Astra Linux 1.6
mod_wsgi 4.5
python 3.5
ALD

конфиг апача:

<VirtualHost *:80>
ServerAdmin webmaster@localhost
ServerName server.domain.name
DocumentRoot /var/www/html/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

WSGIDaemonProcess app python-path=/home/administrator/Work/PycharmProjects/FapRosgvard/:/home/administrator/Work/PycharmProjects/FapRosgvard/venv/lib/python3.5/site-packages
WSGIProcessGroup app
WSGIScriptAlias / /home/administrator/Work/PycharmProjects/FapRosgvard/fap_wsgi.wsgi

<Directory /home/administrator/Work/PycharmProjects/FapRosgvard/>
AuthType Kerberos
KrbAuthRealms ASTRA. NTC
KrbServiceName HTTP/q.astra.ntc
Krb5Keytab /etc/apache2/keytab
KrbMethodNegotiate on KrbMethodK5Passwd off
require valid-user

RequestHeader set MYMACLABEL «%m:%c»

KrbSaveCredentials on
#AddHandler cgi-script .py
Options +ExecCGI
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn

CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

Когда пользователь пытается войти — ошибка Permission deny. Т. к сокет создается от имени www-data c группой root.
Если выдавать права доступа на сокет 777 — проблема уходит, ровно до того момента пока апач не перезагружаем.

решение предложенное здесь никак не помогло: lab50.net/questions/question/apache-%d1%81-wsgi-%d0%bf%d0%be%d0%b4-ald/

Борюсь с этой ошибкой уже очень долго. После удаления WSGIDaemonProcess апач стал падать с ошибкой 500, нигде в логах причина не отображается. я и WSGIPythonPath прописывал, и все папки и файлы администратора понижал в правах chmod 777. Пробовал пересобирать mod_wsgi со строкой #define MTM_ITK, ничего не решает проблему. на данный момент костылю — после рестарта сервера разрешаю доступ к сокету всем и вся. но это не дело, как заставить Apache работать вместе с mod_wsgi на астре

    редакт.
    mod_wsgi системный? – Администрация
    одинаковое поведение что на скаченном с репозитория астры, что на собранном из исходников, на данный момент стоит из репозитория – putigr
    0

    Рекомендуем использовать системный mod_wsgi

    Удалить WSGIDaemonProcess

    Удалить WSGIProcessGroup app

    И можно использовать просто <Directory />:

    <Directory />
    AuthType Kerberos
    Krb5Keytab XXX
    KrbServiceName YYY
    KrbMethodNegotiate on KrbMethodK5Passwd off
    Require valid-user
    AllowOverride None

    Order allow, deny
    Allow from all
    Require all granted
    </Directory>

      Ваше предложение не решило проблему, аналогично моему конфигу - при отключении DeamonProcess - не может найти модули питона, после того как прописываю WSGIPythonPath (пробовал прописывать в site-availible над , в apache2.conf, а так же в конфиге модуля wsgi.conf) сайт падает с ошибкой 500, а логи (error.log) не отображают вообще ничего по этой проблеме, кроме как информацию что сервер перезапущен (вызванную командой systemctl restart apache2) логи доступа (acess.log) показывают какой юзер из домена пытался долбится на сайт – putigr
      Включите логи на DEBUG, посмотрим. – Администрация
      0

