Changeset - 759d5143042c
Parent rev.
Child rev.
[Not reviewed]
stable
0 1 0
Thomas De Schampheleire - 7 years ago 2019-05-10 21:24:21
thomas.de_schampheleire@nokia.com
docs: tweak documentation of Apache+mod_wsgi further

Make the last bullet not only about WSGIScriptAlias but about the entire set
of WSGI* directives in the Apache Virtual Host configuration file.
This fits better with the already existing explanation of changing
user/group settings, and with the upcoming hints about locale settings.
1 file changed with 9 insertions and 8 deletions:
docs/setup.rst
9
8
0 comments (0 inline, 0 general)
docs/setup.rst
Show inline comments
 
@@ -347,238 +347,239 @@ Sample config for Nginx using proxy:
 
       ssl_certificate     gist.your.kallithea.server.crt;
 
       ssl_certificate_key gist.your.kallithea.server.key;
 

			




	
	
	
		
 
       ssl_session_timeout 5m;

			




	
	
	
		
 

			




	
	
	
		
 
       ssl_protocols SSLv3 TLSv1;

			




	
	
	
		
 
       ssl_ciphers DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:EDH-RSA-DES-CBC3-SHA:AES256-SHA:DES-CBC3-SHA:AES128-SHA:RC4-SHA:RC4-MD5;

			




	
	
	
		
 
       ssl_prefer_server_ciphers on;

			




	
	
	
		
 

			




	
	
	
		
 
       rewrite ^/(.+)$ https://kallithea.example.com/_admin/gists/$1;

			




	
	
	
		
 
       rewrite (.*)    https://kallithea.example.com/_admin/gists;

			




	
	
	
		
 
    }

			




	
	
	
		
 

			




	
	
	
		
 
    server {

			




	
	
	
		
 
       listen          443;

			




	
	
	
		
 
       server_name     kallithea.example.com

			




	
	
	
		
 
       access_log      /var/log/nginx/kallithea.access.log;

			




	
	
	
		
 
       error_log       /var/log/nginx/kallithea.error.log;

			




	
	
	
		
 

			




	
	
	
		
 
       ssl on;

			




	
	
	
		
 
       ssl_certificate     your.kallithea.server.crt;

			




	
	
	
		
 
       ssl_certificate_key your.kallithea.server.key;

			




	
	
	
		
 

			




	
	
	
		
 
       ssl_session_timeout 5m;

			




	
	
	
		
 

			




	
	
	
		
 
       ssl_protocols SSLv3 TLSv1;

			




	
	
	
		
 
       ssl_ciphers DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:EDH-RSA-DES-CBC3-SHA:AES256-SHA:DES-CBC3-SHA:AES128-SHA:RC4-SHA:RC4-MD5;

			




	
	
	
		
 
       ssl_prefer_server_ciphers on;

			




	
	
	
		
 

			




	
	
	
		
 
       ## uncomment root directive if you want to serve static files by nginx

			




	
	
	
		
 
       ## requires static_files = false in .ini file

			




	
	
	
		
 
       #root /srv/kallithea/kallithea/kallithea/public;

			




	
	
	
		
 
       include         /etc/nginx/proxy.conf;

			




	
	
	
		
 
       location / {

			




	
	
	
		
 
            try_files $uri @kallithea;

			




	
	
	
		
 
       }

			




	
	
	
		
 

			




	
	
	
		
 
       location @kallithea {

			




	
	
	
		
 
            proxy_pass      http://127.0.0.1:5000;

			




	
	
	
		
 
       }

			




	
	
	
		
 

			




	
	
	
		
 
    }

			




	
	
	
		
 

			




	
	
	
		
 
Here's the proxy.conf. It's tuned so it will not timeout on long

			




	
	
	
		
 
pushes or large pushes::

			




	
	
	
		
 

			




	
	
	
		
 
    proxy_redirect              off;

			




	
	
	
		
 
    proxy_set_header            Host $host;

			




	
	
	
		
 
    ## needed for container auth

			




	
	
	
		
