When I do it like: mod_wsgi-express start-server --log-to-terminal --startup-log --https-port 443 --server-name myopip.com --ssl-certificate-file ssl-certs/cert.pem --ssl-certificate-key-file ssl-certs/privkey.pem --user www-data --group www-data --host mysite.com --host 17.104.53.57
where the last is the ip of my server, I get the `My web site runs on Malt Whiskey ` message. Not my actual site. Without the --host mysite.com, again I get the malt whiskey page Joel G Mathew On Sun, 9 Sep 2018 at 03:19, Graham Dumpleton <[email protected]> wrote: > > I should clarify, use these options in addition to --server-name with the > value you have now. Don't drop --server-name as must use that when using > certificate. > > On 9 Sep 2018, at 7:47 am, Graham Dumpleton <[email protected]> > wrote: > > You would not usually set --host with an argument of a hostname, but an IP > address. You would only use that though if absolutely needed and have > multiple interfaces and need to restrict which connections can come in on. > Based on the error though, even though suggest not using it, I don't believe > that is the issue. > > The usual reason for getting forbidden is that because you have used > '--server-name mysite.com', you can only connect when using that hostname in > the URL. You can't connect to it with an IP address or other hostname. If > behind a proxy, that may be a problem. > > If trying to connect via 'localhost' or '127.0.0.1', you can add > '--allow-localhost'. > > optparse.make_option('--allow-localhost', action='store_true', > default=False, help='Flag indicating whether access via ' > 'localhost should still be allowed when a server name has been ' > 'specified and a name based virtual host has been configured.'), > > If connecting remotely, from memory you can use '--server-alias *'. > > optparse.make_option('--server-alias', action='append', > dest='server_aliases', metavar='HOSTNAME', help='A secondary ' > 'host name for the web server. May include wildcard patterns.'), > > The use of the wildcard of just '*' says allow connecting with any hostname. > This should work even though it doesn't match what you expect to be used and > what the certificate is set up. You may as a result get warnings about > original hostname used not then matching the certificate. > > Graham > > On 9 Sep 2018, at 1:26 am, Joel <[email protected]> wrote: > > I am using the following command to start mod_wsgi-express for my django > project: > > mod_wsgi-express start-server --log-to-terminal --startup-log --https-port > 443 --server-name mysite.com --ssl-certificate-file ssl-certs/cert.pem > --ssl-certificate-key-file ssl-certs/privkey.pem --user www-data --group > www-data --host mysite.com > > When loading https://mysite.com/, I get a 403 Forbidden error: You don't have > permission to access / on this server. > > The terminal shows the following lines: > root@localhost:/home/joel/new/myappointments# mod_wsgi-express start-server > --log-to-terminal --startup-log --https-port 443 --server-name mysite.com > --ssl-certificate-file ssl-certs/cert.pem --ssl-certificate-key-file > ssl-certs/privkey.pem --user www-data --group www-data --host mysite.com > Server URL : http://mysite.com:8000/ > Server URL (HTTPS) : https://mysite.com/ > Server Root : /tmp/mod_wsgi-mysite.com:8000:0 > Server Conf : /tmp/mod_wsgi-mysite.com:8000:0/httpd.conf > Error Log File : /dev/stderr (warn) > Startup Log File : /dev/stderr > Request Capacity : 5 (1 process * 5 threads) > Request Timeout : 60 (seconds) > Startup Timeout : 15 (seconds) > Queue Backlog : 100 (connections) > Queue Timeout : 45 (seconds) > Server Capacity : 20 (event/worker), 20 (prefork) > Server Backlog : 500 (connections) > Locale Setting : en_US.UTF-8 > [Sat Sep 08 20:51:37.800732 2018] [ssl:warn] [pid 5130:tid 140248589061056] > AH01873: Init: Session Cache is not configured [hint: SSLSessionCache] > [Sat Sep 08 20:51:37.803786 2018] [mpm_event:notice] [pid 5130:tid > 140248589061056] AH00489: Apache/2.4.29 (Ubuntu) mod_wsgi/4.6.4 Python/3.6 > OpenSSL/1.1.0g configured -- resuming normal operations > [Sat Sep 08 20:51:37.804264 2018] [core:notice] [pid 5130:tid > 140248589061056] AH00094: Command line: 'apache2 (mod_wsgi-express) -f > /tmp/mod_wsgi-mysite.com:8000:0/httpd.conf -E /dev/stderr -D > MOD_WSGI_VIRTUAL_HOST -D MOD_WSGI_WITH_HTTPS -D MOD_WSGI_WITH_LISTENER_HOST > -D MOD_WSGI_MPM_ENABLE_EVENT_MODULE -D MOD_WSGI_MPM_EXISTS_EVENT_MODULE -D > MOD_WSGI_MPM_EXISTS_WORKER_MODULE -D MOD_WSGI_MPM_EXISTS_PREFORK_MODULE -D > FOREGROUND' > [Sat Sep 08 20:51:44.573958 2018] [authz_core:error] [pid 5133:tid > 140248492054272] [client 62.58.165.208:33302] AH01630: client denied by > server configuration: /tmp/mod_wsgi-mysite.com:8000:0/htdocs/ > [Sat Sep 08 20:51:45.084675 2018] [authz_core:error] [pid 5133:tid > 140248491788032] [client 72.68.14.235:62556] AH01630: client denied by server > configuration: /tmp/mod_wsgi-mysite.com:8000:0/htdocs/favicon.ico, referer: > https://mysite.com/ > > > The generated conf /tmp/mod_wsgi-mysite.com:8000:0/httpd.conf shows: > > <IfModule !version_module> > LoadModule version_module '${MOD_WSGI_MODULES_DIRECTORY}/mod_version.so' > </IfModule> > > > ServerName mysite.com > ServerRoot '/tmp/mod_wsgi-mysite.com:8000:0' > PidFile '/tmp/mod_wsgi-mysite.com:8000:0/httpd.pid' > > > <IfVersion >= 2.4> > DefaultRuntimeDir '/tmp/mod_wsgi-mysite.com:8000:0' > </IfVersion> > > > ServerTokens ProductOnly > ServerSignature Off > > > User ${MOD_WSGI_USER} > Group ${MOD_WSGI_GROUP} > > > <IfDefine MOD_WSGI_WITH_LISTENER_HOST> > Listen mysite.com:8000 > </IfDefine> > <IfDefine !MOD_WSGI_WITH_LISTENER_HOST> > Listen 8000 > </IfDefine> > > > <IfVersion < 2.4> > LockFile '/tmp/mod_wsgi-mysite.com:8000:0/accept.lock' > </IfVersion> > > > <IfVersion >= 2.4> > <IfDefine MOD_WSGI_WITH_PHP5> > <IfModule !mpm_event_module> > <IfModule !mpm_worker_module> > <IfModule !mpm_prefork_module> > <IfDefine MOD_WSGI_MPM_EXISTS_PREFORK_MODULE> > LoadModule mpm_prefork_module > '${MOD_WSGI_MODULES_DIRECTORY}/mod_mpm_prefork.so' > </IfDefine> > </IfModule> > </IfModule> > </IfModule> > </IfDefine> > </IfVersion> > > > <IfVersion >= 2.4> > <IfModule !mpm_event_module> > <IfModule !mpm_worker_module> > <IfModule !mpm_prefork_module> > <IfDefine MOD_WSGI_MPM_ENABLE_EVENT_MODULE> > LoadModule mpm_event_module '${MOD_WSGI_MODULES_DIRECTORY}/mod_mpm_event.so' > </IfDefine> > <IfDefine MOD_WSGI_MPM_ENABLE_WORKER_MODULE> > LoadModule mpm_worker_module '${MOD_WSGI_MODULES_DIRECTORY}/mod_mpm_worker.so' > </IfDefine> > <IfDefine MOD_WSGI_MPM_ENABLE_PREFORK_MODULE> > LoadModule mpm_prefork_module > '${MOD_WSGI_MODULES_DIRECTORY}/mod_mpm_prefork.so' > </IfDefine> > </IfModule> > </IfModule> > </IfModule> > </IfVersion> > > > <IfDefine MOD_WSGI_WITH_HTTP2> > LoadModule http2_module '${MOD_WSGI_MODULES_DIRECTORY}/mod_http2.so' > </IfDefine> > > > <IfVersion >= 2.4> > <IfModule !access_compat_module> > LoadModule access_compat_module > '${MOD_WSGI_MODULES_DIRECTORY}/mod_access_compat.so' > </IfModule> > <IfModule !unixd_module> > LoadModule unixd_module '${MOD_WSGI_MODULES_DIRECTORY}/mod_unixd.so' > </IfModule> > <IfModule !authn_core_module> > LoadModule authn_core_module '${MOD_WSGI_MODULES_DIRECTORY}/mod_authn_core.so' > </IfModule> > <IfModule !authz_core_module> > LoadModule authz_core_module '${MOD_WSGI_MODULES_DIRECTORY}/mod_authz_core.so' > </IfModule> > </IfVersion> > > > <IfModule !authz_host_module> > LoadModule authz_host_module '${MOD_WSGI_MODULES_DIRECTORY}/mod_authz_host.so' > </IfModule> > <IfModule !mime_module> > LoadModule mime_module '${MOD_WSGI_MODULES_DIRECTORY}/mod_mime.so' > </IfModule> > <IfModule !rewrite_module> > LoadModule rewrite_module '${MOD_WSGI_MODULES_DIRECTORY}/mod_rewrite.so' > </IfModule> > <IfModule !alias_module> > LoadModule alias_module '${MOD_WSGI_MODULES_DIRECTORY}/mod_alias.so' > </IfModule> > <IfModule !dir_module> > LoadModule dir_module '${MOD_WSGI_MODULES_DIRECTORY}/mod_dir.so' > </IfModule> > <IfModule !env_module> > LoadModule env_module '${MOD_WSGI_MODULES_DIRECTORY}/mod_env.so' > </IfModule> > <IfModule !headers_module> > LoadModule headers_module '${MOD_WSGI_MODULES_DIRECTORY}/mod_headers.so' > </IfModule> > <IfModule !filter_module> > LoadModule filter_module '${MOD_WSGI_MODULES_DIRECTORY}/mod_filter.so' > </IfModule> > > > <IfDefine MOD_WSGI_DIRECTORY_LISTING> > <IfModule !autoindex_module> > LoadModule autoindex_module '${MOD_WSGI_MODULES_DIRECTORY}/mod_autoindex.so' > </IfModule> > </IfDefine> > > > <IfVersion >= 2.2.15> > <IfModule !reqtimeout_module> > LoadModule reqtimeout_module '${MOD_WSGI_MODULES_DIRECTORY}/mod_reqtimeout.so' > </IfModule> > </IfVersion> > > > <IfDefine MOD_WSGI_COMPRESS_RESPONSES> > <IfModule !deflate_module> > LoadModule deflate_module '${MOD_WSGI_MODULES_DIRECTORY}/mod_deflate.so' > </IfModule> > </IfDefine> > > > <IfDefine MOD_WSGI_AUTH_USER> > <IfModule !auth_basic_module> > LoadModule auth_basic_module '${MOD_WSGI_MODULES_DIRECTORY}/mod_auth_basic.so' > </IfModule> > <IfModule !auth_digest_module> > LoadModule auth_digest_module > '${MOD_WSGI_MODULES_DIRECTORY}/mod_auth_digest.so' > </IfModule> > <IfModule !authz_user_module> > LoadModule authz_user_module '${MOD_WSGI_MODULES_DIRECTORY}/mod_authz_user.so' > </IfModule> > </IfDefine> > > > <IfDefine MOD_WSGI_WITH_PROXY> > <IfModule !proxy_module> > LoadModule proxy_module ${MOD_WSGI_MODULES_DIRECTORY}/mod_proxy.so > </IfModule> > <IfModule !proxy_http_module> > LoadModule proxy_http_module ${MOD_WSGI_MODULES_DIRECTORY}/mod_proxy_http.so > </IfModule> > </IfDefine> > > > <IfModule mpm_prefork_module> > <IfDefine MOD_WSGI_WITH_PHP5> > <IfModule !php5_module> > Loadmodule php5_module '${MOD_WSGI_MODULES_DIRECTORY}/libphp5.so' > </IfModule> > AddHandler application/x-httpd-php .php > </IfDefine> > </IfModule> > > > <IfDefine MOD_WSGI_LOAD_PYTHON_DYLIB> > LoadFile '' > </IfDefine> > > > LoadModule wsgi_module > '/usr/local/lib/python3.6/dist-packages/mod_wsgi/server/mod_wsgi-py36.cpython-36m-x86_64-linux-gnu.so' > > > <IfDefine MOD_WSGI_SERVER_METRICS> > <IfModule !status_module> > LoadModule status_module '${MOD_WSGI_MODULES_DIRECTORY}/mod_status.so' > </IfModule> > </IfDefine> > > > <IfDefine MOD_WSGI_CGID_SCRIPT> > <IfModule !cgid_module> > LoadModule cgid_module '${MOD_WSGI_MODULES_DIRECTORY}/mod_cgid.so' > </IfModule> > </IfDefine> > > > <IfDefine MOD_WSGI_CGI_SCRIPT> > <IfModule !cgi_module> > LoadModule cgi_module '${MOD_WSGI_MODULES_DIRECTORY}/mod_cgi.so' > </IfModule> > </IfDefine> > > > <IfVersion < 2.4> > DefaultType text/plain > </IfVersion> > > > TypesConfig '/etc/mime.types' > > > HostnameLookups Off > MaxMemFree 64 > Timeout 60 > ListenBacklog 500 > > > <IfDefine MOD_WSGI_WITH_HTTP2> > Protocols h2 h2c http/1.1 > </IfDefine> > > > <IfVersion >= 2.2.15> > RequestReadTimeout header=15-30,MinRate=500 body=15,MinRate=500 > </IfVersion> > > > LimitRequestBody 10485760 > > > <Directory /> > AllowOverride None > <IfVersion < 2.4> > Order deny,allow > Deny from all > </IfVersion> > <IfVersion >= 2.4> > Require all denied > </IfVersion> > </Directory> > > > WSGIPythonHome '/usr' > > > WSGIVerboseDebugging 'Off' > > > <IfDefine MOD_WSGI_WITH_SOCKET_PREFIX> > WSGISocketPrefix None/wsgi > </IfDefine> > <IfDefine !MOD_WSGI_WITH_SOCKET_PREFIX> > WSGISocketPrefix /tmp/mod_wsgi-mysite.com:8000:0/wsgi > </IfDefine> > > > WSGISocketRotation Off > > > <IfDefine !ONE_PROCESS> > WSGIRestrictEmbedded On > <IfDefine MOD_WSGI_MULTIPROCESS> > WSGIDaemonProcess mysite.com:8000 \ > display-name='(wsgi:mysite.com:8000:0)' \ > home='/home/joel/new/myappointments' \ > processes=1 \ > threads=5 \ > maximum-requests=0 \ > python-path='' \ > python-eggs='/tmp/mod_wsgi-mysite.com:8000:0/python-eggs' \ > lang='en_US.UTF-8' \ > locale='en_US.UTF-8' \ > listen-backlog=100 \ > queue-timeout=45 \ > socket-timeout=60 \ > connect-timeout=15 \ > request-timeout=60 \ > inactivity-timeout=0 \ > startup-timeout=15 \ > deadlock-timeout=60 \ > graceful-timeout=15 \ > eviction-timeout=0 \ > restart-interval=0 \ > cpu-time-limit=0 \ > shutdown-timeout=5 \ > send-buffer-size=0 \ > receive-buffer-size=0 \ > header-buffer-size=0 \ > response-buffer-size=0 \ > response-socket-timeout=0 \ > server-metrics=Off > </IfDefine> > <IfDefine !MOD_WSGI_MULTIPROCESS> > WSGIDaemonProcess mysite.com:8000 \ > display-name='(wsgi:mysite.com:8000:0)' \ > home='/home/joel/new/myappointments' \ > threads=5 \ > maximum-requests=0 \ > python-path='' \ > python-eggs='/tmp/mod_wsgi-mysite.com:8000:0/python-eggs' \ > lang='en_US.UTF-8' \ > locale='en_US.UTF-8' \ > listen-backlog=100 \ > queue-timeout=45 \ > socket-timeout=60 \ > connect-timeout=15 \ > request-timeout=60 \ > inactivity-timeout=0 \ > startup-timeout=15 \ > deadlock-timeout=60 \ > graceful-timeout=15 \ > eviction-timeout=0 \ > restart-interval=0 \ > cpu-time-limit=0 \ > shutdown-timeout=5 \ > send-buffer-size=0 \ > receive-buffer-size=0 \ > response-buffer-size=0 \ > response-socket-timeout=0 \ > server-metrics=Off > </IfDefine> > </IfDefine> > > > WSGICallableObject 'application' > WSGIPassAuthorization On > WSGIMapHEADToGET Auto > > > <IfDefine ONE_PROCESS> > WSGIRestrictStdin Off > <IfDefine MOD_WSGI_WITH_PYTHON_PATH> > WSGIPythonPath '' > </IfDefine> > </IfDefine> > > > <IfDefine MOD_WSGI_SERVER_METRICS> > ExtendedStatus On > </IfDefine> > > > WSGIServerMetrics Off > > > <IfDefine MOD_WSGI_SERVER_STATUS> > <Location /server-status> > SetHandler server-status > <IfVersion < 2.4> > Order deny,allow > Deny from all > Allow from localhost > </IfVersion> > <IfVersion >= 2.4> > Require all denied > Require host localhost > </IfVersion> > </Location> > </IfDefine> > > > <IfDefine MOD_WSGI_KEEP_ALIVE> > KeepAlive On > KeepAliveTimeout 0 > </IfDefine> > <IfDefine !MOD_WSGI_KEEP_ALIVE> > KeepAlive Off > </IfDefine> > > > <IfDefine MOD_WSGI_COMPRESS_RESPONSES> > AddOutputFilterByType DEFLATE text/plain > AddOutputFilterByType DEFLATE text/html > AddOutputFilterByType DEFLATE text/xml > AddOutputFilterByType DEFLATE text/css > AddOutputFilterByType DEFLATE text/javascript > AddOutputFilterByType DEFLATE application/xhtml+xml > AddOutputFilterByType DEFLATE application/javascript > AddOutputFilterByType DEFLATE application/json > </IfDefine> > > > <IfDefine MOD_WSGI_ROTATE_LOGS> > ErrorLog "|/usr/bin/rotatelogs \ > /dev/stderr.%Y-%m-%d-%H_%M_%S 5M" > </IfDefine> > <IfDefine !MOD_WSGI_ROTATE_LOGS> > ErrorLog "/dev/stderr" > </IfDefine> > LogLevel warn > > > <IfDefine MOD_WSGI_ERROR_LOG_FORMAT> > ErrorLogFormat "None" > </IfDefine> > > > <IfDefine MOD_WSGI_ACCESS_LOG> > <IfModule !log_config_module> > LoadModule log_config_module ${MOD_WSGI_MODULES_DIRECTORY}/mod_log_config.so > </IfModule> > LogFormat "%h %l %u %t \"%r\" %>s %b" common > LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" > combined > LogFormat "undefined" custom > <IfDefine MOD_WSGI_ROTATE_LOGS> > CustomLog "|/usr/bin/rotatelogs \ > /dev/stdout.