python - Web2Py Fedora: 403 ( You don't have permission to access / ) -


http://web2py.com/books/default/chapter/29/13/deployment-recipes#one-step-production-deployment

having trouble with:

wget http://web2py.googlecode.com/hg/scripts/setup-web2py-fedora.sh chmod +x setup-web2py-fedora.sh sudo ./setup-web2py-fedora.sh

i have started scratch.

downloaded fedora 22.

spun virtualbox it. configured server ed. (webserver python web dev modules options checked)

and run script.

trying keep env simple possible download lynx hit 127.0.0.1 test , since server cmd-line only: 

403  forbidden don't have permission access / on server.

the same thing got on normal fedora 21 box when trying deploy.

goal webapp running on private corporate network. not on open web. running powerful access tool wrote in python still need security conscious.

found this: http://stackoverflow.com/questions/21233510/getting-403-forbidden-error-using-web2py-with-apache2-wsgi-on-fedora

but doesn't seem using same deployment recipe listed on first link. new linux , web development generous detail. pick , research can. thanks!!!

edit 1 (http://web2py.googlecode.com/hg/scripts/setup-web2py-fedora.sh script below):

echo "this script will: 1) install modules needed run web2py on fedora , centos/rhel 2) install python 2.6 /opt , recompile wsgi if not provided 2) install web2py in /opt/web-apps/ 3) configure selinux , iptables 5) create self signed ssl certificate 6) setup web2py mod_wsgi 7) create virtualhost entries web2py responds '/' 8) restart apache.  should read script before running it.  although selinux permissions changes have been made, further selinux changes required personal apps. (there may additional changes required bundled apps.)  last resort, selinux can disabled.  simple iptables configuration has been applied.  may want review verify meets needs.  finally, if require proxy access internet, please set machine before running script.  (author: berubejd)  press enter continue...[ctrl+c abort]"  read confirm  #!/bin/bash  ### ###  phase 0 - may messy.  lets work temporary directory ###  current_dir=`pwd`  if [ -d /tmp/setup-web2py/ ];     mv /tmp/setup-web2py/ /tmp/setup-web2py.old/ fi  mkdir -p /tmp/setup-web2py cd /tmp/setup-web2py  ### ###  phase 1 - requirements installation ###  echo echo " - installing packages" echo  # verify packages date yum update  # install required packages yum install httpd mod_ssl mod_wsgi wget python  # verify have @ least python 2.5 typeset -i version_major typeset -i version_minor  version=`rpm --qf %{version} -q python` version_major=`echo ${version} | awk '{split($0, parts, "."); print parts[1]}'` version_minor=`echo ${version} | awk '{split($0, parts, "."); print parts[2]}'`  if [ ! ${version_major} -ge 2 -o ! ${version_minor} -ge 5 ];     # setup 2.6 in /opt - based upon     # http://markkoberlein.com/getting-python-26-with-django-11-together-on      # check earlier python 2.6 install     if [ -e /opt/python2.6 ];         # python installed?         retv=`/opt/python2.6/bin/python -v > /dev/null 2>&1; echo $?`         if [ ${retv} -eq 0 ];             python_installed='true'         else             mv /opt/python2.6 /opt/python2.6-old         fi     fi      # install python 2.6 if doesn't exist     if [ ! "${python_installed}" == "true" ];         # install requirements python build         yum install sqlite-devel zlib-devel          mkdir -p /opt/python2.6          # download , install         wget http://www.python.org/ftp/python/2.6.4/python-2.6.4.tgz         tar -xzf python-2.6.4.tgz         cd python-2.6.4         ./configure --prefix=/opt/python2.6 --with-threads --enable-shared --with-zlib=/usr/include         make && make install          cd /tmp/setup-web2py     fi      # create links python 2.6     # if installed sure     ln -s /opt/python2.6/lib/libpython2.6.so /usr/lib     ln -s /opt/python2.6/lib/libpython2.6.so.1.0 /usr/lib     ln -s /opt/python2.6/bin/python /usr/local/bin/python     ln -s /opt/python2.6/bin/python /usr/bin/python2.6     ln -s /opt/python2.6/lib/python2.6.so /opt/python2.6/lib/python2.6/config/      # update linker new libraries     /sbin/ldconfig      # rebuild wsgi take advantage of python 2.6     yum install httpd-devel      cd /tmp/setup-web2py      wget http://modwsgi.googlecode.com/files/mod_wsgi-3.3.tar.gz     tar -xzf mod_wsgi-3.3.tar.gz     cd mod_wsgi-3.3     ./configure --with-python=/usr/local/bin/python     make &&  make install      echo "loadmodule wsgi_module modules/mod_wsgi.so" > /etc/httpd/conf.d/wsgi.conf      cd /tmp/setup-web2py fi  ### mysql install untested! # install mysql packages (optional) #yum install mysql mysql-server  # enable mysql start @ boot (optional) #chkconfig --levels 235 mysqld on #service mysqld start  # configure mysql security settings (not optional if mysql installed) #/usr/bin/mysql_secure_installation  ### ### phase 2 - install web2py ###  echo echo " - downloading, installing, , starting web2py" echo  # create web-apps directory, if required if [ ! -d "/opt/web-apps" ];     mkdir -p /opt/web-apps      chmod 755 /opt     chmod 755 /opt/web-apps fi  cd /opt/web-apps  # download web2py if [ -e web2py_src.zip* ];     rm web2py_src.zip* fi  wget http://web2py.com/examples/static/web2py_src.zip unzip web2py_src.zip mv web2py/handlers/wsgihandler.py web2py/wsgihandler.py chown -r apache:apache web2py  ### ### phase 3 - setup selinux context ###  # set context python libraries if python 2.6 installed if [ -d /opt/python2.6 ];     cd /opt/python2.6     chcon -r -t lib_t lib/ fi  # allow http_tmp_exec required wsgi retv=`setsebool -p httpd_tmp_exec on > /dev/null 2>&1; echo $?