wiki:InstallationGuidelinesApacheModWSGI

Version 42 (modified by Praneeth Bodduluri, 14 years ago) ( diff )

Added snippet for SSL redirect only on login

Installation on Apache with WSGI

This is what is used to host the Demo site & Trac

Also see:

Add Web2Py user

Can run as Webserver, but if you can partition, you generally should:

adduser web2py

File Permissions

chown web2py ~web2py/applications/admin/cache
chown web2py ~web2py/applications/admin/cron
chown web2py ~web2py/applications/admin/databases
chown web2py ~web2py/applications/admin/errors
chown web2py ~web2py/applications/admin/sessions
chown web2py ~web2py/applications/eden/cache
chown web2py ~web2py/applications/eden/cron
chown web2py ~web2py/applications/eden/databases
chown web2py ~web2py/applications/eden/errors
chown web2py ~web2py/applications/eden/models
chown web2py ~web2py/applications/eden/sessions
chown web2py ~web2py/applications/eden/static/img/markers
chown web2py ~web2py/applications/eden/uploads

Cron

If running on a UNIX variant (as would be recommended) then suggest using the Native Cron

vim /etc/crontab
0-59/1 * * * * web2py cd ~web2py/ && python web2py.py -C -D 1 >> /tmp/cron.output 2>&1

cp ~web2py/options_std.py ~web2py/options.py
vim ~web2py/options.py
extcron = True

Debian (or Ubuntu)

apt-get install libapache2-mod-wsgi
a2enmod rewrite
a2enmod deflate
a2enmod headers
a2enmod expires
vim /etc/apache2/mods-enabled/apache2.conf
    <IfModule mpm_prefork_module>
    # Recycle threads to avoid memory leaks
    MaxRequestsPerChild   1024

    <IfModule mpm_worker_module>
    # Recycle threads to avoid memory leaks
    MaxRequestsPerChild   1024


vim /etc/apache2/mods-enabled/wsgi.conf
    # Enable to allow Basic Authentication for WebServices
    WSGIPassAuthorization On
vim /etc/apache2/sites-available/eden
<VirtualHost *:80>
  ServerName demo.eden.sahanafoundation.org
  ServerAdmin webmaster@eden.sahanafoundation.org
  DocumentRoot /home/web2py/applications 

  WSGIScriptAlias / /home/web2py/wsgihandler.py
  ## Edit the process and the maximum-requests to reflect your RAM 
  WSGIDaemonProcess web2py user=web2py group=web2py home=/home/web2py processes=5 maximum-requests=50

  RewriteEngine On
  RewriteCond %{REQUEST_URI}    !/eden/(.*)
  RewriteRule /(.*) /eden/$1 [R]

  ### admin only accessible via SSH Tunnel
  <Location "/admin">
    SSLRequireSSL
  </Location>
  ### appadmin requires SSL
  <LocationMatch "^(/[\w_]*/appadmin/.*)">
    SSLRequireSSL
  </LocationMatch>
  ### static files do not need WSGI
  <LocationMatch "^(/[\w_]*/static/.*)">
    Order Allow,Deny
    Allow from all
  </LocationMatch>
  ### everything else goes over WSGI
  <Location "/">
    Order deny,allow
    Allow from all
    WSGIProcessGroup web2py
  </Location>

  ErrorLog /var/log/apache2/demo_error.log
  LogLevel warn
  CustomLog /var/log/apache2/demo_access.log combined
</VirtualHost>
ln -s /etc/apache2/sites-available/eden /etc/apache2/sites-enabled/eden
/etc/init.d/apache2 force-reload

Refer to the following URLs for WSGI configuration tuning:

WSGI Installation comments: http://blog.dscpl.com.au/2009/08/problems-with-example-web2py.html

Another set of Ubuntu docs: http://www.web2pyslices.com/main/slices/take_slice/14

Apache mod_deflate & mod_expires

Optimise by using GZip & Expires:

  ### static files do not need WSGI
  <LocationMatch "^(/[\w_]*/static/.*)">
    Order Allow,Deny
    Allow from all

    SetOutputFilter DEFLATE
    BrowserMatch ^Mozilla/4 gzip-only-text/html
    BrowserMatch ^Mozilla/4\.0[678] no-gzip
    BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
    SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
    Header append Vary User-Agent env=!dont-vary

    ExpiresActive On
    ExpiresByType text/html "access plus 1 day"
    ExpiresByType text/javascript "access plus 1 week"
    ExpiresByType text/css "access plus 2 weeks"
    ExpiresByType image/ico "access plus 1 month"
    ExpiresByType image/gif "access plus 1 month"
    ExpiresByType image/jpeg "access plus 1 month"
    ExpiresByType image/jpg "access plus 1 month"
    ExpiresByType image/png "access plus 1 month"
    ExpiresByType application/x-shockwave-flash "access plus 1 month"
  </LocationMatch>

Redirect to SSL only for the login page

Add the following to the non SSL apache config [example.com is assumed to be your domain].

  RewriteEngine On
  RewriteRule ^/eden/default/user/(.*)$ https://example.com/eden/default/user/$1 [R]                         

Add the following to the SSL apache config

  RewriteEngine On
  RewriteRule ^(.*)/user/(.*)$ - [L]                          
  RewriteRule ^/eden/(.*)$ http://example.com/eden/$1 [R] [L]      

Maintenance Site

A useful site defintion for maintenance windows: points users at a static page, however access to phpmyadmin can be maintained:

<VirtualHost *:80>
  ServerName demo.eden.sahanafoundation.org
  ServerAdmin webmaster@sahanafoundation.org
  DocumentRoot /var/www

  RewriteEngine On
  RewriteCond %{REQUEST_URI} !/phpmyadmin(.*)
  RewriteRule ^/(.*) /maintenance.html

  <Location "/">
    Order deny,allow
    Allow from all
  </Location>

  ErrorLog /var/log/apache2/maintenance_error.log
  LogLevel warn
  CustomLog /var/log/apache2/maintenance_access.log combined
</VirtualHost>

Enable maintenance:

a2ensite maintenance
a2dissite eden
apache2ctl restart

Restore production:

a2ensite eden
a2dissite maintenance
apache2ctl restart

InstallationGuidelines

Note: See TracWiki for help on using the wiki.