 
    #proxy_set_header            REMOTE_USER $remote_user;

			




	
	
	
		
 
    #proxy_set_header            X-Forwarded-User $remote_user;

			




	
	
	
		
 
    proxy_set_header            X-Url-Scheme $scheme;

			




	
	
	
		
 
    proxy_set_header            X-Host $http_host;

			




	
	
	
		
 
    proxy_set_header            X-Real-IP $remote_addr;

			




	
	
	
		
 
    proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;

			




	
	
	
		
 
    proxy_set_header            Proxy-host $proxy_host;

			




	
	
	
		
 
    proxy_buffering             off;

			




	
	
	
		
 
    proxy_connect_timeout       7200;

			




	
	
	
		
 
    proxy_send_timeout          7200;

			




	
	
	
		
 
    proxy_read_timeout          7200;

			




	
	
	
		
 
    proxy_buffers               8 32k;

			




	
	
	
		
 
    client_max_body_size        1024m;

			




	
	
	
		
 
    client_body_buffer_size     128k;

			




	
	
	
		
 
    large_client_header_buffers 8 64k;

			




	
	
	
		
 

			




	
	
	
		
 
.. _apache_virtual_host_reverse_proxy:

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
Apache virtual host reverse proxy example

			




	
	
	
		
 
-----------------------------------------

			




	
	
	
		
 

			




	
	
	
		
 
Here is a sample configuration file for Apache using proxy:

			




	
	
	
		
 

			




	
	
	
		
 
.. code-block:: apache

			




	
	
	
		
 

			




	
	
	
		
 
    <VirtualHost *:80>

			




	
	
	
		
 
            ServerName kallithea.example.com

			




	
	
	
		
 

			




	
	
	
		
 
            <Proxy *>

			




	
	
	
		
 
              # For Apache 2.4 and later:

			




	
	
	
		
 
              Require all granted

			




	
	
	
		
 

			




	
	
	
		
 
              # For Apache 2.2 and earlier, instead use:

			




	
	
	
		
 
              # Order allow,deny

			




	
	
	
		
 
              # Allow from all

			




	
	
	
		
 
            </Proxy>

			




	
	
	
		
 

			




	
	
	
		
 
            #important !

			




	
	
	
		
 
            #Directive to properly generate url (clone url) for Kallithea

			




	
	
	
		
 
            ProxyPreserveHost On

			




	
	
	
		
 

			




	
	
	
		
 
            #kallithea instance

			




	
	
	
		
 
            ProxyPass / http://127.0.0.1:5000/

			




	
	
	
		
 
            ProxyPassReverse / http://127.0.0.1:5000/

			




	
	
	
		
 

			




	
	
	
		
 
            #to enable https use line below

			




	
	
	
		
 
            #SetEnvIf X-Url-Scheme https HTTPS=1

			




	
	
	
		
 
    </VirtualHost>

			




	
	
	
		
 

			




	
	
	
		
 
Additional tutorial

			




	
	
	
		
 
http://pylonsbook.com/en/1.1/deployment.html#using-apache-to-proxy-requests-to-pylons

			




	
	
	
		
 

			




	
	
	
		
 
.. _apache_subdirectory:

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
Apache as subdirectory

			




	
	
	
		
 
----------------------

			




	
	
	
		
 

			




	
	
	
		
 
Apache subdirectory part:

			




	
	
	
		
 

			




	
	
	
		
 
.. code-block:: apache

			




	
	
	
		
 

			




	
	
	
		
 
    <Location /PREFIX >

			




	
	
	
		
 
      ProxyPass http://127.0.0.1:5000/PREFIX

			




	
	
	
		
 
      ProxyPassReverse http://127.0.0.1:5000/PREFIX

			




	
	
	
		
 
      SetEnvIf X-Url-Scheme https HTTPS=1

			




	
	
	
		
 
    </Location>

			




	
	
	
		
 

			




	
	
	
		
 
Besides the regular apache setup you will need to add the following line

			




	
	
	
		
 
into ``[app:main]`` section of your .ini file::

