Thanks again for your comments. I have read the quick configuration guide for
mod_wsgi. Below is apache2 configuration file look like. I am now using
absolute path to the project, wsgi file and the virtual environment.
(env) hd2900@hd2900:~$ cat /etc/apache2/sites-enabled/000-default.conf
<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port
that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
WSGIDaemonProcess flaskapp threads=5
python-home=/home/hd2900/Documents/Python/hd2900TakeawayPrint/env
WSGIScriptAlias /
/home/hd2900/Documents/Python/hd2900TakeawayPrint/flaskapp.wsgi
WSGIApplicationGroup %{GLOBAL}
<Directory /home/hd2900/Documents/Python/hd2900TakeawayPrint>
WSGIProcessGroup flaskapp
Require all granted
</Directory>
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
#Header set Access-Control-Allow-Origin "*"
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
Regarding permission to home directory. Right now the home directory is owned
by root. Should I execute a chown command to change the user to hd2900 and
www-data group?
(env) hd2900@hd2900:/$ ls -la
total 1048660
drwxr-xr-x 20 root root 4096 Apr 22 02:13 .
drwxr-xr-x 20 root root 4096 Apr 22 02:13 ..
lrwxrwxrwx 1 root root 7 Apr 22 01:52 bin -> usr/bin
drwxr-xr-x 5 root root 4096 Sep 29 06:06 boot
drwxr-xr-x 19 root root 19200 Sep 7 20:34 dev
drwxr-xr-x 2 root root 4096 Apr 22 02:13 .disk
drwxr-xr-x 135 root root 8192 Oct 15 07:29 etc
drwxr-xr-x 3 root root 4096 Sep 26 18:13 home
lrwxrwxrwx 1 root root 7 Apr 22 01:52 lib -> usr/lib
drwx------ 2 root root 16384 Apr 22 02:13 lost+found
drwxr-xr-x 2 root root 4096 Apr 22 01:52 media
drwxr-xr-x 2 root root 4096 Apr 22 01:52 mnt
drwxr-xr-x 2 root root 4096 Apr 22 01:52 opt
dr-xr-xr-x 298 root root 0 Jan 1 1970 proc
drwx------ 5 root root 4096 Sep 26 19:03 root
drwxr-xr-x 35 root root 940 Oct 15 08:06 run
lrwxrwxrwx 1 root root 8 Apr 22 01:52 sbin -> usr/sbin
drwxr-xr-x 9 root root 4096 Sep 27 02:10 snap
drwxr-xr-x 2 root root 4096 Apr 22 01:52 srv
-rw------- 1 root root 1073741824 Apr 22 02:15 swapfile
dr-xr-xr-x 12 root root 0 Jan 1 1970 sys
drwxrwxrwt 17 root root 4096 Oct 15 08:40 tmp
drwxr-xr-x 11 root root 4096 Apr 22 01:52 usr
drwxr-xr-x 15 root root 4096 Sep 26 21:54 var
When I access my local IP from a web browser 192.168.0.179 I still get 403
forbidden error in that I don’t have permission to access the ressources. Is
there a log file somewhere allowing me to check the cause of the 403 forbidden
error as this will make debugging easier?
Thanks!
> Den 11. okt. 2021 kl. 23.05 skrev Graham Dumpleton
> <[email protected]>:
>
> That symlink is not pointing where you think it is, it is pointing at
> "/var/www/html/hd2900TakeawayPrint”. You need to specify an absolute pathname
> for the target when creating the symlink. Even then that may not work as
> Apache has rules about following symlinks and am not sure whether the default
> rules allow it or whether you need to enable it. If not enabled, the target
> directory would need a Directory directive all well to allow access to it.
>
> A further issue is that you seem to be using a Python virtual environment but
> have not told mod_wsgi to use it. And another potential problem will be
> whether your home directory is accessible by other users.
