I am trying to set up and run an old Web application(written in 2010) in a new Linux environment. The Apache server is not starting because of the error Unknown Authz provider access, caused by the configuration given below.
<Directory /srv/webapp>
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
SetOutputFilter DEFLATE
ExpiresActive On
ExpiresDefault "3 Months"
AuthType security::AuthCookieHandler
AuthName Maxio
PerlAuthenHandler security::AuthCookieHandler->authenticate
PerlAuthzHandler security::AuthCookieHandler->authorize
require access
</Directory>
I couldn't find any documentation for this, or any apache module that defines access , but security::AuthCookieHandler has
sub access
{
...
...
}
I understand that this is mod_perl based authentication, but haven't worked on this before. Apache starts if this authentication is disabled, and the application loads in the browser.
So the questions are
Is require access supposed to get the return value from sub access ?
If so, why sub access is not visible to the configuration ?
If not so, what is access here ?
After researching for a few hours I found out that this is because of changes in the latest versions of Apache and mod_perl.
From the Apache-AuthCookie documentation and Apache 2.4 porting notes, I learned that Apache 2.4 needs mod_perl version 2.0.9 or higher.
Also, a custom Authz Provider has to be added using PerlAddAuthzProvider. I was able to solve my issue by doing
PerlAddAuthzProvider access security::AuthCookieHandler->access
...
...
<Directory /srv/webapp>
...
...
require access
</Directory>
Related
On a single CentOS server I want to manage multiple Django applications, one per domain, using virtual hosts and virtualenvs (each application has its own virtual environment).
I will present here my configuration, the logs produced and explain what I am expecting (but failing) to see.
I am using mod_wsgi 4.4 and software collections rh-python34 and httpd24.
My virtual hosts are configured like this:
Global configuration
Define RROOT "/opt/rh/httpd24/root"
Define RDOCROOT "/opt/rh/httpd24/root/var/www"
WSGIScriptAlias /wsgi "${RDOCROOT}/wsgi-bin"
WSGIProcessGroup localhost
<Directory "${RDOCROOT}/wsgi-bin">
Order allow,deny
Allow from all
</Directory>
With the above config, I would like to take care of the server accessed by IP, e.g. going to 123.123.123.123:80/wsgi/ should run the scripts in RDOCROOT/wsgi-bin. It doesn't work, and actually the request on the IP address is handled by the first virtual host. But this is a side question.
Per virtual-host configuration (DOMAIN.COM changes, e.g. example1.com, example2.com)
<VirtualHost *:80>
ServerName DOMAIN.COM
ServerAdmin webmaster#DOMAIN.COM
DocumentRoot "${RDOCROOT}/DOMAIN.COM/html"
ErrorLog "${RDOCROOT}/DOMAIN.COM/error.log"
CustomLog "${RDOCROOT}/DOMAIN.COM/access.log" combined
<Directory "${RDOCROOT}/DOMAIN.COM/html">
Options FollowSymLinks
AllowOverride All
Require all granted
<IfModule mod_headers.c>
Header set Access-Control-Allow-Origin "http://DOMAIN.COM"
</IfModule>
</Directory>
ScriptAlias /cgi/ "${RDOCROOT}/DOMAIN.COM/cgi-bin/"
<Directory "${RDOCROOT}/DOMAIN.COM/cgi-bin">
AllowOverride None
Options None
Require all granted
AddDefaultCharset utf-8
</Directory>
WSGIDaemonProcess DOMAIN.COM python-path=${RDOCROOT}/DOMAIN.COM/wsgi:${RDOCROOT}/DOMAIN.COM/django-venv/lib/python3.4/site-packages/
WSGIProcessGroup DOMAIN.COM
WSGIScriptAlias /wsgi/ "${RDOCROOT}/DOMAIN.COM/wsgi-bin/"
<Directory "${RDOCROOT}/DOMAIN.COM/wsgi-bin">
Require all granted
</Directory>
</VirtualHost>
So, virtual hosts should have the html pages in DOMAIN.COM/, the /cgi-bin/ scripts in DOMAIN.COM/cgi/ and the /wsgi-bin/ scripts in DOMAIN.COM/wsgi/, and all of them work.
