Opened 22 months ago

Closed 21 months ago

Last modified 21 months ago

#24585 closed task (fixed)

Add fpcentral apache configuration on forrestii

Reported by: boklm Owned by: tpa
Priority: Medium Milestone:
Component: Internal Services/Tor Sysadmin Team Version:
Severity: Normal Keywords: TorBrowserTeam201801
Cc: tbb-team Actual Points:
Parent ID: #23738 Points:
Reviewer: Sponsor: Sponsor4

Description

Please install package libapache2-mod-wsgi on forrestii.

We also need the following apache configuration on forrestii:

<VirtualHost *>
    ServerName fpcentral.tbb.torproject.org

    WSGIDaemonProcess fpcentral user=fpcentral group=fpcentral threads=5
    WSGIScriptAlias / /srv/fpcentral.tbb.torproject.org/home/fpcentral/fpcentral.wsgi

    <Directory /srv/fpcentral.tbb.torproject.org/home/fpcentral>
        WSGIProcessGroup fpcentral
        WSGIApplicationGroup %{GLOBAL}
        WSGIScriptReloading On
        Order deny,allow
        Allow from all
    </Directory>
</VirtualHost>

Child Tickets

Change History (8)

comment:1 Changed 22 months ago by weasel

Hm.

Do we really want the python2 wsgi?

Does the server process really need write access to all of fpcentral's files?

comment:2 Changed 22 months ago by weasel

Status: newneeds_information

comment:3 in reply to:  1 Changed 21 months ago by boklm

Status: needs_informationnew

Replying to weasel:

Hm.

Do we really want the python2 wsgi?

Ah, good point. As fp-central is python3, we want pytho3 wsgi. I think the package is libapache2-mod-wsgi-py3.

Does the server process really need write access to all of fpcentral's files?

After checking, it seems we don't need write access to fpcentral's files, so we can run the process as another user.

I also forgot that we need to install mongodb on the server, using package mongodb-server, and enable mongodb.service. The default mongodb configuration should be enough.

comment:4 Changed 21 months ago by gk

Keywords: TorBrowserTeam201801 added; TorBrowserTeam201712 removed

Moving tickets to 2018.

comment:5 Changed 21 months ago by weasel

Status: newneeds_review

Done something similar to that, please let me know if it's working.

We have the wsgi run as nobody.

btw, ideally you would install things into /srv/pcentral.tbb.torproject.org and leave ../home for dotfiles and stuff.

Please close if things work.

comment:6 in reply to:  5 Changed 21 months ago by boklm

Replying to weasel:

Done something similar to that, please let me know if it's working.

Thanks. It looks like it's working now.

btw, ideally you would install things into /srv/pcentral.tbb.torproject.org and leave ../home for dotfiles and stuff.

Ok. I deployed it again outside the home directory. Can you update the apache config to point to directory /srv/fpcentral.tbb.torproject.org/fpcentral and wsgi file /srv/fpcentral.tbb.torproject.org/fpcentral/fpcentral.wsgi ?

comment:7 Changed 21 months ago by weasel

Resolution: fixed
Status: needs_reviewclosed

done.

comment:8 Changed 21 months ago by gk

Sponsor: Sponsor4
Note: See TracTickets for help on using tickets.