>
> Presuming that your home directory is called “/home/yourusername” and it is
> accessible to others, try using:
>
> WSGIDaemonProcess flaskapp threads=5
> python-home=/home/yourusername/Documents/Python/hd2900TakeawayPrint/env
> WSGIScriptAlias /
> /home/yourusername/Documents/Python/hd2900TakeawayPrint/flaskapp.wsgi
> WSGIApplicationGroup %{GLOBAL}
>
> <Directory /home/yourusername/Documents/Python/hd2900TakeawayPrint>
> WSGIProcessGroup flaskapp
> Require all granted
> </Directory>
>
> Have a read of:
>
> *
> https://modwsgi.readthedocs.io/en/master/user-guides/quick-configuration-guide.html
>
> <https://modwsgi.readthedocs.io/en/master/user-guides/quick-configuration-guide.html>
> *
> https://modwsgi.readthedocs.io/en/master/user-guides/configuration-guidelines.html
>
> <https://modwsgi.readthedocs.io/en/master/user-guides/configuration-guidelines.html>
> *
> https://modwsgi.readthedocs.io/en/master/user-guides/virtual-environments.html
>
> <https://modwsgi.readthedocs.io/en/master/user-guides/virtual-environments.html>
>
> Graham
>
>
>> On 12 Oct 2021, at 7:54 am, Jian Wu <[email protected]
>> <mailto:[email protected]>> wrote:
>>
>> Hello Graham,
>>
>> Sorry I missed the argument in Directory. I have now changed the
>> configuration file as below.
>>
>> (env) hd2900@hd2900:~/Documents/Python/hd2900TakeawayPrint$ cat
>> /etc/apache2/sites-enabled/000-default.conf
>> <VirtualHost *:80>
>> # The ServerName directive sets the request scheme, hostname and port
>> that
>> # the server uses to identify itself. This is used when creating
>> # redirection URLs. In the context of virtual hosts, the ServerName
>> # specifies what hostname must appear in the request's Host: header to
>> # match this virtual host. For the default virtual host (this file) this
>> # value is not decisive as it is used as a last resort host regardless.
>> # However, you must set it for any further virtual host explicitly.
>> #ServerName www.example.com <http://www.example.com/>
>>
>> ServerAdmin webmaster@localhost
>> DocumentRoot /var/www/html
>> WSGIDaemonProcess flaskapp threads=5
>> WSGIScriptAlias / /var/www/html/flaskapp/flaskapp.wsgi
>> WSGIApplicationGroup %{GLOBAL}
>>
>> <Directory /var/www/html/flaskapp>
>> WSGIProcessGroup flaskapp
>> Require all granted
>> </Directory>
>>
>> # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
>> # error, crit, alert, emerg.
>> # It is also possible to configure the loglevel for particular
>> # modules, e.g.
>> #LogLevel info ssl:warn
>>
>> ErrorLog ${APACHE_LOG_DIR}/error.log
>> CustomLog ${APACHE_LOG_DIR}/access.log combined
>>
>> # For most configuration files from conf-available/, which are
>> # enabled or disabled at a global level, it is possible to
>> # include a line for only one particular virtual host. For example the
>> # following line enables the CGI configuration for this host only
>> # after it has been globally disabled with "a2disconf".