      [Thu Nov 28 14:40:01.611 403 2019] [mpm_prefork:notice] [pid 948] AH00163: Apache/2.4.25 (AstraLinuxSE) mod_auth_kerb/5.4 mod_wsgi/4.5.11 Python/3.5 configured -- resuming normal operations
      [Thu Nov 28 14:40:01.686 712 2019] [core:notice] [pid 948] AH00094: Command line: '/usr/sbin/apache2'
      [Thu Nov 28 14:41:57.772 222 2019] [mpm_prefork:notice] [pid 948] AH00169: caught SIGTERM, shutting down
      [Thu Nov 28 14:41:57.850 639 2019] [mpm_prefork:notice] [pid 1400] AH00163: Apache/2.4.25 (AstraLinuxSE) mod_auth_kerb/5.4 mod_wsgi/4.5.11 Python/3.5 configured -- resuming normal operations
      [Thu Nov 28 14:41:57.852 012 2019] [core:notice] [pid 1400] AH00094: Command line: '/usr/sbin/apache2'
      [Thu Nov 28 14:42:22.463 160 2019] [core:debug] [pid 1404] request. c (290): astra_mode — set process caps, unshare
      [Thu Nov 28 14:42:22.463 423 2019] [core:debug] [pid 1404] request. c (401): astra_mode — disable without auth
      [Thu Nov 28 14:42:22.463 446 2019] [auth_kerb:debug] [pid 1404] src/mod_auth_kerb.c (2155): [client 192.168.122.69:37 290] kerb_authenticate_user entered with user (NULL) and auth_type Kerberos
      [Thu Nov 28 14:42:22.494 081 2019] [core:debug] [pid 1404] request. c (290): astra_mode — set process caps, unshare
      [Thu Nov 28 14:42:22.494 140 2019] [core:debug] [pid 1404] request. c (401): astra_mode — disable without auth
      [Thu Nov 28 14:42:22.494 151 2019] [auth_kerb:debug] [pid 1404] src/mod_auth_kerb.c (2155): [client 192.168.122.69:37 290] kerb_authenticate_user entered with user (NULL) and auth_type Kerberos
      [Thu Nov 28 14:42:22.494 172 2019] [auth_kerb:debug] [pid 1404] src/mod_auth_kerb.c (1483): [client 192.168.122.69:37 290] Acquiring creds for HTTP/q.astra.ntc
      [Thu Nov 28 14:42:22.495 312 2019] [auth_kerb:debug] [pid 1404] src/mod_auth_kerb.c (1906): [client 192.168.122.69:37 290] Verifying client data using KRB5 GSS-API
      [Thu Nov 28 14:42:22.495 857 2019] [auth_kerb:debug] [pid 1404] src/mod_auth_kerb.c (1922): [client 192.168.122.69:37 290] Client delegated us their credential
      [Thu Nov 28 14:42:22.495 872 2019] [auth_kerb:debug] [pid 1404] src/mod_auth_kerb.c (1941): [client 192.168.122.69:37 290] GSS-API token of length 22 bytes will be sent back
      [Thu Nov 28 14:42:22.499 159 2019] [authz_core:debug] [pid 1404] mod_authz_core.c (809): [client 192.168.122.69:37 290] AH01626: authorization result of Require valid-user: granted
      [Thu Nov 28 14:42:22.499 187 2019] [authz_core:debug] [pid 1404] mod_authz_core.c (809): [client 192.168.122.69:37 290] AH01626: authorization result of <RequireAny>: granted
      [Thu Nov 28 14:42:22.499 247 2019] [core:debug] [pid 1404] core. c (4678): astra_mode — core_switch_user
      [Thu Nov 28 14:42:22.512 084 2019] [core:debug] [pid 1404] config. c (442): astra_mode — get user name
      [Thu Nov 28 14:42:22.512 150 2019] [core:debug] [pid 1404] request. c (290): astra_mode — set process caps, unshare
      [Thu Nov 28 14:42:22.512 160 2019] [core:debug] [pid 1404] request. c (401): astra_mode — disable without auth
      [Thu Nov 28 14:42:22.512 167 2019] [auth_kerb:debug] [pid 1404] src/mod_auth_kerb.c (2155): [client 192.168.122.69:37 290] kerb_authenticate_user entered with user (NULL) and auth_type Kerberos
      [Thu Nov 28 14:42:22.512 180 2019] [auth_kerb:debug] [pid 1404] src/mod_auth_kerb.c (2093): [client 192.168.122.69:37 290] matched previous auth request
      [Thu Nov 28 14:42:22.512 187 2019] [authz_core:debug] [pid 1404] mod_authz_core.c (809): [client 192.168.122.69:37 290] AH01626: authorization result of Require valid-user: granted
      [Thu Nov 28 14:42:22.512 191 2019] [authz_core:debug] [pid 1404] mod_authz_core.c (809): [client 192.168.122.69:37 290] AH01626: authorization result of <RequireAny>: granted
      [Thu Nov 28 14:42:22.512 208 2019] [core:debug] [pid 1404] core. c (4678): astra_mode — core_switch_user
      [Thu Nov 28 14:42:22.552 398 2019] [wsgi:info] [pid 1404] [client 192.168.122.69:37 290] mod_wsgi (pid=1404, process='', application='server.domain.name|'): Loading WSGI script '/home/administrator/Work/PycharmProjects/FapRosgvard/fap_wsgi.wsgi'.
