I'm running a web app on Flask using Sqlalchemy. On the debug server, the app runs fine. But when I try to run it from Apache using ModWSGI (changing none of my code), I suddenly get this error:
OperationalError: (OperationalError) (2005, "Unknown MySQL server host 'myremotehost.topleveldomain' (111)") None None
What's so mystifying about this is that the mysql server is fine, it's running, and this app can find it when and only when it's running using the flask debugging server. It also finds a MySQL server running locally with no problem.
I'm not even sure what code to show you guys to help, but here's where I call it:
engine = create_engine(DATABASE, echo=False)
db_session = scoped_session(sessionmaker(autocommit=False,
autoflush=False,
bind=engine))
here's what the url looks like:
mysql://username:password#mydomain.com:3306/dbname
...and here's the virtualhost code in httpd.conf:
<VirtualHost *:808>
ServerName localhostdomaingoeshere
WSGIScriptAlias / /path/to/app.wsgi
Alias /static /path/to/static
LogLevel info
ErrorDocument 502 /error
<Directory /path/to/app>
Order deny,allow
Allow from all
</Directory>
</VirtualHost>
I'm sure it's something dumb, I partly just don't even know where to start since the error message doesn't make sense.
Not really a solution, but I switched over to gunicorn and that's way less of a headache.
Related
Trying to set up a network printer with CUPS.
Followed online documentation that stated:
To discover or share printers using DNS-SD/mDNS, setup .local hostname
resolution with Avahi and restart cups.service.
Followed directions for setting up Avahi to the point where avahi-browse --all --ignore-local --resolve --terminate and avahi-resolve-host-name my-domain.local are both working.
But getent hosts my-domain.local fails to resolve. This results in CUPS failing to print because it can't find my-printer.local.
I read the mdns Github page and saw a note that made me think I didn't need a /etc/mdns.allow file.
nss-mdns has a simple configuration file /etc/mdns.allow for enabling
name lookups via mDNS in other domains than .local.
Note: The "minimal" version of nss-mdns does not read /etc/mdns.allow under any circumstances. It behaves as if the file
does not exist.
In the recommended configuration, no /etc/mdns.allow file is present.
But then I saw the last note in that section:
If, during a request, the system-configured unicast DNS (specified in
/etc/resolv.conf) reports an SOA record for the top-level local name,
the request is rejected. Example: host -t SOA local returns something
other than Host local not found: 3(NXDOMAIN). This is the unicast SOA
heuristic.
I tested that out on my machine and sure enough, I was getting something OTHER than Host local not found....
Adding a /etc/mdns.allow file with a line for .local. and for .local and now I can ping my-printer.local.
A few Details first
So I did a little web application with Flask.
In theory it should get the ip whenever someone requests or visits the website.
I have everything done (On Windows my Code runs perfectly), but I installed Flask and moved my Project over to a Linux Server where I have Apache2 installed. Ive configured Apache so it handles the requests for the Flask web app.
Everything fine, like my templates load just fine, but the part with logging the ip doesn't work.
I think getting the IP is no problem, tho storing it in say a json file is.
Every time i try to run I get a 500 error on my website.
Apache Error Log : [Errno 13] Permission denied '/opt/iplogs/iplog.json'
The Python Code
def writeToJSONFile(path, fileName, data):
filePathNameWExt = path + fileName + '.json'
with open(filePathNameWExt, 'a') as fp:
json.dump(data, fp, indent=2)
fp.close()
#app.route("/")
def getIP():
visit = {}
ip_visit = request.remote_addr
now = datetime.now()
request_time = now.strftime("%d/%m/%Y %H:%M:%S")
visit["IP"] = str(ip_visit)
visit["date"] = str(request_time)
writeToJSONFile("/opt/iplogs/", "iplog", visit) # WHEN i comment this function out there is no 500 error
return render_template("home.html")
The Main Problem
So in Windows in a Development Envoirement it works fine, but also in linux when i just let Flask run without apache handling its requests
Only when I run the website through Apache I get the error "Permission denied"
So it has to do something with apache and its permissions to write?
Note the folder where my flask(python code) lives is completly different from where the ips are logged
+ I use Ubuntu and i didn't change anything regarding permissions with files or so, heck im even running through root (I know I shouldn't be doing that but its only for testing a very small project)
Thats all I can give you guys
Thanks for all the responses
Try this:
sudo chown -R www-data:www-data /opt/iplogs/
The Apache2 user www-data has no perrmission to manipulate this file.
I setup ssl on localhost (wamp), I made the ssl crt with GnuWIn32.
When I try to login with fb in Chrome I get the following message:
URL:
https://localhost/ServerSide/fb-callback.php?code=.....#_=_
Error:
Your connection is not private.
Attackers might be trying to steal your information from localhost (for example, passwords, messages, or credit cards). NET::ERR_CERT_INVALID.
localhost normally uses encryption to protect your information. When Chrome tried to connect to localhost this time, the website sent back unusual and incorrect credentials. This may happen when an attacker is trying to pretend to be localhost, or a Wi-Fi sign-in screen has interrupted the connection. Your information is still secure because Chrome stopped the connection before any data was exchanged.