The problem is that the virtual env has no effect: packages from that virtual env cannot be loaded. To debug, I set the log level to info and created a test script that just fails printing the site packages directories:
$ cat wsgi-bin/app.py
import site
raise RuntimeError('Site {} {}'.format(site.getuserbase(), site.getsitepackages()))
When I access DOMAIN.COM/wsgi/app.py, error.log contains the following (without prefixes, timestamps and pids):
mod_wsgi (pid=20267): Attach interpreter ''.
mod_wsgi (pid=20267): Adding '(null)' to path.
mod_wsgi (pid=20267): Adding '/opt/rh/httpd24/root/var/www/DOMAIN.COM/django-venv/lib/python3.4/site-packages/' to path.
mod_wsgi (pid=20267): Create interpreter 'WWW.DOMAIN.COM:80|/wsgi/app.py'.
mod_wsgi (pid=20267): Adding '(null)' to path.
mod_wsgi (pid=20267): Adding '/opt/rh/httpd24/root/var/www/DOMAIN.COM/django-venv/lib/python3.4/site-packages/' to path.
[remote SOMEIP] mod_wsgi (pid=20267, process='WWW.DOMAIN.COM', application='WWW.DOMAIN.COM:80|/wsgi/app.py'): Loading WSGI script '/opt/rh/httpd24/root/var/www/DOMAIN.COM/wsgi-bin/app.py'.
[remote SOMEIP] mod_wsgi (pid=20267): Target WSGI script '/opt/rh/httpd24/root/var/www/DOMAIN.COM/wsgi-bin/app.py' cannot be loaded as Python module.
[remote SOMEIP] mod_wsgi (pid=20267): Exception occurred processing WSGI script '/opt/rh/httpd24/root/var/www/DOMAIN.COM/wsgi-bin/app.py'.
[remote SOMEIP] Traceback (most recent call last):
[remote SOMEIP] File "/opt/rh/httpd24/root/var/www/DOMAIN.COM/wsgi-bin/app.py", line 5, in <module>
[remote SOMEIP] raise RuntimeError('Site {} {}'.format(site.getuserbase(), site.getsitepackages()))
[remote SOMEIP] RuntimeError: Site /usr/share/httpd/.local ['/opt/rh/rh-python34/root/usr/lib64/python3.4/site-packages', '/opt/rh/rh-python34/root/usr/lib/python3.4/site-packages', '/opt/rh/rh-python34/root/usr/lib/site-python']
From the third line of the log it seems that the virtualenv is added correctly to the sites, but from the last line, produced by the script, appears that system-wide site-packages are used.
The directories are correct, double-checked.
Where am I failing?
WSGIPythonHome
For virtualenv installations, you may need to specifically use WSGIPythonHome instead.
WSGIPythonHome ${RDOCROOT}/DOMAIN.COM/django-venv/
Configuring WSGIDaemonProcess with python-path
You may need to change the paths you provide:
WSGIDaemonProcess DOMAIN.COM python-path=${RDOCROOT}/DOMAIN.COM/wsgi:${RDOCROOT}/DOMAIN.COM/django-venv/lib/python3.4/site-packages/
to only use one of them (see also release notes for mod_wsgi 4.4.15)
WSGIDaemonProcess DOMAIN.COM python-path=${RDOCROOT}/DOMAIN.COM/django-venv/lib/python3.4/site-packages/
Recompiling for other python
In some instances, you may need to recompile mod_wsgi for that particular python version in addition to the WSGIPythonHome or python-path tricks.
Configuring site directly in wsgi application
As a last resort, you can configure site packages in the wsgi app.py:
import site
site.addsitedir('/opt/rh/httpd24/root/var/www/DOMAIN.COM/django-venv/lib/python3.4/site-packages')
mod_wsgi known issues with WSGIPythonPath
From the release notes for mod_wsgi 4.4.15:
When specifying multiple directories for the Python module search path using the WSGIPythonPath directive, or the python-path option to WSGIDaemonProcess, it was failing under Python 3 due to incorrect logging. It was therefore only possible to add a single directory.
I have downloaded typo3-neos using php c:/xampp/Composer/bin/composer.phar create-project --dev --stability alpha typo3/neos-base-distribution TYPO3-Neos-1.0-alpha
my httpd.conf is :
<VirtualHost *:80>
ServerName neos.demo
DocumentRoot c:/xampp/htdocs/Typo3-Neos/Web/
SetEnv APPLICATION_ENV "development"
<Directory c:/xampp/htdocs/Typo3-Neos/Web/>
DirectoryIndex index.php
AllowOverride FileInfo Options=MultiViews
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
and vhost is: 127.0.0.1 neos.demo
I am geting the follwing 500 Internal Server Error (a snippet)
1355480641: Execution of subprocess failed with exit code 1 without any further output.
