Dear all,
I like web2py very much and I created my own application. However, I find
difficulties deploying web2py on Fedora 19. After my successful deployment,
I write a short document that may help others overcome the issues I had in
the deployment process.
I read the Fedora setup script
(http://web2py.googlecode.com/hg/scripts/setup-web2py-fedora.sh), and start
my document from the steps provided in it. This script itself does not work
out-of-box, which may due to the rapid development of Fedora. The most
tricky parts are firewall and SELinux. I searched online and find many
people complaining about SELinux configurations. I did not find any
successfully configured SELinux post for web2py. In most posts, people
disabled SELinux to get it simple. However, this is not recommended.
In my document, I have a separate section on troubleshooting, pointing out
the logs and the basic diagnoses.
I am posting the information here and I want it to be indexed by search
engines, so that others can find solutions to some issues.
I am glad if someone could merge some content of my document to the
official deployment recipe.
I am also glad if someone could help me to improve the document, or maybe
write it into a script.
Best,
Xiaokui
--
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
##
#
# web2py Deployment Guide on Fedora
#
# This document serves as the guide to deploy web2py on Fedora/RHEL/CentOS.
# It contains instructions which can be run directly in a shell. This document
# is written based on the older Fedora web2py deployment script, which can be
# gotten here: http://web2py.googlecode.com/hg/scripts/setup-web2py-fedora.sh
#
# Distribution Tested: Fedora 19
# Target Web Server: Apahce 2.4
#
# Update: 2013/08/28
#
# Author: Xiaokui
# Auhtor (setup-web2py-fedora.sh): berubejd
#
##
###
### Step/Phase List
###
# Please change to root using "su" or "sudo -i"
# 1.Install packages for web2py and web server
# 2.Fetch and install web2py
# 3.Configure SELinux
# 4.Configure firewallD/iptables
# 5.Create a self signed ssl certificate
# 6.Configure Apache
# 7.Setup web2py applications
# 8.Troubleshooting
###
### Phase 1: Install packages for web2py and web server
###
# Verify packages are up to date
yum update
# Install required packages
yum install httpd mod_ssl mod_wsgi wget python checkpolicy policycoreutils
policycoreutils-devel
###
### Phase 2 - Fetch and install web2py
###
# Need to pick up a directory to hold web2py
# web2py can be put in the default web server directory: /var/www/html/
# "cd" to the holding directory and download web2py
wget http://web2py.com/examples/static/web2py_src.zip
unzip web2py_src.zip
# apache is the default httpd (apache) user and group name
chown -R apache:apache web2py
###
### Phase 3 - Configure SELinux
###
# SELinux is on by default
# Disabling it solves the issue, but it is not recommended
# Two things needs to be done
# 3.1 set context (like privilege and ownership in normal Linux)
# The path may needs to be changed due to the deployment directory
chcon -R -t httpd_user_content_t /var/www/html/*
# 3.2 create SELinux policy
mkdir /tmp/web2py
cd /tmp/web2py
# create a file named wsgi.te, fill it with content between ""
module wsgi 1.0;
require {
type urandom_device_t;
type httpd_t;
type tmp_t;
class file { write open };
class chr_file write;
class process execmem;
}
#= httpd_t ==
allow httpd_t tmp_t:file { write open };
allow httpd_t urandom_device_t:chr_file write;
allow httpd_t self:process execmem;
# generate modules for SELinux and install the module
checkmodule -M -m -o wsgi.mod wsgi.te
semodule_package -o wsgi.pp -m wsgi.mod
semodule -i wsgi.pp
###
### Phase 4 - Configure firewallD/iptables
###
# Fedora 18 and later uses firewallD by default
# Use "systemctl" to find whether you are running firewallD or iptables
### If you are using firewallD
# firewall-cmd [--zone=] --add-port=[-]/
firewall-cmd --add-port 80/tcp
firewall-cmd --add-port 443/tcp
### If you are using iptables
# It is assumed that you replace firewallD with iptables and
# you are familar with iptables rules
# You need two new rules to access port 80 (http) and 443 (https)
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
# The chain "INPUT" may need to be changed according to your configuraion
# If you edit file "/etc/sysconfig/iptables", you need to restart iptables
systemctl restart iptables.service
###
### Phase