I am running Python under WSGI on an Apache server using CentOS 6. The python script uses a wrapper for the NCAR library called PyNGL. The purpose of this library is to generate graphics from supplied data.
I am attempting to use my python script as a web service by hooking it up to web.py, but it has an entry point for direct execution as well.
Here is the weird thing:
When I run the script directly it works as intended and produces an output image in the directory of the script. However, when I attempt to invoke it through the web.py controller (with the exact same parameters) it fails.
My apache error log contains this:
warning:GKS:GCLRWK: -- cairo driver error: error opening output file
I'm guessing that this is probably a permissions problem, but I haven't the slightest idea where its trying to output.
Edit: I think I have confirmed that it is indeed a permissions error.
I attempted to create file using relative paths and got a similar error:
<type 'exceptions.IOError'> at /plot
[Errno 13] Permission denied: 'Output.txt'
This error refers to this line here:
with open("Output.txt", "w") as text_file:
text_file.write(str(self.__dict__))
Now of course I can specify an absolute path for that text file, but not for the graphical output from PyNGL. Is there a way to determine where it is trying to output, or to change the default output directory?
Usually your application would be running with the current working directory as '/'. The Apache user will not be able to write to that directory.
In any web application you should in general never rely on it being run in a specific directory as different web servers behave differently as to what the current working directory would be. If you assume it always runs in a specific directory, your application would be inherently unportable. Changing the working directory of an application to get around this is also in general bad practice because in a hosting mechanism that allows multiple application to run in the same process, they would all interfere with each other if they each tried to set their own working directory.
What you should do is always use absolute paths when reading and write files and not use relative paths. Why do you say you can't use absolute paths?
Also be aware that your application will run as a special user which would not have access to directories to create files. You would therefore need to open up access to the Apache user. Best practice would be to limit though what the Apache user can write to.
Now since you are using mod_wsgi, one viable option is to make sure you are using mod_wsgi daemon mode and when using the WSGIDaemonProcess directive set the 'home' option to override the current working directory for the single WSGI application delegated to that process. You can also set 'user' and 'group' options to have the process run as a different user that does have access to the directory.
Related
I am running into some sort of issue when trying to access my local website:
Forbidden
You don't have permission to access /index.html on this server.
Apache Server at ffghost.local Port 34580
I'm using macOS X Server 5.2 with Apache 2.4.18. OS X Server automatically creates two default websites (one on port 80 and one on port 443). I created a new website. It was my understanding that Apache would redirect from the default site to the created site automatically once created. This didn't happen. So, in an attempt to begin de-conflicting I replaced the files where the default site was located with the new website files and all of the sudden am getting the above 404 message.
I have read a lot of possibilities as to why this may be happening. I've run a syntax checker for Apache in terminal and terminal says syntax is ok. So from there I was going to check into the config files, but there are several, and I just want to know the gist behind them.
There seem to be about 4 file extension types. I don't know what they all mean or if they are active.
.config (I'm assuming this is the active file)
.config.prev (I'm assuming this is a previous version or copy of an active config file and is no longer active)
.config.orig (original file? and is no longer active)
.config.default (???)
Also, OS X Server and Apache seem to have the same files in two different places and I'm a little confused on which one to change. If I change one of them will it be reflected in the other? Do I need to change both of them? Additionally, I don't have DNS set up and am unsure if that was the original issue of not pulling up the new website over the default site.
You are mixing several aspects in your question which makes it complicated to give a helpful answer. For example, you say you get Forbidden when accessing your site, but later you mention a status 404. The former might be due to configuring a user group being allowed to access the site, while the latter just means Not found.
As to your actual question about the config files:
The file just ending in .conf is the one that is being used.
However, the Server app uses a lot of of different config files which might be relevant:
Path /Library/Server/Web/Config/apache2 contains the general config files
httpd.conf - general Apache configuration
httpd_server_app.conf - more general configuration
the other files contain configurations for specific applications or webapps (the latter being defined in plist files in /Library/Server/Web/Config/apache2/webapps)
Path /Library/Server/Web/Config/apache2/sites contains config files specific to your websites. They are named something like 0000_127.0.0.1_34543_your.domain.name.conf where 34543 is the configuration for the https (SSL) port, while 35480 would indicate the http port. There is also a file like 0000_127.0.0.1_34543_.conf (no domain name in the file name) which defines the default site.