(Please check your PHP error log for possible Fatal errors)
More information
TYPO3\Flow\Core\Booting\Exception\SubProcessException thrown in file
C:\xampp\htdocs\TYPO3-Neos\Packages\Framework\TYPO3.Flow\Classes\TYPO3\Flow\Core\Booting\Scripts.php in line 532.
Reference code: 201310091327354b04b0
I have divided screenshot of the complete error page into three parts (error1.png, error2.png, error3.png) as the error stack is quite long, which is attached here
How can this be solved
After setting your System up, start NEOS with http://neos.demo/setup first.
I was having the same issue on my Mac machine after a successful installation. The point was that my php installation was not linked correct to the php binary, although it was set correctly in /user/bin/php and "active"
So make sure /opt/local/etc/select/php/current points to a valid php installation using the command "sudo port select php php54" (for php 5.4)
I solved this error with setup this lines in neos\Packages\Framework\TYPO3.Flow\Configuration\Settings.yaml
TYPO3:
Flow:
core:
phpBinaryPathAndFilename: 'C:/path/to/php.exe'
TYPO3:
Flow:
core:
subRequestPhpIniPathAndFilename: '/path/to/your/php.ini'
This error occur because typo3flow may be not find php and php.ini files in server.
for more help follow this link: http://wiki.typo3.org/Exception/Flow/1355480641
I am trying to run my first Perl Catalyst application using Apache and fastcgi.
Starting the server is fine, I can see the application's main page. All images/javascripts are loaded correctly (so, I assume the static content is served correctly).
For reasons I don't understand the dynamic content gives me a 404: e.g. when trying to go to www.webapp.org/search, I get "The requested URL /search was not found on this server."
Ok, here is how I set the aliases for the static content and
Alias /static /webapp/root/static/
Alias / /webapp/script/webapp_fastcgi.pl
I set the documentroot with
DocumentRoot /webapp/
Furthermore, I have a
<Location />
Options +ExecCGI
Order allow,deny
Allow from all
AddHandler fcgid-script .pl
</Location>
and a directive
<Files /webapp/script/webapp_fastcgi.pl>
PassEnv PERL5LIB
SetHandler fastcgi-script
</Files>
There is nothing else in the config file.
How can I add a directive to allow serving dynamic content (www.webapp.com/search)?
Thanks a lot in advance!
I see a space in AddHandler section. Please check your config file for typo's.
AddHandler fcgid-script .pl
Also please read this if you not did it already:
http://wiki.catalystframework.org/wiki/deployment/apache_fastcgi
For development work you could use catalyst without apache hassle: http://search.cpan.org/~mramberg/Catalyst-Runtime-5.80012/lib/Catalyst/Engine/FastCGI.pm#Standalone_FastCGI_Server
Assuming apxs installed mod_fastcgi.so into /usr/local/apache/libexec, add the following to an Apache .conf file:
LoadModule fastcgi_module libexec/mod_fastcgi.so
<IfModule mod_fastcgi.c>
FastCgiExternalServer /tmp/myapp.fcgi -host myhost:8081
Alias /myapp/ /tmp/myapp.fcgi/
</IfModule>
On port 80 I have normal apache web server.
On port 8080 I have tomcat with client and server side stuff.
My goal is:
www.mydomain.com renders a static and SEO friendly index.html while javascript stuff is loading.
In the header of this index.html I load www.mydomain.com:8080/myapp/stuff.js
stuff.js is compiled with gwt and calls a RootLayoutPanel.get().add(nice_panel) which will remove static content and show dynamic widgets. It also calls servlets (server side code).
Problem: for security reasons, browsers wont let me load www.mydomain.com:8080/myapp/stuff.js because it is on a different port.
Wrong attempt: I tried to create a symlink from "normal" apache web server directory to the tomcat webapp containing stuff.js. I am now able to load stuff.js because its url is: www.mydomain.com/mysymlink_to_tomcat/stuff.js. But stuff.js is not able anymore to call servlets on server side again because of browsers security rules ("XMLHttpRequest cannot load ... origin ...is not allowed by Access-Control-Allow-Origin").