>> #Include conf-available/serve-cgi-bin.conf
>> #Header set Access-Control-Allow-Origin "*"
>> </VirtualHost>
>>
>> Furthermore I have ensured that the dynamic link is created as seen below in
>> the path /var/www/html
>>
>> (env) hd2900@hd2900:/var/www/html$ ll
>> total 20
>> drwxr-xr-x 2 root root 4096 Oct 10 18:38 ./
>> drwxr-xr-x 3 root root 4096 Sep 26 21:54 ../
>> lrwxrwxrwx 1 root root 19 Oct 10 18:38 flaskapp -> hd2900TakeawayPrint
>> -rw-r--r-- 1 root root 10918 Sep 26 21:54 index.html
>>
>> In the hd2900TakeawayPrint folder the flasapp.wsgi is located
>>
>> (env) hd2900@hd2900:~/Documents/Python/hd2900TakeawayPrint$ ll -la
>> total 32
>> drwxrwxr-x 4 hd2900 www-data 4096 Oct 10 18:23 ./
>> drwxrwxr-x 3 hd2900 hd2900 4096 Oct 10 18:04 ../
>> drwxrwxr-x 4 hd2900 hd2900 4096 Oct 10 18:08 env/
>> -rwxrwxr-x 1 hd2900 www-data 249 Oct 10 18:23 flaskapp.py*
>> -rwxrwxr-x 1 hd2900 www-data 96 Oct 10 18:23 flaskapp.wsgi*
>> drwxrwxr-x 8 hd2900 hd2900 4096 Oct 10 18:23 .git/
>> -rw-r--r-- 1 root root 5 Oct 10 18:05 .gitignore
>> -rwxrwxr-x 1 hd2900 hd2900 69 Oct 10 18:04 README.md*
>>
>> Still when I from a browser type https://my-global-IP:81
>> <https://myglobalip:81/> I get the permission error.
>>
>> Best regards,
>> Jian
>>
>>
>>
>>> Den 11. okt. 2021 kl. 22.37 skrev Graham Dumpleton
>>> <[email protected] <mailto:[email protected]>>:
>>>
>>> You didn’t use exactly what I gave you. The argument to the Directory
>>> directive needs to be the path to the directory holding the WSGI script
>>> file, not the name of the mod_wsgi daemon process group.
>>>
>>> <Directory /var/www/html/flaskapp>
>>> WSGIProcessGroup flaskapp
>>> Require all granted
>>> </Directory>
>>>
>>> Graham
>>>
>>>> On 12 Oct 2021, at 4:19 am, Jian Wu <[email protected]
>>>> <mailto:[email protected]>> wrote:
>>>>
>>>> Hello Graham,
>>>>
>>>> Thanks for pointing this out. I have now corrected it so the configuration
>>>> file looks as below. The problem however still persists.
>>>>
>>>> cat /etc/apache2/sites-enabled/000-default.conf
>>>> <VirtualHost *:80>
>>>> # The ServerName directive sets the request scheme, hostname and port
>>>> that
>>>> # the server uses to identify itself. This is used when creating
>>>> # redirection URLs. In the context of virtual hosts, the ServerName
>>>> # specifies what hostname must appear in the request's Host: header to
>>>> # match this virtual host. For the default virtual host (this file) this
>>>> # value is not decisive as it is used as a last resort host regardless.
>>>> # However, you must set it for any further virtual host explicitly.
>>>> #ServerName www.example.com <http://www.example.com/>
>>>>
>>>> ServerAdmin webmaster@localhost
>>>> DocumentRoot /var/www/html
>>>> WSGIDaemonProcess flaskapp threads=5
>>>> WSGIScriptAlias / /var/www/html/flaskapp/flaskapp.wsgi
>>>> WSGIApplicationGroup %{GLOBAL}
>>>>
>>>> <Directory flaskapp>
>>>> WSGIProcessGroup flaskapp
>>>> Require all granted
>>>> </Directory>
>>>>
>>>> # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
>>>> # error, crit, alert, emerg.
>>>> # It is also possible to configure the loglevel for particular
>>>> # modules, e.g.
>>>> #LogLevel info ssl:warn
>>>>
>>>> ErrorLog ${APACHE_LOG_DIR}/error.log
>>>> CustomLog ${APACHE_LOG_DIR}/access.log combined
>>>>
>>>> # For most configuration files from conf-available/, which are
>>>> # enabled or disabled at a global level, it is possible to
>>>> # include a line for only one particular virtual host. For example the
>>>> # following line enables the CGI configuration for this host only
>>>> # after it has been globally disabled with "a2disconf".
