|
Size: 2443
Comment:
|
Size: 4092
Comment: Added startup script and appropriate cron jobs with k5start (and minor other things)
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 6: | Line 6: |
| I have an apache instance with mod_python running for http://www.siebengang.net/ . |
In the following example an individual apache setup with [http://www.modpython.org/ mod_python] is described (as BenjaminHell does it for http://www.siebengang.net/). |
| Line 9: | Line 8: |
| == Apache setup and startup == | = Apache setup and startup = |
| Line 12: | Line 11: |
| mire reboots. Take a cron job like | mire reboots. In case the webserver process should crash, apache should be started again, too. The following shell script checks if apache is running and starts it if not (adjust the environment variables in the beginning accordingly): |
| Line 15: | Line 14: |
| @reboot run-in-pagsh --fg ~/apache2/bin/apachectl start | #!/bin/sh HOME=/afs/hcoop.net/user/...path to your home dir... # Adjust this!!! SERVERROOT=$HOME/apache2 # The server root directory PIDFILE=$SERVERROOT/logs/httpd.pid # Process PID gets stored here HTTPD=$SERVERROOT/bin/httpd # The httpd executable K5START="k5start -qtU -f /etc/keytabs/user.daemon/USER" # Adjust this!!! # This is needed for mod_python export PYTHONPATH="/afs/hcoop.net/user/b/be/beni/python" if (test -f $PIDFILE); then #if ($K5START -- test `ls $PIDFILE`); then PID=`cat $PIDFILE 2> /dev/null` kill -0 $PID 2> /dev/null if (test $? -ne 0); then $K5START -b -- $HTTPD -d $SERVERROOT -DFOREGROUND else exit 0 fi else $K5START -b -- $HTTPD -d $SERVERROOT -DFOREGROUND fi exit 0 |
| Line 18: | Line 40: |
| as a starting point. === Port issues === Your httpd must be configured so that it listens on a dedicated port, the standard port 80 won't work. There used to be a hcoop procedure to get access to a free port. Right. On Fyodor, we used to have a firewall setup where it was necessary to request a port for yourself so you can bind to it. We *currently* do not have this restriction on Mire, but plans for re-using the same firewall setup we had are underway. So please use the Members Portal to submit a Port request on page https://members.hcoop.net/portal/ip , so that when we enable the firewall and binding restrictions, we automatically leave the ports open for you. I got 8880 (and 8881 for another httpd) and have this in my httpd.conf: |
Save the script in a place like {{{$HOME/bin}}} and use cron to execute this script after reboots and every now and then to check if apache is still up and running (adjust capitalized parts): |
| Line 39: | Line 43: |
| Listen 8880 | @reboot k5start -qtU -f /etc/keytabs/user.daemon/USER -- PATH_TO_SCRIPT 0-59/5 * * * * k5start -qtU -f /etc/keytabs/user.daemon/USER -- PATH_TO_SCRIPT |
| Line 42: | Line 47: |
| === mod_python specials === I just discovered the following lines in my httpd.conf, too. I think they are necessary for mod_python to function properly (my mod_python and some more modules are installed in ~/python/mod_python): |
== Port issues == Your httpd must be configured so that it listens on a dedicated port. The standard port 80 won't work. We currently have no restriction on which users can listen on which ports above 1024, but we plan to implement a firewall soon, similar to what we had on our old server fyodor. So please submit a firewall rule request on [https://members.hcoop.net/portal/sec the portal's security settings page], so that when we enable the firewall and binding restrictions, we know to leave the ports open for you. Put a line like this into {{{httpd.conf}}} to configure apache so that it listens on this port only: {{{ Listen 8880 # Whatever port number you got }}} == mod_python specials == Apache needs to know where in the Python path to look for mod_python. You need to add the mod_python location to your PythonPath in {{{httpd.conf}}}: |
| Line 49: | Line 61: |
| PythonPath "sys.path + ['/afs/hcoop.net/user/b/be/beni/python']" | PythonPath "sys.path + ['/afs/hcoop.net/WHEREVER_MOD_PYTHON_IS_INSTALLED']" |
| Line 53: | Line 65: |
| == domtool config == | = domtool config = |
| Line 58: | Line 70: |
| the domtool setup for me this looks like | the domtool setup for http://www.siebengang.net/ this looks like |
| Line 63: | Line 75: |
| web "www" with | web "www" with |
| Line 72: | Line 84: |
| == AFS problem == You may be interested in an AFS related problem I have encountered and not been able to solve yet: https://bugzilla.hcoop.net/show_bug.cgi?id=291 |
= Possible AFS problems = In our AFS environment apache has to be started through k5start to get the right file permissions. However, as a default, httpd detaches from its parent process after the completed startup. This would make it impossible for k5start to renew AFS tickets for the process. The {{{-DFOREGROUND}}} option prevents apache from doing so, and with {{{-b}}} k5start can take care of the backgrounding instead. If you do not consider this, you may run into "permission denied" problems (see Bugzilla [https://bugzilla.hcoop.net/show_bug.cgi?id=291 bug 291]). |
This page describes how to run your own apache HTTP daemon, for example if you have special needs regarding apache modules etc.