%Y-%m-%d-%H_%M_%S 5M" common > </IfDefine> > <IfDefine !MOD_WSGI_ROTATE_LOGS> > CustomLog "/dev/stdout" common > </IfDefine> > </IfDefine> > > > <IfDefine MOD_WSGI_CHUNKED_REQUEST> > WSGIChunkedRequest On > </IfDefine> > > > <IfDefine MOD_WSGI_WITH_PROXY_HEADERS> > WSGITrustedProxyHeaders > </IfDefine> > <IfDefine MOD_WSGI_WITH_TRUSTED_PROXIES> > WSGITrustedProxies > </IfDefine> > > > <IfDefine MOD_WSGI_WITH_HTTPS> > <IfModule !ssl_module> > LoadModule ssl_module ${MOD_WSGI_MODULES_DIRECTORY}/mod_ssl.so > </IfModule> > </IfDefine> > > > <IfModule mpm_prefork_module> > <IfDefine !ONE_PROCESS> > ServerLimit 20 > StartServers 1 > MaxClients 20 > MinSpareServers 1 > MaxSpareServers 2 > </IfDefine> > <IfDefine ONE_PROCESS> > ServerLimit 1 > StartServers 1 > MaxClients 1 > MinSpareServers 1 > MaxSpareServers 1 > </IfDefine> > MaxRequestsPerChild 0 > </IfModule> > > > <IfModule mpm_worker_module> > <IfDefine !ONE_PROCESS> > ServerLimit 2 > ThreadLimit 10 > StartServers 1 > MaxClients 20 > MinSpareThreads 10 > MaxSpareThreads 10 > ThreadsPerChild 10 > </IfDefine> > <IfDefine ONE_PROCESS> > ServerLimit 1 > ThreadLimit 1 > StartServers 1 > MaxClients 1 > MinSpareThreads 1 > MaxSpareThreads 1 > ThreadsPerChild 1 > </IfDefine> > MaxRequestsPerChild 0 > ThreadStackSize 262144 > </IfModule> > > > <IfModule mpm_event_module> > <IfDefine !ONE_PROCESS> > ServerLimit 2 > ThreadLimit 10 > StartServers 1 > MaxClients 20 > MinSpareThreads 10 > MaxSpareThreads 10 > ThreadsPerChild 10 > </IfDefine> > <IfDefine ONE_PROCESS> > ServerLimit 1 > ThreadLimit 1 > StartServers 1 > MaxClients 1 > MinSpareThreads 1 > MaxSpareThreads 1 > ThreadsPerChild 1 > </IfDefine> > MaxRequestsPerChild 0 > ThreadStackSize 262144 > </IfModule> > > > <IfDefine !MOD_WSGI_VIRTUAL_HOST> > <IfVersion < 2.4> > NameVirtualHost *:8000 > </IfVersion> > <VirtualHost _default_:8000> > </VirtualHost> > </IfDefine> > > > <IfDefine MOD_WSGI_VIRTUAL_HOST> > > > <IfVersion < 2.4> > NameVirtualHost *:8000 > </IfVersion> > <VirtualHost _default_:8000> > <Location /> > <IfVersion < 2.4> > Order deny,allow > Deny from all > </IfVersion> > <IfVersion >= 2.4> > Require all denied > </IfVersion> > <IfDefine MOD_WSGI_ALLOW_LOCALHOST> > Allow from localhost > </IfDefine> > </Location> > </VirtualHost> > <IfDefine !MOD_WSGI_HTTPS_ONLY> > <VirtualHost *:8000> > ServerName mysite.com > <IfDefine MOD_WSGI_SERVER_ALIAS> > ServerAlias None > </IfDefine> > </VirtualHost> > <IfDefine MOD_WSGI_REDIRECT_WWW> > <VirtualHost *:8000> > ServerName unspecified > Redirect permanent / http://mysite.com:8000/ > </VirtualHost> > </IfDefine> > </IfDefine> > > > <IfDefine MOD_WSGI_HTTPS_ONLY> > <VirtualHost *:8000> > ServerName mysite.com > <IfDefine MOD_WSGI_SERVER_ALIAS> > ServerAlias None > </IfDefine> > RewriteEngine On > RewriteCond %{HTTPS} off > RewriteRule (.*) https://mysite.com:443%{REQUEST_URI} > </VirtualHost> > <IfDefine MOD_WSGI_REDIRECT_WWW> > <VirtualHost *:8000> > ServerName unspecified > RewriteEngine On > RewriteCond %{HTTPS} off > RewriteRule (.*) https://mysite.com:443%{REQUEST_URI} > </VirtualHost> > </IfDefine> -- You received this message because you are subscribed to the Google Groups "modwsgi" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/modwsgi. For more options, visit https://groups.google.com/d/optout.