>>>> #Include conf-available/serve-cgi-bin.conf
>>>> #Header set Access-Control-Allow-Origin "*"
>>>> </VirtualHost>
>>>>
>>>> Best regards,
>>>> Jian
>>>>
>>>>> Den 10. okt. 2021 kl. 23.23 skrev Graham Dumpleton
>>>>> <[email protected] <mailto:[email protected]>>:
>>>>>
>>>>> For a start, this is wrong:
>>>>>
>>>>> <Directory flaskapp>
>>>>> WSGIProcessGroup flaskapp
>>>>> WSGIApplicationGroup %{GLOBAL}
>>>>> Order deny,allow
>>>>> Allow from all
>>>>> </Directory>
>>>>>
>>>>> It should be:
>>>>>
>>>>> <Directory /var/www/html/flaskapp>
>>>>> WSGIProcessGroup flaskapp
>>>>> Require all granted
>>>>> </Directory>
>>>>>
>>>>> Graham
>>>>>
>>>>>> On 11 Oct 2021, at 7:09 am, Jian Wu <[email protected]
>>>>>> <mailto:[email protected]>> wrote:
>>>>>>
>>>>>> Dear Graham,
>>>>>>
>>>>>>
>>>>>> I am following this guide
>>>>>> https://asdkazmi.medium.com/deploying-flask-app-with-wsgi-and-apache-server-on-ubuntu-20-04-396607e0e40f
>>>>>>
>>>>>> <https://asdkazmi.medium.com/deploying-flask-app-with-wsgi-and-apache-server-on-ubuntu-20-04-396607e0e40f>
>>>>>> to deploy a flask app together with apache2 and mod-wsgi. My intension
>>>>>> is being able to perform a request post call from another server over
>>>>>> the internet to my server running flask.
>>>>>>
>>>>>> It seems that the author suggests to install mod-wsgi using the below
>>>>>> command. I am not sure if that package is supported?
>>>>>>
>>>>>> sudo apt-get install libapache2-mod-wsgi-py3
>>>>>>
>>>>>> I followed the instruction, and when I typed in my local IP address on a
>>>>>> browser I received a message saying “Forbidden you don’t have the
>>>>>> permission to access this ressource Apache 2.4.46 (Ubuntu server at
>>>>>> 192.168.0.179 port 80).
>>>>>>
>>>>>> Hardware:
>>>>>> - Raspberry Pi 4 with Ubuntu 20.04. My local IP is 192.168.0.179
>>>>>> - Router configuration: As seen in the picture below, I have forwarded
>>>>>> port 22 external to internal 22 and external port 81 to internal port
>>>>>> 80.
>>>>>> <Indsat grafik-1.tiff>
>>>>>>
>>>>>> These ports are opened on my Ubuntu server
>>>>>> (env) hd2900@hd2900:/etc/apache2/sites-available$ sudo ufw status
>>>>>> [sudo] password for hd2900:
>>>>>> Status: active
>>>>>>
>>>>>> To Action From
>>>>>> -- ------ ----
>>>>>> 22/tcp ALLOW Anywhere
>>>>>> OpenSSH ALLOW Anywhere
>>>>>> Apache Full ALLOW Anywhere
>>>>>> 81/tcp ALLOW Anywhere
>>>>>> 22/tcp (v6) ALLOW Anywhere (v6)
>>>>>> OpenSSH (v6) ALLOW Anywhere (v6)
>>>>>> Apache Full (v6) ALLOW Anywhere (v6)
>>>>>> 81/tcp (v6) ALLOW Anywhere (v6)
>>>>>>
>>>>>> My Apache2 configuration file:
>>>>>> (env) hd2900@hd2900:~/Documents/Python/hd2900TakeawayPrint$ cat
>>>>>> /etc/apache2/sites-enabled/000-default.conf
>>>>>> <VirtualHost *:80>
>>>>>> # The ServerName directive sets the request scheme, hostname and port
>>>>>> that
>>>>>> # the server uses to identify itself. This is used when creating
>>>>>> # redirection URLs. In the context of virtual hosts, the ServerName
>>>>>> # specifies what hostname must appear in the request's Host: header to
>>>>>> # match this virtual host. For the default virtual host (this file) this
>>>>>> # value is not decisive as it is used as a last resort host regardless.