In the following example an individual apache setup with [http://www.modpython.org/ mod_python] is described (as BenjaminHell does it for http://www.siebengang.net/).
1. Apache setup and startup
Get a working apache/mod_python installation (in your home dir), and set up a startup procedure, so that cron starts your daemon when mire reboots. In case the webserver process should crash, apache should be started again, too. The following shell script checks if apache is running and starts it if not (adjust the environment variables in the beginning accordingly):
HOME=/afs/hcoop.net/user/...path to your home dir... # Adjust this!!!
SERVERROOT=$HOME/apache2 # The server root directory
PIDFILE=$SERVERROOT/logs/httpd.pid # Process PID gets stored here
HTTPD=$SERVERROOT/bin/httpd # The httpd executable
K5START="k5start -qtU -f /etc/keytabs/user.daemon/USER" # Adjust this!!!
# This is needed for mod_python
export PYTHONPATH="/afs/hcoop.net/user/b/be/beni/python"
if (test -f $PIDFILE); then
#if ($K5START -- test `ls $PIDFILE`); then
PID=`cat $PIDFILE 2> /dev/null`
kill -0 $PID 2> /dev/null
if (test $? -ne 0); then
$K5START -b -- $HTTPD -d $SERVERROOT -DFOREGROUND
else
exit 0
fi
else
$K5START -b -- $HTTPD -d $SERVERROOT -DFOREGROUND
fi
exit 0Save the script in a place like $HOME/bin and use cron to execute this script after reboots and every now and then to check if apache is still up and running (adjust capitalized parts):
@reboot k5start -qtU -f /etc/keytabs/user.daemon/USER -- PATH_TO_SCRIPT 0-59/5 * * * * k5start -qtU -f /etc/keytabs/user.daemon/USER -- PATH_TO_SCRIPT
1.1. Port issues
Your httpd must be configured so that it listens on a dedicated port. The standard port 80 won't work. We currently have no restriction on which users can listen on which ports above 1024, but we plan to implement a firewall soon, similar to what we had on our old server fyodor. So please submit a firewall rule request on [https://members.hcoop.net/portal/sec the portal's security settings page], so that when we enable the firewall and binding restrictions, we know to leave the ports open for you.
Put a line like this into httpd.conf to configure apache so that it listens on this port only:
Listen 8880 # Whatever port number you got
1.2. mod_python specials
Apache needs to know where in the Python path to look for mod_python. You need to add the mod_python location to your PythonPath in httpd.conf:
<IfModule mod_python.c>
PythonPath "sys.path + ['/afs/hcoop.net/WHEREVER_MOD_PYTHON_IS_INSTALLED']"
</IfModule
2. domtool config
Next you need "port forwarding" of http requests for your domain to your own httpd (so that you don't need to use addresses like http://www.siebengang.net:8880/index.html, but http://www.siebengang.net/index.html gets "mapped" to port 8880). In the domtool setup for http://www.siebengang.net/ this looks like
domain "siebengang.net" with
(* NS/DNS/Mail stuff omitted *)
web "www" with
proxyPass "/" "http://localhost:8880/";
proxyPassReverse "/" "http://localhost:8880/";
end;
end;That should be about all you need...
3. Possible AFS problems
In our AFS environment apache has to be started through k5start to get the right file permissions. However, as a default, httpd detaches from its parent process after the completed startup. This would make it impossible for k5start to renew AFS tickets for the process. The -DFOREGROUND option prevents apache from doing so, and with -b k5start can take care of the backgrounding instead.
If you do not consider this, you may run into "permission denied" problems (see Bugzilla [https://bugzilla.hcoop.net/show_bug.cgi?id=291 bug 291]).