` if [ ! ${retv} -eq 0 ];     # centos doesn't support httpd_tmp_exec     cd /tmp/setup-web2py      # create selinux policy cat > httpd.te <<eof  module httpd 1.0;  require {     type httpd_t;     class process execmem; }  #============= httpd_t ============== allow httpd_t self:process execmem; eof      checkmodule -m -m -o httpd.mod httpd.te     semodule_package -o httpd.pp -m httpd.mod     semodule -i httpd.pp  fi  # setup overall web2py selinux context cd /opt chcon -r -t httpd_user_content_t web-apps/  cd /opt/web-apps/web2py/applications  # setup proper context on writable application directories app in `ls`     dir in databases cache errors sessions private uploads             mkdir ${app}/${dir}         chown apache:apache ${app}/${dir}         chcon -r -t tmp_t ${app}/${dir}     done done   ### ### phase 4 - configure iptables ###  cd /tmp/setup-web2py  # create rules file - based upon # http://articles.slicehost.com/assets/2007/9/4/iptables.txt cat > iptables.rules <<eof *filter  #  allows loopback (lo0) traffic #  drop traffic 127/8 doesn't use lo0 -a input -i lo -j accept -a input ! -i lo -d 127.0.0.0/8 -j reject  #  accepts established inbound connections -a input -m state --state established,related -j accept  #  allows outbound traffic -a output -j accept  # allows ssh, http, , https # consider changing ssh port and/or using rate limiting # see http://blog.andrew.net.au/2005/02/16#ipt_recent_and_ssh_attacks -a input -p tcp -m state --state new --dport 22 -j accept -a input -p tcp --dport 80 -j accept -a input -p tcp --dport 443 -j accept  # allow ping -a input -p icmp -m icmp --icmp-type 8 -j accept  # log iptables denied calls -a input -m limit --limit 5/min -j log --log-prefix "iptables denied: " --log-level 7  # reject other inbound - default deny unless explicitly allowed policy -a input -j reject -a forward -j reject  commit eof  /sbin/iptables -f cat iptables.rules | /sbin/iptables-restore /sbin/service iptables save  ### ### phase 5 - setup ssl ###  echo echo " - creating self signed certificate" echo  # verify ssl directory exists if [ ! -d "/etc/httpd/ssl" ];     mkdir -p /etc/httpd/ssl fi  # generate , protect certificate openssl genrsa 1024 > /etc/httpd/ssl/self_signed.key openssl req -new -x509 -nodes -sha1 -days 365 -key /etc/httpd/ssl/self_signed.key > /etc/httpd/ssl/self_signed.cert openssl x509 -noout -fingerprint -text < /etc/httpd/ssl/self_signed.cert > /etc/httpd/ssl/self_signed.info  chmod 400 /etc/httpd/ssl/self_signed.*  ### ### phase 6 - configure apache ###  echo echo " - configure apache use mod_wsgi" echo  # create config if [ -e /etc/httpd/conf.d/welcome.conf ];     mv /etc/httpd/conf.d/welcome.conf /etc/httpd/conf.d/welcome.conf.disabled fi  cat  > /etc/httpd/conf.d/default.conf <<eof  namevirtualhost *:80 namevirtualhost *:443  <virtualhost *:80>   wsgidaemonprocess web2py user=apache group=apache processes=1 threads=1   wsgiprocessgroup web2py   wsgiscriptalias / /opt/web-apps/web2py/wsgihandler.py   wsgipassauthorization on    <directory /opt/web-apps/web2py>     allowoverride none     order allow,deny     deny     <files wsgihandler.py>       allow     </files>   </directory>    aliasmatch ^/([^/]+)/static/(?:_[\d]+.[\d]+.[\d]+/)?(.*) /opt/web-apps/web2py/applications/\$1/static/\$2    <directory /opt/web-apps/web2py/applications/*/static>     options -indexes     order allow,deny     allow   </directory>    <location /admin>     deny   </location>    <locationmatch ^/([^/]+)/appadmin>     deny   </locationmatch>    customlog /var/log/httpd/access_log common   errorlog /var/log/httpd/error_log </virtualhost>  <virtualhost *:443>   sslengine on   sslcertificatefile /etc/httpd/ssl/self_signed.cert   sslcertificatekeyfile /etc/httpd/ssl/self_signed.key    wsgiprocessgroup web2py   wsgiscriptalias / /opt/web-apps/web2py/wsgihandler.py   wsgipassauthorization on    <directory /opt/web-apps/web2py>     allowoverride none     order allow,deny     deny     <files wsgihandler.py>       allow     </files>   </directory>    aliasmatch ^/([^/]+)/static/(?:_[\d]+.[\d]+.[\d]+/)?(.*) /opt/web-apps/web2py/applications/\$1/static/\$2    <directory /opt/web-apps/web2py/applications/*/static>     options -indexes     expiresactive on     expiresdefault "access plus 1 hour"     order allow,deny     allow   </directory>    customlog /var/log/httpd/access_log common   errorlog /var/log/httpd/error_log </virtualhost>  eof  # fix wsgi socket locations echo "wsgisocketprefix run/wsgi" >> /etc/httpd/conf.d/wsgi.conf  # restart apache pick changes service httpd restart  ### ### phase 7 - setup web2py admin password ###  echo echo " - setup web2py admin password" echo  cd /opt/web-apps/web2py sudo -u apache python -c "from gluon.main import save_password; save_password(raw_input('admin password: '),443)"  ### ### phase 8 - verify required services start @ boot ###  /sbin/chkconfig iptables on /sbin/chkconfig httpd on  ### ### phase 999 - done! ###  # change original directory cd ${current_directory}  echo " - complete!" echo