>>>>>> # However, you must set it for any further virtual host explicitly.
>>>>>> #ServerName www.example.com <http://www.example.com/>
>>>>>>
>>>>>> ServerAdmin webmaster@localhost
>>>>>> DocumentRoot /var/www/html
>>>>>> WSGIDaemonProcess flaskapp threads=5
>>>>>> WSGIScriptAlias / /var/www/html/flaskapp/flaskapp.wsgi
>>>>>> WSGIApplicationGroup %{GLOBAL}
>>>>>>
>>>>>> <Directory flaskapp>
>>>>>> WSGIProcessGroup flaskapp
>>>>>> WSGIApplicationGroup %{GLOBAL}
>>>>>> Order deny,allow
>>>>>> Allow from all
>>>>>> </Directory>
>>>>>>
>>>>>> # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
>>>>>> # error, crit, alert, emerg.
>>>>>> # It is also possible to configure the loglevel for particular
>>>>>> # modules, e.g.
>>>>>> #LogLevel info ssl:warn
>>>>>>
>>>>>> ErrorLog ${APACHE_LOG_DIR}/error.log
>>>>>> CustomLog ${APACHE_LOG_DIR}/access.log combined
>>>>>>
>>>>>> # For most configuration files from conf-available/, which are
>>>>>> # enabled or disabled at a global level, it is possible to
>>>>>> # include a line for only one particular virtual host. For example the
>>>>>> # following line enables the CGI configuration for this host only
>>>>>> # after it has been globally disabled with "a2disconf".
>>>>>> #Include conf-available/serve-cgi-bin.conf
>>>>>> #Header set Access-Control-Allow-Origin "*"
>>>>>> </VirtualHost>
>>>>>>
>>>>>> # vim: syntax=apache ts=4 sw=4 sts=4 sr noet
>>>>>>
>>>>>>
>>>>>> My Flask app folder structure:
>>>>>> (env) hd2900@hd2900:~/Documents/Python/hd2900TakeawayPrint$ ls -la
>>>>>> total 32
>>>>>> drwxrwxr-x 4 hd2900 hd2900 4096 Oct 10 18:23 .
>>>>>> drwxrwxr-x 3 hd2900 hd2900 4096 Oct 10 18:04 ..
>>>>>> drwxrwxr-x 4 hd2900 hd2900 4096 Oct 10 18:08 env
>>>>>> -rw-rw-r-- 1 hd2900 hd2900 249 Oct 10 18:23 flaskapp.py
>>>>>> -rw-rw-r-- 1 hd2900 hd2900 96 Oct 10 18:23 flaskapp.wsgi
>>>>>> drwxrwxr-x 8 hd2900 hd2900 4096 Oct 10 18:23 .git
>>>>>> -rw-r--r-- 1 root root 5 Oct 10 18:05 .gitignore
>>>>>> -rw-rw-r-- 1 hd2900 hd2900 69 Oct 10 18:04 README.md
>>>>>>
>>>>>> flaskapp.wsgi content
>>>>>> cat flaskapp.wsgi
>>>>>> import sys
>>>>>> sys.path.insert(0, '/var/www/html/flaskapp')
>>>>>>
>>>>>> Flaskapp.py content
>>>>>> cat flaskapp.py
>>>>>> # flaskapp.py
>>>>>> # This is a "hello world" app sample for flask app. You may have a
>>>>>> different file.
>>>>>> from flask import Flask
>>>>>> app = Flask(__name__)
>>>>>> @app.route('/')
>>>>>> def hello_world():
>>>>>> return 'Hello from Flask!'
