Every so often I want to try something new… and with Tas learning python and flask, it looks like time to try and work out how to host flask projects on njoror.
Installing Flask on my machine is done by sudo apt-get install python-virtualenv, I also installed mod_wsgi so I could use Apache Server to host and serve my flask stuff (apt-get install libapache2-mod-wsgi).
My test space is flask.skippy.org.uk, I first set up https using my Sentora Let’s Encrypt VHost Generator, which gave me this for my vhost in Sentora:
# Redirect Permanent / https://flask.skippy.org.uk/
# when un commented, for some reason the above causes a
# redirect loop, this makes me sad
</VirtualHost>
# DOMAIN: flask.skippy.org.uk:443
<VirtualHost *:443>
ServerName flask.skippy.org.uk
ServerAlias www.flask.skippy.org.uk
ServerAdmin [email protected]skippy.org.uk
DocumentRoot "/var/sentora/hostdata/philip/public_html/flask_skippy_org_uk"
php_admin_value open_basedir "/var/sentora/hostdata/philip/public_html/flask_skippy_org_uk:/var/sentora/temp/"
php_admin_value suhosin.executor.func.blacklist "passthru, show_source, shell_exec, system, pcntl_exec, popen, pclose, proc_open, proc_nice, proc_terminate, proc_get_status, proc_close, leak, apache_child_terminate, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, escapeshellcmd, escapeshellarg, exec"
ErrorLog "/var/sentora/logs/domains/philip/flask.skippy.org.uk-error.log"
CustomLog "/var/sentora/logs/domains/philip/flask.skippy.org.uk-access.log" combined
CustomLog "/var/sentora/logs/domains/philip/flask.skippy.org.uk.log" common
AddType application/x-httpd-php .php3 .php
<Directory "/var/sentora/hostdata/philip/public_html/flask_skippy_org_uk">
Options +FollowSymLinks -Indexes
AllowOverride All
Require all granted
</Directory>
ErrorDocument 403 /_errorpages/403.html
ErrorDocument 500 /_errorpages/500.html
ErrorDocument 510 /_errorpages/510.html
ErrorDocument 404 /_errorpages/404.html
DirectoryIndex index.html index.htm index.php index.asp index.aspx index.jsp index.jspa index.shtml index.shtm
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCertificateFile /etc/letsencrypt/live/flask.skippy.org.uk/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/flask.skippy.org.uk/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/flask.skippy.org.uk/fullchain.pem
I don’t need www. so I removed line 8 (you will need to remove -d www.flask.skippy.org.uk from the command to generate the keys).
I found Bob and asked his help at this point…
My Document root is /var/sentora/hostdata/philip/public_html/flask_skippy_org_uk, changing folder into my document root I then ran virtualenv venv to start the virtual environment you run . venv/bin/activate, next you need to install Flask using pip install Flask.
In my document root I removed all the standard Sentora files (I left let’s encrypt’s .well-known and the venv folder), and added a index.html containing it works!.
Making a Flask App
My Flask app is called hello.py, located in my document root and contains the following:
from flask import Flask
app = Flask(__name__)
@app.route('/')
def hello_world():
return 'Hello Skippy!'
if __name__ == '__main__':
app.run(host='0.0.0.0', port=5000)
Creating a .wsgi file
My .wsgi (Bob said it was named whisky) file is called flask_skippy.wsgi and contains
activate_this = '/var/sentora/hostdata/philip/public_html/flask_skippy_org_uk/venv/bin/activate_this.py'
with open(activate_this) as file_:
exec(file_.read(), dict(__file__=activate_this))
import sys
sys.path.append('/var/sentora/hostdata/philip/public_html/flask_skippy_org_uk')
from hello import app as application
Configuring Apache
My vhost now has the following added to the bottom (this is done in the Sentora VHost manager)
# Redirect Permanent / https://flask.skippy.org.uk/
# when un commented, for some reason the above causes a
# redirect loop, this makes me sad
</VirtualHost>
# DOMAIN: flask.skippy.org.uk:443
<VirtualHost *:443>
ServerName flask.skippy.org.uk
ServerAlias www.flask.skippy.org.uk
ServerAdmin [email protected]
DocumentRoot "/var/sentora/hostdata/philip/public_html/flask_skippy_org_uk"
WSGIDaemonProcess hello threads=5
WSGIScriptAlias / /var/sentora/hostdata/philip/public_html/flask_skippy_org_uk/flask_skippy.wsgi
ErrorLog "/var/sentora/logs/domains/philip/flask.skippy.org.uk-error.log"
CustomLog "/var/sentora/logs/domains/philip/flask.skippy.org.uk-access.log" combined
CustomLog "/var/sentora/logs/domains/philip/flask.skippy.org.uk.log" common
<Directory "/var/sentora/hostdata/philip/public_html/flask_skippy_org_uk">
WSGIProcessGroup hello
WSGIApplicationGroup %{GLOBAL}
WSGIScriptReloading On
AllowOverride All
Require all granted
</Directory>
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCertificateFile /etc/letsencrypt/live/flask.skippy.org.uk/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/flask.skippy.org.uk/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/flask.skippy.org.uk/fullchain.pem
Now if you goto http://flask.skippy.org.uk you will get a file served by Apache, if you go to https://flask.skippy.org.uk it is Python and Flask, I can deal with this by abusing a .htaccess file.
2 thoughts on “Sentora and Flask”
Is python secure on Sentora?
I know the main security on Sentora is done with suhosin, and because of that perl and c are insecure.
Python is set up only on trusted projects, I also now have node red on https://iot.skippy.org.uk for my own (ab)use.