			




	
	
	
		
 

			




	
	
	
		
 
    filter-with = proxy-prefix

			




	
	
	
		
 

			




	
	
	
		
 
Add the following at the end of the .ini file::

			




	
	
	
		
 

			




	
	
	
		
 
    [filter:proxy-prefix]

			




	
	
	
		
 
    use = egg:PasteDeploy#prefix

			




	
	
	
		
 
    prefix = /PREFIX

			




	
	
	
		
 

			




	
	
	
		
 
then change ``PREFIX`` into your chosen prefix

			




	
	
	
		
 

			




	
	
	
		
 
.. _apache_mod_wsgi:

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
Apache with mod_wsgi

			




	
	
	
		
 
--------------------

			




	
	
	
		
 

			




	
	
	
		
 
Alternatively, Kallithea can be set up with Apache under mod_wsgi. For

			




	
	
	
		
 
that, you'll need to:

			




	
	
	
		
 

			




	
	
	
		
 
- Install mod_wsgi. If using a Debian-based distro, you can install

			




	
	
	
		
 
  the package libapache2-mod-wsgi::

			




	
	
	
		
 

			




	
	
	
		
 
    aptitude install libapache2-mod-wsgi

			




	
	
	
		
 

			




	
	
	
		
 
- Enable mod_wsgi::

			




	
	
	
		
 

			




	
	
	
		
 
    a2enmod wsgi

			




	
	
	
		
 

			




	
	
	
		
 
- Add global Apache configuration to tell mod_wsgi that Python only will be

			




	
	
	
		
 
  used in the WSGI processes and shouldn't be initialized in the Apache

			




	
	
	
		
 
  processes::

			




	
	
	
		
 

			




	
	
	
		
 
    WSGIRestrictEmbedded On

			




	
	
	
		
 

			




	
	
	
		
 
- Create a WSGI dispatch script, like the one below. Make sure you

			




	
	
	
		
 
  check that the paths correctly point to where you installed Kallithea

			




	
	
	
		
 
  and its Python Virtual Environment.

			




	
	
	
		
 

			




	
	
	
		
 
  .. code-block:: python

			




	
	
	
		
 

			




	
	
	
		
 
      import os

			




	
	
	
		
 
      os.environ['PYTHON_EGG_CACHE'] = '/srv/kallithea/.egg-cache'

			




	
	
	
		
 

			




	
	
	
		
 
      # sometimes it's needed to set the current dir

			




	
	
	
		
 
      os.chdir('/srv/kallithea/')

			




	
	
	
		
 

			




	
	
	
		
 
      import site

			




	
	
	
		
 
      site.addsitedir("/srv/kallithea/venv/lib/python2.7/site-packages")

			




	
	
	
		
 

			




	
	
	
		
 
      ini = '/srv/kallithea/my.ini'

			




	
	
	
		
 
      from logging.config import fileConfig

			




	
	
	
		
 
      fileConfig(ini)

			




	
	
	
		
 
      from paste.deploy import loadapp

			




	
	
	
		
 
      application = loadapp('config:' + ini)

			




	
	
	
		
 

			




	
	
	
		
 
  Or using proper virtualenv activation:

			




	
	
	
		
 

			




	
	
	
		
 
  .. code-block:: python

			




	
	
	
		
 

			




	
	
	
		
 
      activate_this = '/srv/kallithea/venv/bin/activate_this.py'

			




	
	
	
		
 
      execfile(activate_this, dict(__file__=activate_this))

			




	
	
	
		
 

			




	
	
	
		
 
      import os

			




	
	
	
		
 
      os.environ['HOME'] = '/srv/kallithea'

			




	
	
	
		
 

			




	
	
	
		
 
      ini = '/srv/kallithea/kallithea.ini'

			




	
	
	
		
 
      from logging.config import fileConfig

			




	
	
	
		
 
      fileConfig(ini)

			




	
	
	
		
 
      from paste.deploy import loadapp

			




	
	
	
		
 
      application = loadapp('config:' + ini)

			




	
	
	
		
 

			




	
	
	
		
 
- Enable the ``WSGIScriptAlias`` directive for the WSGI dispatch script, as in

			




	
	
	
		
 
  the following example from an Apache Virtual Host configuration file. Once

			




	
	
	
		
 
  again, check the paths are correctly specified.

