When installing and operating Apache on virtual machines in a cloud such as CERN OpenStack and others care must be taken to ensure that automatic software updates are disabled or otherwise properly handled. Otherwise, custom installation of modules such as mod_wsgi which are at times necessary to accommodate non-system versions of Python can be reversed resulting in a non-functional system.
sudo apt-get install apache2 # Apache sudo apt-get install libapache2-mod-wsgi-py3 # mod_wsgi for Python3
With minor variations...
sudo yum update sudo yum install httpd # start: sudo systemctl start httpd.service # enable on boot: sudo systemctl enable httpd.service
Don't forget the firewall:
sudo firewall-cmd --permanent --add-port=80/tcp sudo firewall-cmd --permanent --add-port=443/tcp sudo firewall-cmd --reload
sudo systemctl start httpd
...and you can now check on it using "curl".
To start/stop/restart Apache 2 web server, enter one of the commands in each category:
### START /etc/init.d/apache2 start sudo /etc/init.d/apache2 start sudo service apache2 start ### STOP /etc/init.d/apache2 stop sudo /etc/init.d/apache2 stop sudo service apache2 stop ### RESTART /etc/init.d/apache2 restart sudo /etc/init.d/apache2 restart sudo service apache2 restart
systemctl status apache2.service
On RedHat Linux, the name of the daemon is httpd. Also, "service" command may be aliased to systemctl.
systemctl status -l httpd.service # or: sudo systemctl start httpd.service
The following command can also be used to check the status:
There are many ways to set up Apache automatic start on reboot, for example:
sudo systemctl enable httpd.service
That's perhaps the simplest one.
KeepAlive sets the tradeoff between memory and CPU usage by Apache.
Serving static files: https://docs.djangoproject.com/en/1.10/howto/deployment/wsgi/modwsgi/#serving-files
Official Layout of the Config Files: https://wiki.apache.org/httpd/DistrosDefaultLayout This, however, is not written in stone. Some details are given below.
Snippet from 000-default.conf on Ubuntu:
ServerName promptproc ServerAlias promptproc WSGIScriptAlias / /home/maxim/projects/p3s/promptproc/promptproc/wsgi.py Alias /static/ /var/www/static/ <Directory /var/www/static> Require all granted </Directory> <Directory /home/maxim/projects/p3s/promptproc/promptproc> <Files wsgi.py> Require all granted </Files> </Directory>
The "static directory must contain static content such as themes for the tables2 package. Keep in mind that while this is served automatically by the Django development server, it's not the case under Apache.
The file wsgi.conf needs to contain a reference to Python runtime like:
See /etc/httpd/. Examples:
[mxp@neutdqm p3s]$ ls /etc/httpd/ conf conf.d conf.modules.d logs modules run [mxp@neutdqm p3s]$ ls /etc/httpd/conf.d/ autoindex.conf django.conf php.conf README userdir.conf welcome.conf [mxp@neutdqm p3s]$ ls /etc/httpd/conf/ httpd.conf magic
In addition to granting permissions in the Apache configuration file (an example is given below), correct permissions need to be set for the directory tree containing wsgi.py and other crucial files. If for example the tree is contained in your home directory and it's not readable to others, it won't work. One example (perhaps not the best) of how to make it work is to set 755 to your home dir. There are good practices which involve some skills in using Apache configuration files.
Again, for wsgi to work the whole tree containing the scripts it needs to execute needs to have "rx" permissions in it.
If installed, SELinux will impose its own restrictions. See:
The command "sestatus" will produce more detailed information.
If it shows "Enforcing", try
sudo setenforce 0
If you have superuser privileges you can also edit the configuration file to change the default setting (e.g. to "permissive" if necessary) so when the machine reboots it's already there.
- When using mod_wsgi one has to make sure the version matches the Python version, this needs to be specified when mod_wsgi is installed (see "Installation" above). You can use "ldd" on mod_wsgi.so to check dependencies including python version required. There is a possibility that mod_wsgi you installed has a long library name containing various metadata, and there is also still an older mod_wsgi file that get loaded instead. This needs to be taken care of.
- Methods of setting up the environment for wsgi described in the current Django documentation may or may not work on a particular installation/release/distro affiliation of Apache due to a few subtle bugs and relative complexity of *.conf and related files
- If you decide to build mod_wsgi from source, make sure your Python was also built from source with "./config -enable-shared" option
- It's easy to miss the fact that one segment of the path leading to wsgi.py doesn't have the right permissions, while httpd is run by user apache (or similar)
If you are willing to brave building mod_wsgi from source, here is a template:
wget -q "https://github.com/GrahamDumpleton/mod_wsgi/archive/4.4.21.tar.gz" tar -xzf '4.4.21.tar.gz' cd ./mod_wsgi-4.4.21 ./configure --with-python=/usr/local/bin/python3.5 LD_RUN_PATH=/usr/local/lib make make make install
You'll likely see "axps missing" or similar message, this component may be obtained by installing httpd-devel.
Ports and Firewalls
NB. In most cases you need to run the utilities mentioned above as root or via sudo.
SELinux may prevent you from configuring Apache with a non-standard port. Useful commands:
semanage port -l # list ports semanage port -a -t http_port_t -p tcp 81 # add a rule
sudo nmap -sT -O localhost # or sudo lsof -i
In addition to that, CentOS "may" have firewall settings which are beyond and above what you can learn with the tools listed above. See http://ask.xmodulo.com/open-port-firewall-centos-rhel.html. To check the firewall rules:
$ sudo iptables -L
To open port 80 permanently:
$ sudo firewall-cmd --zone=public --add-port=80/tcp --permanent $ sudo firewall-cmd --reload