>>>>>> if __name__ == '__main__':
>>>>>>
>>>>>> I don’t know how to troubleshoot this problem further, and I hope for
>>>>>> your advice.
>>>>>>
>>>>>> Thanks in advance!
>>>>>>
>>>>>> Best regards,
>>>>>> Jian
>>>>>>
>>>>>> --
>>>>>> You received this message because you are subscribed to the Google
>>>>>> Groups "modwsgi" group.
>>>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>>>> an email to [email protected]
>>>>>> <mailto:[email protected]>.
>>>>>> To view this discussion on the web visit
>>>>>> https://groups.google.com/d/msgid/modwsgi/2BCCBE0B-7ECB-462D-998D-B0048679D76B%40gmail.com
>>>>>>
>>>>>> <https://groups.google.com/d/msgid/modwsgi/2BCCBE0B-7ECB-462D-998D-B0048679D76B%40gmail.com?utm_medium=email&utm_source=footer>.
>>>>>
>>>>>
>>>>> --
>>>>> You received this message because you are subscribed to the Google Groups
>>>>> "modwsgi" group.
>>>>> To unsubscribe from this group and stop receiving emails from it, send an
>>>>> email to [email protected]
>>>>> <mailto:[email protected]>.
>>>>> To view this discussion on the web visit
>>>>> https://groups.google.com/d/msgid/modwsgi/DA44D477-D5A6-4843-94BD-D2934DB8F9FE%40gmail.com
>>>>>
>>>>> <https://groups.google.com/d/msgid/modwsgi/DA44D477-D5A6-4843-94BD-D2934DB8F9FE%40gmail.com?utm_medium=email&utm_source=footer>.
>>>>
>>>>
>>>> --
>>>> You received this message because you are subscribed to the Google Groups
>>>> "modwsgi" group.
>>>> To unsubscribe from this group and stop receiving emails from it, send an
>>>> email to [email protected]
>>>> <mailto:[email protected]>.
>>>> To view this discussion on the web visit
>>>> https://groups.google.com/d/msgid/modwsgi/85F8B0E7-909C-4FE5-B9E4-EE861298E63A%40gmail.com
>>>>
>>>> <https://groups.google.com/d/msgid/modwsgi/85F8B0E7-909C-4FE5-B9E4-EE861298E63A%40gmail.com?utm_medium=email&utm_source=footer>.
>>>
>>>
>>> --
>>> You received this message because you are subscribed to the Google Groups
>>> "modwsgi" group.
>>> To unsubscribe from this group and stop receiving emails from it, send an
>>> email to [email protected]
>>> <mailto:[email protected]>.
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/modwsgi/0736BFAD-F31E-45FF-9083-AEAE4E91E5F4%40gmail.com
>>>
>>> <https://groups.google.com/d/msgid/modwsgi/0736BFAD-F31E-45FF-9083-AEAE4E91E5F4%40gmail.com?utm_medium=email&utm_source=footer>.
>>
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "modwsgi" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to [email protected]
>> <mailto:[email protected]>.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/modwsgi/5D61A066-8FFD-4E2D-864C-A6E9245FAC22%40gmail.com
>>
>> <https://groups.google.com/d/msgid/modwsgi/5D61A066-8FFD-4E2D-864C-A6E9245FAC22%40gmail.com?utm_medium=email&utm_source=footer>.
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "modwsgi" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected]
> <mailto:[email protected]>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/modwsgi/DCBFDD21-E95A-4F09-A6CC-F65BEABEBB5B%40gmail.com
>
> <https://groups.google.com/d/msgid/modwsgi/DCBFDD21-E95A-4F09-A6CC-F65BEABEBB5B%40gmail.com?utm_medium=email&utm_source=footer>.
--
You received this message because you are subscribed to the Google Groups
"modwsgi" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/modwsgi/1FDD187D-FF9D-48DF-95A2-8DAB54881161%40gmail.com.