Comments

Post a Comment

Popular posts from this blog

Magento/PHP - Get phones on all members in a customer group -

i working on custom magento extension. working around adminhtml part , i've created custom form there. here form code: <?php class vivasindustries_smsnotification_block_adminhtml_sms_sendmass_edit_form extends mage_adminhtml_block_widget_form { public function _preparelayout() { $extensionpath = mage::getmoduledir('js', 'vivasindustries_smsnotification'); $head = $this->getlayout()->getblock('head'); $head->addjs('jquery.js'); $head->addjs('vivas.js'); return parent::_preparelayout(); } protected function _prepareform() { $form = new varien_data_form(array( 'id' => 'edit_form', 'action' => $this->geturl('*/*/save', array('id' => $this->getrequest()->get...
Read more

php - Bypass Geo Redirect for specific directories -

i'm trying bypass redirect specific url within site. wondering if might able help. the code below code use, original urls replaces example.com i'd able access http://example.com/admin without redirect occuring. is there way this, , there way using own ip? function country_geo_redirect() { $country = getenv('http_geoip_country_code'); if ($country == "us" ) { wp_redirect("http://usa.example.com/"); exit; } else if ($country == "gb" ) { wp_redirect("http://uk.example.com/"); exit; } } add_action('init', 'country_geo_redirect'); you can bypass redirection code if server found ip address. if ip address == <my ip address> ' nothing here else country_georedirect() end if
Read more

php - .htaccess mod_rewrite for dynamic url which has domain names -

i want convert url ex:( example.com/link.php?url=facebook.com ) ( example.com/facebook.com.php ) how can using .htaccess. or there other process make job easier ? i tried adding script .htaccess file options +followsymlinks rewriteengine on rewriterule url-(.*)\.htm$ link.php?url=$1 but converting url adding "url-" ( example.com/url-facebook.com.php ) i want remove "url-" , want make ( example.com/facebook.com.php ) rewriteengine on rewritecond %{the_request} ^get.*link\.php\?url\= [nc] rewritecond %{request_uri} !/system/.* [nc] rewriterule (.*?)link\.php\?url\=/*(.*) /$1$2 [r=301,ne,l] not sure how above work edit of used use remove index.php url
Read more