You cannot visit localhost right now because the website sent scrambled credentials that Chrome cannot process. Network errors and attacks are usually temporary, so this page will probably work later.
My SSL Config:
Listen 443
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
SSLPassPhraseDialog builtin
SSLSessionCache "shmcb:c:/wamp/www/ssl/logs/ssl_scache(512000)"
SSLSessionCacheTimeout 300
<VirtualHost *:443>
DocumentRoot "c:/wamp/www"
ServerName localhost:443
ServerAdmin admin#example.com
ErrorLog "c:/wamp/logs/error.log"
TransferLog "c:/wamp/logs/access.log"
SSLEngine on
SSLCertificateFile "c:/wamp/www/ssl/ia.crt"
SSLCertificateKeyFile "c:/wamp/www/ssl/ia.key"
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "c:/Apache24/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-5]" nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog "c:/wamp/logs/ssl_request.log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
My question is how to setup valid SSL certificate on localhost? or do I need to edit my configuration?
Allow Insecure SSL (localhost)
In Chrome (including Version 110), enable allow insecure localhost:
chrome://flags/#allow-insecure-localhost
Refer to this Stack Overflow for more information.
Allow Insecure SSL (other)
See "Your connection is not private. blah-bla-blah"...
Type thisisunsafe (key listeners pick it up).
Notes
If you are just curious if this works, browse this site which has a bad root ssl certificate. Other "bad ssl" sites can be found using badssl.com.
More about the chromium "override keyword":.
This is specific for each site.
The chrome developers also do change this periodically.
The current (v110) BYPASS_SEQUENCE is dGhpc2lzdW5zYWZl (which is base64 encoded).
1. When you see "Your connection is not private...NET::ERR_CERT_INVALID" warning on Chrome,
2. Just type "thisisunsafe" and wait.
Note: Last time this was tested, Chrome latest version was 107.0.5304.107
Your connection is not private
Attackers might be trying to steal your information from 10.10.10.10 (for example, passwords, messages or credit cards). Learn more
NET::ERR_CERT_INVALID
Type “badidea” or “thisisunsafe” directly on same chrome page.
Do this if you REALLY SURE about the link you are trying is safe. In my case I was trying to setup stackstorm locally using vagrant and virtualbox
Chrome version: Version 92.0.4515.131 (Official Build) (x86_64).
Source
Before I start, I should say I am running XAMPP on Windows Server 2008 R2. I have node.exe allowed through my firewall, as well as port 2368. I have also been following the instructions here with no success.
I have my Ghost installed here.
As you can see, Ghost is only loading with the port as part of the web address.
If you try and load the site without the port like so, you get an Internal Server error.
My vHosts file for Ghost is:
<VirtualHost *:80>
ServerName blog.theobearman.com
ProxyPreserveHost on
ProxyPass / http://127.0.0.1:2368/
</VirtualHost>
My config.js file is here. Please note that 198.37.105.108 in the config file is the IP of my server.
Error logs for the Internal Server error are as follows:
[Fri May 15 17:56:25.495296 2015] [proxy:warn] [pid 56352:tid 1580] [client 86.147.117.154:58787] AH01144: No protocol handler was valid for the URL /error/HTTP_INTERNAL_SERVER_ERROR.html.var. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule., referer: http://blog.theobearman.com/
I would appreciate it if somone could tell me what I need to do so that when you navigate to "http://blog.theobearman.com", Ghost will load without the need for the port as part of the web address.
Thanks in advance!
You likely need to enable the proxy module for Apache:
# Enable the modules.
a2enmod proxy_http
a2enmod proxy
# Restart Apache
service apache2 restart
I am trying to get authorization to work on my apache installation. I want to authorize depending on what group the user belongs to.
I am using
Apache 2.2.15
Centos 6.2 (Running as guest in VB)
My setup is working if I only want to authenticate/authorize based on the user.
Here is the significant part (I think...) of my httpd.conf:
<Directory "/var/www/html">
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
AuthType Basic
AuthName "Restricted Files"
AuthBasicProvider dbd
Require dbd-group 1
Require valid-user
AuthzDBDQuery "SELECT group_id FROM groupsusers JOIN user ON groupsusers.user_id = user.id WHERE groupsusers.group_id = 1 AND user.users = %s"
AuthDBDUserPWQuery "SELECT password FROM user WHERE users = %s"
</Directory
AuthzDBDQuery doesn't work since, as I understand it, it is not part of any stable version yet. This is the error message I get while starting httpd:
Invalid command 'AuthzDBDQuery', perhaps misspelled or defined by a module not included in the server configuration httpd not running, trying to start
My question is, how can I use groups for authorization when using mysql for storing the groups? I guess it must be possible without re-compiling apache?
Since everything around this is pretty poor documented it would be greate to get some detailed instructions. Of course, anything that can help me in the rigth direction is appreciated.
Thanks!
I think it is not possible at this stage. I think it will come support for this in the next stable version of httpd.
The problem was solved after I enabled authz_dbd mod in apache 2.4.