我正在使用apache httpd来服务我的python应用程序。使用二进制可执行命令inginious-webapp,应用程序在独立模式下完美运行。 MongoDB也可以正常工作。
但是在通过Apache HTTPD
提供服务时出现问题当我浏览网站时,我收到500错误。这是error_log
[Wed Jun 14 06:00:20.113043 2017] [wsgi:error] [pid 1194] [client 125.99.159.82:29947] pymongo.errors.ServerSelectionTimeoutError: localhost:27017: [Errno 13] Permission denied, referer: http://<my_domain>.eastus.cloudapp.azure.com/
为mongodb添加了apache - &gt; usermod -aG mongodb apache
将所有者更改为apache - &gt; chown -R apache:apache /var/www/INGInious
# Default config till here. Changes follows
Include conf.modules.d/*.conf
#
# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch.
#
# User/Group: The name (or #number) of the user/group to run httpd as.
# It is usually good practice to create a dedicated user and group for
# running httpd, as with most system services.
#
User apache
Group apache
LoadModule wsgi_module /usr/lib64/python3.5/site-packages/mod_wsgi/server/mod_wsgi-py35.cpython-35m-x86_64-linux-gnu.so
WSGIScriptAlias / "/usr/bin/inginious-webapp"
WSGIScriptReloading On
Alias /static/common /usr/lib/python3.5/site-packages/inginious/frontend/common/static/
Alias /static/webapp /usr/lib/python3.5/site-packages/inginious/frontend/webapp/static/
Alias /static/lti /usr/lib/python3.5/site-packages/inginious/frontend/lti/static/
# 'Main' server configuration
#
# The directives in this section set up the values used by the 'main'
# server, which responds to any requests that aren't handled by a
# <VirtualHost> definition. These values also provide defaults for
# any <VirtualHost> containers you may define later in the file.
#
# All of these directives may appear inside <VirtualHost> containers,
# in which case these default settings will be overridden for the
# virtual host being defined.
#
#
# ServerAdmin: Your address, where problems with the server should be
# e-mailed. This address appears on some server-generated pages, such
# as error documents. e.g. admin@your-domain.com
#
ServerAdmin root@localhost
#
# ServerName gives the name and port that the server uses to identify itself.
# This can often be determined automatically, but we recommend you specify
# it explicitly to prevent problems during startup.
#
# If your host doesn't have a registered DNS name, enter its IP address here.
#
ServerName http://<my_domain>.eastus.cloudapp.azure.com:80
#
# Deny access to the entirety of your server's filesystem. You must
# explicitly permit access to web content directories in other
# <Directory> blocks below.
#
<Directory />
AllowOverride none
Require all denied
</Directory>
#
# Note that from this point forward you must specifically allow
# particular features to be enabled - so if something's not working as
# you might expect, make sure that you have specifically enabled it
# below.
#
<Directory "/usr/bin">
<Files "inginious-webapp">
Require all granted
</Files>
</Directory>
<DirectoryMatch "/usr/lib/python3.5/site-packages/inginious/frontend/(.+)/static/">
Require all granted
</DirectoryMatch>
# Rest Unchanged
答案 0 :(得分:0)
我遇到了同样的问题,经过一段时间的努力,我发现在我使用的虚拟机上启用了selinux。
如果发生这种情况,您也启用了selinux(http://www.microhowto.info/howto/determine_whether_selinux_is_enabled.html),要解决此问题,您需要允许httpd进程发出网络请求。您可以通过执行以下操作来执行此操作:
sudo /usr/sbin/setsebool -P httpd_can_network_connect 1
然后重新启动apache服务。
不幸的是,当INGInious尝试连接到docker守护程序时,您很可能会遇到另一个障碍。要解决此问题,您需要创建一个本地策略模块。然后,本地策略模块将允许INGInious连接到docker守护程序。我建议安装sealert。这可以通过运行:
sudo yum install setroubleshoot setools
如果您使用的是CentOS(可能还有RedHat)。一旦安装了sealert run:
sealert -a /var/log/audit/audit.log
这将为您提供有关selinux阻止的操作的一些信息。如果您浏览日志,您将看到httpd被拒绝访问docker守护程序的套接字。有可能会为您提供有关如何为httpd生成本地策略模块的一些说明。使用CentOS,我必须运行:
ausearch -c 'httpd' --raw | audit2allow -M my-httpd
semodule -i my-httpd.pp
如果ausearch返回错误,表明/etc/selinux/targeted/contexts/files/file_contexts.local不存在,只需运行:
sudo touch /etc/selinux/targeted/contexts/files/file_contexts.local