This seems like a problem in web2py or mod_wsgi -- or else I am confused. Would appreciate any pointers from the experts.
I'm running web2py 1.99.7 on a Red Hat (RHEL 6) server using Apache 2.2.15 and mod_wsgi 3.3. This is all running on a small virtual server at Amazon Web Services. Since I don't want to open that box up to the world, I have been using ssh tunneling to allow processes on my local machine to connect to the AWS machine as if that is my local host. That is done via sshe command lines that look like this: ssh -i hs-test-000001.pem -L *:55080:localhost:80 -N root@107.21.240.172 & ssh -i hs-test-000001.pem -L *:55443:localhost:443 -N root@107.21.240.172 & The -L option has ssh create a listener on local port 55080 and forward all traffic to that port to IP address 107.21.240.172 / its localhost port 80. The second command line is the same for port 443 (https). This works well. I can open a browser on my local machine, type localhost:55080 in the address bar, and it does indeed connect with the remote server and serve up the Welcome app. (The AWS machine -- Apache and web2py -- function just as if the request came from that localhost. The response is the same if I use a prompt on the AWS host and run 'curl localhost:80'. It all checks out. So far so good. The problem has to do with how port numbers are interpreted on the AWS machine. Browsing locally to http://localhost:55080 worked fine, but https://localhost:55443 resulted in an error. After reading the error dump file and putting a little debug code in applications / admin / models / access.py, I could see the failure was caused by access.py trying to open a local password file 'parameters_55443.py'. And indeed, when I copied the existing parameters_443.py file and names the copy parameters_55443.py, everything worked -- https://localhost:55443/admin brought up the admin add as I had expected. I don't understand why the AWS web2py process would care about the port number from the client machine that initiated the request. More than that, I don't understand how web2py even knows what the port number from the client is, since supposedly that is all handled in the ssh client side / sshd server side process that ssh -L provides. To look further into this, I made a change in access.py to dump the entire 'request' structure to the Apache error log and paged through this. The port number 55443 shows up several times: -- 'HTTP_REFERER': 'https://localhost:55443/admin/default/site' -- 'SERVER_SIGNATURE': '<address>Apache/2.2.15 (Red Hat) Server at localhost Port 55443</address> -- 'SERVER_PORT': '55443' -- 'HTTP_HOST': 'localhost:55443' -- 'mod_wsgi.application_group': 'ip-10-114-191-91.ec2.internal:55443| This is concerning because it means I may need to create new / redundant parameters_*.py files for multiple port numbers on a production machine if we use multiple port numbers in the ssh -L bridging. More than that, it makes me wonder if there is something wrong with mod_wsgi or WSGI or how I have set them up -- and will this cause other problems. Does it make sense that Apache and web2py would be aware of / use the port number from the remote client when it is mapped to a local port? It seems like a bug to me. Thanks
