On Sun, Jun 10, 2012 at 11:20 AM, Anthony <abasta...@gmail.com> wrote: > Aside from the built-in Rocket server (which is primarily intended for > development), web2py doesn't have any control over the server so can't > generally restart your server -- so you should be able to rely on the fact > that reloading routes will not be achieved by restarting the server.
Hmmm, OK. That wasn't clear to me from that part of The Book. > No, admin (including reloading routes) can be made available on a production > server -- you just have to access it via HTTPS. This should be fine for > production. That's one way to go, but I was following the example from http://web2py.com/books/default/chapter/29/13 An easy way to setup a secure production environment on a server is to first stop web2py and then remove all the parameters_*.py files from the web2py installation folder. Then start web2py without a password. This will completely disable admin and appadmin. 1. nohup python web2py --nogui -p 8001 -i 127.0.0.1 -a '' & Next, start a second web2py instance accessible only from localhost: 1. nohup python web2py --nogui -p 8002 -i 127.0.0.1 -a '<ask>' & and create an SSH tunnel from the local machine (the one from which you wish to access the administrative interface) to the server (the one where web2py is running, example.com), using: 1. ssh -L 8002:127.0.0.1:8002 usern...@example.com Now you can access the administrative interface locally via the web browser at localhost:8002. > What's the potential problem? Changing the symlink either points to the new > app or it doesn't -- if it does, you should be good to go. I have no idea from reading the docs if it should be safe, or not. For all I know if I happen to change the symbolic link at the wrong time, web2py will traverse the path 'in the middle of something important' and end up in a different application than it was before (projectX links to projectX2011 and I get "luck" and switch the link to projectX2012 at just the wrong moment). You're asking me to already tell you what could go wrong. I'm asking for some help to know whether or not using symlinks is safe. I'm not a core developer, I've just been using web2py for a few weeks and so far as I know, The Book is what I am supposed to rely on to figure out how web2py works and how to use it. What the code does today doesn't help. I'm running the stable release for a reason, because I don't want to have to track all the commits to figure out if my server environment in production is making some assumption(s) based 'on reading the code' that just happen to be accidents of implementation and not design goals to be preserved as the project evolves. At this point, it would be great if there could be a little content added to the book, just after the only existing reference to symbolic links: Symbolic links can be used to alias application names, but web2py does not guarantee that it is safe to move symbolic links while the server is running. (In contrast, using the admin interface 'reload routes' button is guaranteed to be safe (i.e. not affect any operations 'in flight' when it is activated)). Thanks, --Doug