I would like to avoid the "crazy" solution of redirect from index.html to tomcat with header('location: http://mydomain.com:8080/another_index_on_tomcat.html'). This solution works but it has many drawbacks (SEO...)
What would be the best approach ?
Thanks.
You have basically two solutions:
make it work with the 2 origins: use the xsiframe linker in GWT to allow the page on :80 to load the script from :8080 (for readers: it's not about loading, it's about what the script does).
Add the following to your `gwt.xml:
<add-linker name='xsiframe' />
That unfortunately won't solve your issue with GWT-RPC (o whatever you use to talk to the server). For that, there's CORS.
use a single origin: use Apache's mod_proxy (or mod_jk) to proxy your Tomcat through your Apache. Nobody will ever use :8080, everything will go through :80. See Using Tomcat with Apache HTTPD and a proxy at https://developers.google.com/web-toolkit/doc/latest/DevGuideServerCommunication#DevGuideRPCDeployment
And of course there's also the solution of ditching the HTTPD and serving everything with Tomcat (recent Java and Tomcat versions have fixed their slowness issues).
I'm not sure if this would avoid the security error, but you could try an iframe. On apache, you have the index and an iframe to the tomcat, where the JS loads inside the iframe. Dunno if that will help with the SEO problem.
The best solution would be to redirect the port 80 calls to 8080 on apache when the client call is asking for a tomcat application.
Install mod_jk on apache and configure it to mount a context on the path you want
example: (edit /mods_enabled/jk.conf)
# Configure access to jk-status and jk-manager
# If you want to make this available in a virtual host,
# either move this block into the virtual host
# or copy it logically there by including "JkMountCopy On"
# in the virtual host.
# Add an appropriate authentication method here!
<Location /jk-status>
# Inside Location we can omit the URL in JkMount
JkMount jk-status
Order deny,allow
Deny from all
Allow from 127.0.0.1
</Location>
<Location /jk-manager>
# Inside Location we can omit the URL in JkMount
JkMount jk-manager
Order deny,allow
Deny from all
Allow from 127.0.0.1
</Location>
JkMount /*/myAppDir/* ajp13
Then add a virtual host in your site settings (edit /apache2/sites-enabled/)
<VirtualHost *:80>
. Here is the rest of the
. of the config of
. the host
# Tomcat jk connector settings
JkMount /*.jsp ajp13_worker
JkMount /myAppDir/* ajp13_worker
JkMount /myAppDir* ajp13_worker
JKMount /manager* ajp13_worker
JkMount /manager/* ajp13_worker
</VirtualHost>
And you should also edit the server.xml file and inside the tag write and comment the previous Host name="localhost"
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
<Host name="localhost" appBase="webapps" unpackWARs="true"
autoDeploy="true" >
<Context path="/" docBase="/var/lib/tomcat7/webapps/myAppDir/"
debug="0" reloadable="true" />
<!-- please notes on logs down below -->
<Valve className="org.apache.catalina.valves.AccessLogValve"
directory="/var/lib/tomcat7/logs" prefix="tomcat_access_"
suffix=".log" pattern="common" resolveHosts="false" />
</Host>
The only thing left to do is edit the workers.properties file and add
worker.myapp2.port=8009
worker.myapp2.host=localhost
worker.myapp2.type=ajp13
worker.loadbalancer.type=lb
worker.loadbalancer.balance_workers=ajp13_worker
Then you should be set to work, and when a url containing the myAppDir appears, the apache server will redirect the calls to tomcat the answer will come back from apache.
I cannot run on WAMP Zend Projects containing Zend_Session classes.
After checking httpd's error log, I found this entry and other errors all connected with load of Zend_Session.
[ssl:warn] [pid 5340:tid 216] AH01873: Init: Session Cache is not configured [hint: SSLSessionCache]
I've tried to open another project which doesn't contain any Zend_Session and it works. How could I solve this, in order to be able to include Zend_Session classes within my projects and successfully run it with WAMP?
This is a problem with your Apache SSL configuration.
Configure your SSL module as below:
<IfModule ssl_module>
SSLSessionCache "shmcb:C:/wamp/bin/apache/Apache2.2.17/logs/ssl_scache(512000)"
SSLSessionCacheTimeout 300
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>
Maybe you should also read the SSLSessionCache documentation.