Setup mocLproxy on Linux

Some Unix/Linux distributions can run Apache, but do not support mod_wsgi. In this case, the simplest solution is to run Apache as a proxy and have Apache deal with static files only.

Here is a minimalist Apache configuration:

1 NameVirtualHost *:80

2 ### deal with requests on port 80

4 Alias / /users/www-data/web2py/applications

5 ### serve static files directly

6 <LocationMatch "^/welcome/static/.*">

7 Order Allow, Deny

8 Allow from all

9 </LocationMatch>

10 ### proxy all the other requests

11 <Location "/welcome">

12 Order deny,allow

13 Allow from all

14 ProxyPass http://localhost:8 000/welcome

15 ProxyPassReverse http://localhost:8 000/

16 </Location>

17 LogFormat "%h %l %u %t "%r" %>s %b" common

18 CustomLog /var/log/apache2/access.log common

19 </VirtualHost>

The above script exposes only the "welcome" application. To expose other applications, you need to add the corresponding <Location>...</Location> with the same syntax as done for the "welcome" app.

The script assumes there is a web2py server running on port 8000. Before restarting Apache, make sure this is the case:

1 nohup python -a '<recycle>' -i -p 8000 &

You can specify a password with the -a option or use the "<recycle>" parameter instead of a password. In the latter case, the previously stored password is reused and the password is not stored in the shell history.

You can also use the parameter "<ask>", to be prompted for a password.

The nohup commands makes sure the server does not die when you close the shell. nohup logs all output into nohup.out.

To force admin and appadmin over HTTPS use the following Apache configuration file instead:

1 NameVirtualHost *:80

2 NameVirtualHost *:443

3 ### deal with requests on port 80

5 Alias / /usres/www-data/web2py/applications

6 ### admin requires SSL

7 <LocationMatch "~/admin">

8 SSLRequireSSL

9 </LocationMatch>

10 ### appadmin requires SSL

11 <LocationMatch "~/welcome/appadmin/.*">

12 SSLRequireSSL

13 </LocationMatch>

14 ### serve static files directly

15 <LocationMatch "^/welcome/static/.*">

16 Order Allow, Deny

17 Allow from all

18 </LocationMatch>

19 ### proxy all the other requests

20 <Location "/welcome">

21 Order deny,allow

22 Allow from all

23 ProxyPass http://localhost:8000/welcome

24 ProxyPassReverse http://localhost:8 000/

25 </Location>

26 LogFormat "%h %l %u %t "%r" %>s %b" common

27 CustomLog /var/log/apache2/access.log common

28 </VirtualHost>

29 <VirtualHost *:443>

30 SSLEngine On

31 SSLCertificateFile /etc/apache2/ssl/server.crt

32 SSLCertificateKeyFile /etc/apache2/ssl/server.key

34 Order deny,allow

35 Allow from all

36 ProxyPass http ://localhost: 8000/

37 ProxyPassReverse http://localhost:8 000/

38 </Location>

39 LogFormat "%h %l %u %t \"%r\" %>s %b" common

40 CustomLog /var/log/apache2/access.log common

41 </VirtualHost>

The administrative interface must be disabled when web2py runs on a shared host with mod_proxy, or it will be exposed to other users.

Was this article helpful?

0 0

Post a comment