      [Thu Nov 28 14:42:23.317 293 2019] [wsgi:debug] [pid 1404] src/server/mod_wsgi.c (2348): [client 192.168.122.69:37 290] mod_wsgi (pid=1404): Client closed connection.
      [Thu Nov 28 14:42:23.417 155 2019] [core:debug] [pid 1401] request. c (290): astra_mode — set process caps, unshare
      [Thu Nov 28 14:42:23.417 473 2019] [core:debug] [pid 1401] request. c (401): astra_mode — disable without auth
      [Thu Nov 28 14:42:23.417 502 2019] [auth_kerb:debug] [pid 1401] src/mod_auth_kerb.c (2155): [client 192.168.122.69:37 294] kerb_authenticate_user entered with user (NULL) and auth_type Kerberos
      [Thu Nov 28 14:42:23.429 282 2019] [core:debug] [pid 1401] request. c (290): astra_mode — set process caps, unshare
      [Thu Nov 28 14:42:23.429 344 2019] [core:debug] [pid 1401] request. c (401): astra_mode — disable without auth
      [Thu Nov 28 14:42:23.429 355 2019] [auth_kerb:debug] [pid 1401] src/mod_auth_kerb.c (2155): [client 192.168.122.69:37 294] kerb_authenticate_user entered with user (NULL) and auth_type Kerberos
      [Thu Nov 28 14:42:23.429 379 2019] [auth_kerb:debug] [pid 1401] src/mod_auth_kerb.c (1483): [client 192.168.122.69:37 294] Acquiring creds for HTTP/q.astra.ntc
      [Thu Nov 28 14:42:23.430 064 2019] [auth_kerb:debug] [pid 1401] src/mod_auth_kerb.c (1906): [client 192.168.122.69:37 294] Verifying client data using KRB5 GSS-API
      [Thu Nov 28 14:42:23.430 696 2019] [auth_kerb:debug] [pid 1401] src/mod_auth_kerb.c (1922): [client 192.168.122.69:37 294] Client delegated us their credential
      [Thu Nov 28 14:42:23.430 714 2019] [auth_kerb:debug] [pid 1401] src/mod_auth_kerb.c (1941): [client 192.168.122.69:37 294] GSS-API token of length 22 bytes will be sent back
      [Thu Nov 28 14:42:23.435 052 2019] [authz_core:debug] [pid 1401] mod_authz_core.c (809): [client 192.168.122.69:37 294] AH01626: authorization result of Require valid-user: granted
      [Thu Nov 28 14:42:23.435 071 2019] [authz_core:debug] [pid 1401] mod_authz_core.c (809): [client 192.168.122.69:37 294] AH01626: authorization result of <RequireAny>: granted
      [Thu Nov 28 14:42:23.435 132 2019] [core:debug] [pid 1401] core. c (4678): astra_mode — core_switch_user
      [Thu Nov 28 14:42:23.439 925 2019] [core:debug] [pid 1401] config. c (442): astra_mode — get user name
      [Thu Nov 28 14:42:23.439 997 2019] [core:debug] [pid 1401] request. c (290): astra_mode — set process caps, unshare
      [Thu Nov 28 14:42:23.440 008 2019] [core:debug] [pid 1401] request. c (401): astra_mode — disable without auth
      [Thu Nov 28 14:42:23.440 015 2019] [auth_kerb:debug] [pid 1401] src/mod_auth_kerb.c (2155): [client 192.168.122.69:37 294] kerb_authenticate_user entered with user (NULL) and auth_type Kerberos
      [Thu Nov 28 14:42:23.440 037 2019] [auth_kerb:debug] [pid 1401] src/mod_auth_kerb.c (2093): [client 192.168.122.69:37 294] matched previous auth request
      [Thu Nov 28 14:42:23.440 044 2019] [authz_core:debug] [pid 1401] mod_authz_core.c (809): [client 192.168.122.69:37 294] AH01626: authorization result of Require valid-user: granted
      [Thu Nov 28 14:42:23.440 049 2019] [authz_core:debug] [pid 1401] mod_authz_core.c (809): [client 192.168.122.69:37 294] AH01626: authorization result of <RequireAny>: granted
      [Thu Nov 28 14:42:23.440 066 2019] [core:debug] [pid 1401] core. c (4678): astra_mode — core_switch_user
      [Thu Nov 28 14:42:23.477 622 2019] [wsgi:info] [pid 1401] [client 192.168.122.69:37 294] mod_wsgi (pid=1401, process='', application='server.domain.name|'): Loading WSGI script '/home/administrator/Work/PycharmProjects/FapRosgvard/fap_wsgi.wsgi'.
      [Thu Nov 28 14:42:23.892 456 2019] [wsgi:debug] [pid 1401] src/server/mod_wsgi.c (2348): [client 192.168.122.69:37 294] mod_wsgi (pid=1401): Client closed connection.

      Логи на DEBUG

        ×

        выполните вход

        Задан

        Просмотрен

        232 раза

        Ответы

        1 ответа

        Подписано

        1 подписался

        Обсужден