17 PM1/23/16
to web2py-users
If Apache could serve the file by itself, without my Web2Py application knowing it, it would be perfect!
But I don't know how to configure Apache so that it does not transmit the request to wsgihandler.py.
Here is my virtual host file:
<VirtualHost *:80>
ServerName adomain.com
ServerAlias www.adomain.com
WSGIDaemonProcess web2py user=www-data group=www-data display-name=%{GROUP}
WSGIProcessGroup web2py
WSGIScriptAlias / /home/www-data/web2py-2.10/wsgihandler.py
<Directory /home/www-data/web2py-2.10>
AllowOverride None
Order Allow,Deny
Deny from all
<Files wsgihandler.py>
Allow from all
</Files>
</Directory>
AliasMatch ^/([^/]+)/static/(.*) /home/www-data/web2py-2.10/applications/$1/static/$2
<Directory /home/www-data/web2py-2.10/applications/*/static/>
Order Allow,Deny
Allow from all
</Directory>
<Location /admin>
Deny from all
</Location>
<LocationMatch ^/([^/]+)/appadmin>
Deny from all
</LocationMatch>
</VirtualHost>
Is it even possible?
Thanks!
But I don't know how to configure Apache so that it does not transmit the request to wsgihandler.py.
Here is my virtual host file:
<VirtualHost *:80>
ServerName adomain.com
ServerAlias www.adomain.com
WSGIDaemonProcess web2py user=www-data group=www-data display-name=%{GROUP}
WSGIProcessGroup web2py
WSGIScriptAlias / /home/www-data/web2py-2.10/wsgihandler.py
<Directory /home/www-data/web2py-2.10>
AllowOverride None
Order Allow,Deny
Deny from all
<Files wsgihandler.py>
Allow from all
</Files>
</Directory>
AliasMatch ^/([^/]+)/static/(.*) /home/www-data/web2py-2.10/applications/$1/static/$2
<Directory /home/www-data/web2py-2.10/applications/*/static/>
Order Allow,Deny
Allow from all
</Directory>
<Location /admin>
Deny from all
</Location>
<LocationMatch ^/([^/]+)/appadmin>
Deny from all
</LocationMatch>
</VirtualHost>
Is it even possible?
Thanks!
Anthony
Jan 23, 2016, 12:47:05 PM1/23/16
to web2py-users
AliasMatch ^/([^/]+)/static/(.*) /home/www-data/web2py-2.10/applications/$1/static/$2
<Directory /home/www-data/web2py-2.10/applications/*/static/>
Order Allow,Deny
Allow from all
</Directory>
The above block configures Apache to serve web2py static files directly (rather than passing the requests onto the web2py WSGI handler), so presumably you could set up a similar rule.
Anthony
Jacinto Parga
Mar 4, 2016, 6:30:35 PM3/4/16
to web2py-users
How can routes.py be configured to return the requested file?
The page requested is something like this:
The response is a plain text, something like this:
EZvKzpPMR2sCRRPqfyi_fOBvx9cV9FS59jmTpAMsLlc.wsviFLCnmgajAEkPk0QNPbOowoXWV4hIjs1Sxb_fAt8
I don't know how to do it using routes.py
I am running my application on Google App Engine
Jacinto Parga
Mar 6, 2016, 2:23:18 PM3/6/16
to web2py-users
It's ok. I have already solved it with routes.py and the error handler.
Thanks anyway
Alexei Vinidiktov
Jul 11, 2016, 2:11:38 AM7/11/16
to web2py-users
How did you do it?
Carlos Correia
Jan 31, 2017, 9:31:24 AM1/31/17
to web2py-users
How did you do it? I'm facing the same problem...
Thanks
Thanks
Dave S
Jan 31, 2017, 1:29:45 PM1/31/17
to web2py-users
On Tuesday, January 31, 2017 at 6:31:24 AM UTC-8, Carlos Correia wrote:
How did you do it? I'm facing the same problem...
Thanks
Do these posts help?
(I've linked to specific answers from Anthony, but each is in a thread that provides a little more information.)
/dps
Anthony
Feb 1, 2017, 10:26:48 AM2/1/17
to web2py-users
On Tuesday, January 31, 2017 at 9:31:24 AM UTC-5, Carlos Correia wrote:
How did you do it? I'm facing the same problem...
You should probably handle this directly with the web server configuration rather than in web2py. I recommend Acmetool.
Anthony
Dave S
Feb 22, 2017, 8:21:02 PM2/22/17
to web2py-users
Dave S
Feb 22, 2017, 9:14:05 PM2/22/17
to web2py-users
I'm also looking at EFF's certbot (because I have contact with someone who uses that), which leads to the question ... is the "webroot" of Rocket the web2py directory?
/dps
Raymond Smith
May 30, 2017, 11:50:50 AM5/30/17
to web2py-users
Please tell me how you did this!! :) IT would be really helpful :)
Dave S
May 30, 2017, 3:05:01 PM5/30/17
to web2py-users
On Tuesday, May 30, 2017 at 8:50:50 AM UTC-7, Raymond Smith wrote:
Please tell me how you did this!! :) IT would be really helpful :)
I can't answer for the Apache case (or even for the preferred NginX case), but I found using CertBot in manual mode was easy (on AWS Linux). Rocket was running on port 80, so I told CertBot to use port 443. Whizz bang, everything done. I stopped Rocket, restarted it with port 443 and the -c and -k arguments (pointing to where CertBot deposited the goods), and Poof! It worked!
I still have a Rocket running on port 80, redirecting to https, but will probably stop it to run CertBot on port 80 when I need to renew. If I get nginx going before then, I'll update this post.
/dps
Dave S
May 30, 2017, 3:43:09 PM5/30/17
to web2py-users
BTW, docs at
<URL:https://certbot.eff.org/docs/using.html#standalone>
and
<https://certbot.eff.org/docs/using.html#manual>
(consecutive)
/dps
Raymond Smith
Jun 6, 2017, 8:58:26 PM6/6/17
to web2py-users
Dave
That standalone flag saved my life !!! I LOVE YOU :D :D :D
thankyou a ton !!!
That standalone flag saved my life !!! I LOVE YOU :D :D :D
thankyou a ton !!!
Yi Liu
Sep 10, 2017, 10:05:17 PM9/10/17
to web2py-users
Dug up this old thread. In case anybody wondering the same question about certbot/let's encrypt and web2py.
1. use `--standalone` as David advised. But you have to stop the webserver everytime you renew.
2. instead, you can use the standard `--webroot` method. Here, you need to edit your vhost file be it apache or nginx, add a location block:
Using nginx for example:
This way, nginx will server the .well-known and skip passing it onto uwsgi/web2py. Make sure you restart nginx after making this server conf change and use
1. use `--standalone` as David advised. But you have to stop the webserver everytime you renew.
2. instead, you can use the standard `--webroot` method. Here, you need to edit your vhost file be it apache or nginx, add a location block:
Using nginx for example:
- location /.well-known {
- root /home/www-data/web2py;
- }
This way, nginx will server the .well-known and skip passing it onto uwsgi/web2py. Make sure you restart nginx after making this server conf change and use
sudo certbot certonly/renew --webroot -w /your/path -d example.com -d www.example.com
On Tuesday, May 30, 2017 at 12:05:01 PM UTC-7, Dave S wrote:
Reply all
Reply to author
Forward
0 new messages