In addition to these, there are two more configuration file in /Library/Server/Web/Config/proxy which configure the proxy services.
It is not recommended to manually adjust the config files, except for those in the sites subdirectory, because they may get overwritten by the Server app or when updating the Server app.
Important: If you change the files manually, you must re-start the Apache server in order to make the changes effective. Use sudo serveradmin stop/start web to do so.
However, I do not know of a detailed documentation of of all these files, so I try to stay on the safe side and possibly not edit the general config files (only those in sites). I also recommend to write down any manual changes, so they can be reapplied if necessary.
Without exactly knowing what you configured in the Server app and which files you changed how, I'm afraid it is impossible to say what might have gone wrong. I recommend to start all over by removing and re-adding the web sites.
I have a php script which runs as the Apache daemon user, to first remove any existing crontabs that might be already installed by the daemon user, then adding the new crontab.
I wish to evoke this only once when my PHP Slim web application loads for the first time, ideally as part of the Apache startup.
It seems that putting it anywhere in the index.php file (either directly or via a require file) doesn't prevent the crontab script from being constantly reloaded. I've tried using $GLOBAL with an if statement, which unfortunately I haven't been able to formulate a working solution, however there must be something more rudimentary which allows me to invoke a php script just once after Apache has been restarted?
Ideally I'd rather not modify the Apache startup script since I wish to keep everything within the slim web application itself (for source control purposes).
I am doing some reverse engineering on a website.
We are using LAMP stack under CENTOS 5, without any commercial/open source framework (symfony, laravel, etc). Just plain PHP with an in-house framework.
I wonder if there is any way to know which files in the server have been used to produce a request.
For example, let's say I am requesting http://myserver.com/index.php.
Let's assume that 'index.php' calls other PHP scripts (e.g. to connect to the database and retrieve some info), it also includes a couple of other html files, etc
How can I get the list of those accessed files?
I already tried to enable the server-status directive in apache, and although it is working I can't get what I want (I also passed the 'refresh' parameter)
I also used lsof -c httpd, as suggested in other forums, but it is producing a very big output and I can't find what I'm looking for.
I also read the apache logs, but I am only getting the requests that the server handled.
Some other users suggested to add the PHP directives like 'self', but that means I need to know which files I need to modify to include that directive beforehand (which I don't) and which is precisely what I am trying to find out.
Is that actually possible to trace the internal activity of the server and get those file names and locations?
Regards.
Not that I tried this, but it looks like mod_log_config is the answer to my own question
I've got a little project that uses perl cgi scripts. At this moment I use Apache to run these scripts. I have an index.html file that redirects to a cgi file.
Now I want to make my project 'portable', which means that I want to be able to move the project to another location without the need to configure apache (so not changing the cgi-bin directory in the configuration). The end product would be a script (or html file) that could be opened so that a browser would pop up, just like it would run as it would be using Apache. I actually don't really know where to start.
It's not completely clear what you're asking. But I suspect you're about to find out why PSGI/Plack is such a good idea.
If you write your application to the PSGI interface then you'll be able to just drop it in to any PSGI-enabled web environment (or set up your own lightweight web server using something like Starman).
(LAMP server configuration)
As a workaround for another problem, I need PHP to be able to access local files, but prevent these files from being served over http by Apache.
Normally, I would just use .htaccess to accomplish this, however due to institutional restrictions, I cannot. I also can't touch php.ini, although I can use php_ini_set within php.
As a creative solution, I thought that if php executes as its own linux user (not as apache) I could use normal chown's and chmod's to accomplish this.
Again, the goal is simply to have a directory of files that apache will not display, but php can access.
I'm open to any suggestions.
Put the files outside of your web accessible root (DocumentRoot), but keep them accessible via PHP.
Suggestion:
/sites
/sites/my.site.com
/sites/my.site.com/data // <-- data goes here
/sites/my.site.com/web // <-- web root is here
Here's a thought. Set the permissions on the files to be inaccessible to even the owner, then when PHP needs them, chmod() then, read them, then chmod() them back to inaccessible.