			




	
	
	
		
 
- Add the necessary ``WSGI*`` directives to the Apache Virtual Host configuration

			




	
	
	
		
 
  file, like in the example below. Notice that the WSGI dispatch script created

			




	
	
	
		
 
  above is referred to with the ``WSGIScriptAlias`` directive.

			




	
	
	
		
 
  Apache will by default run as a special Apache user, on Linux systems

			




	
	
	
		
 
  usually ``www-data`` or ``apache``. If you need to have the repositories

			




	
	
	
		
 
  directory owned by a different user, use the user and group options to

			




	
	
	
		
 
  WSGIDaemonProcess to set the name of the user and group.

			




	
	
	
		
 

			




	
	
	
		
 
  Once again, check that all paths are correctly specified.

			




	
	
	
		
 

			




	
	
	
		
 
  .. code-block:: apache

			




	
	
	
		
 

			




	
	
	
		
 
      WSGIDaemonProcess kallithea processes=5 threads=1 maximum-requests=100 \

			




	
	
	
		
 
          python-home=/srv/kallithea/venv

			




	
	
	
		
 
      WSGIProcessGroup kallithea

			




	
	
	
		
 
      WSGIScriptAlias / /srv/kallithea/dispatch.wsgi

			




	
	
	
		
 
      WSGIPassAuthorization On

			




	
	
	
		
 

			




	
	
	
		
 
  Or if using a dispatcher WSGI script with proper virtualenv activation:

			




	
	
	
		
 

			




	
	
	
		
 
  .. code-block:: apache

			




	
	
	
		
 

			




	
	
	
		
 
      WSGIDaemonProcess kallithea processes=5 threads=1 maximum-requests=100

			




	
	
	
		
 
      WSGIProcessGroup kallithea

			




	
	
	
		
 
      WSGIScriptAlias / /srv/kallithea/dispatch.wsgi

			




	
	
	
		
 
      WSGIPassAuthorization On

			




	
	
	
		
 

			




	
	
	
		
 
  Apache will by default run as a special Apache user, on Linux systems

			




	
	
	
		
 
  usually ``www-data`` or ``apache``. If you need to have the repositories

			




	
	
	
		
 
  directory owned by a different user, use the user and group options to

			




	
	
	
		
 
  WSGIDaemonProcess to set the name of the user and group.

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
Other configuration files

			




	
	
	
		
 
-------------------------

			




	
	
	
		
 

			




	
	
	
		
 
A number of `example init.d scripts`__ can be found in

			




	
	
	
		
 
the ``init.d`` directory of the Kallithea source.

			




	
	
	
		
 

			




	
	
	
		
 
.. __: https://kallithea-scm.org/repos/kallithea/files/tip/init.d/ .

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
.. _virtualenv: http://pypi.python.org/pypi/virtualenv

			




	
	
	
		
 
.. _python: http://www.python.org/

			




	
	
	
		
 
.. _Python regular expression documentation: https://docs.python.org/2/library/re.html

			




	
	
	
		
 
.. _Mercurial: https://www.mercurial-scm.org/

			




	
	
	
		
 
.. _Celery: http://celeryproject.org/

			




	
	
	
		
 
.. _Celery documentation: http://docs.celeryproject.org/en/latest/getting-started/index.html

			




	
	
	
		
 
.. _RabbitMQ: http://www.rabbitmq.com/

			




	
	
	
		
 
.. _Redis: http://redis.io/

			




	
	
	
		
 
.. _mercurial-server: http://www.lshift.net/mercurial-server.html

			




	
	
	
		
 
.. _PublishingRepositories: https://www.mercurial-scm.org/wiki/PublishingRepositories

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2025 by various authors & licensed under GPLv3.