Sentora and Flask

Every so often I want to try something new… and with Tas learning python and flask, it looks like time to try and work out how to host flask projects on njoror.

Installing Flask on my machine is done by sudo apt-get install python-virtualenv, I also installed mod_wsgi so I could use Apache Server to host and serve my flask stuff (apt-get install libapache2-mod-wsgi).

My test space is flask.skippy.org.uk, I first set up https using my Sentora Let’s Encrypt VHost Generator, which gave me this for my vhost in Sentora:

#    Redirect Permanent / https://flask.skippy.org.uk/
# when un commented, for some reason the above causes a
# redirect loop, this makes me sad
&lt;/VirtualHost&gt;

# DOMAIN:  flask.skippy.org.uk:443
&lt;VirtualHost *:443&gt;
    ServerName flask.skippy.org.uk
    ServerAlias www.flask.skippy.org.uk
    ServerAdmin [email protected]

    DocumentRoot "/var/sentora/hostdata/philip/public_html/flask_skippy_org_uk"
    php_admin_value open_basedir "/var/sentora/hostdata/philip/public_html/flask_skippy_org_uk:/var/sentora/temp/"
    php_admin_value suhosin.executor.func.blacklist "passthru, show_source, shell_exec, system, pcntl_exec, popen, pclose, proc_open, proc_nice, proc_terminate, proc_get_status, proc_close, leak, apache_child_terminate, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, escapeshellcmd, escapeshellarg, exec"
    ErrorLog "/var/sentora/logs/domains/philip/flask.skippy.org.uk-error.log"
    CustomLog "/var/sentora/logs/domains/philip/flask.skippy.org.uk-access.log" combined
    CustomLog "/var/sentora/logs/domains/philip/flask.skippy.org.uk.log" common
    AddType application/x-httpd-php .php3 .php
    &lt;Directory "/var/sentora/hostdata/philip/public_html/flask_skippy_org_uk"&gt;
        Options +FollowSymLinks -Indexes
        AllowOverride All
        Require all granted
    &lt;/Directory&gt;
    ErrorDocument 403 /_errorpages/403.html
    ErrorDocument 500 /_errorpages/500.html
    ErrorDocument 510 /_errorpages/510.html
    ErrorDocument 404 /_errorpages/404.html
    DirectoryIndex index.html index.htm index.php index.asp index.aspx index.jsp index.jspa index.shtml index.shtm

    SSLEngine on
    SSLProtocol all -SSLv2 -SSLv3
    SSLCertificateFile /etc/letsencrypt/live/flask.skippy.org.uk/cert.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/flask.skippy.org.uk/privkey.pem
    SSLCertificateChainFile /etc/letsencrypt/live/flask.skippy.org.uk/fullchain.pem

I don’t need www. so I removed line 8 (you will need to remove -d www.flask.skippy.org.uk from the command to generate the keys).

I found Bob and asked his help at this point…

My Document root is /var/sentora/hostdata/philip/public_html/flask_skippy_org_uk, changing folder into my document root I then ran virtualenv venv to start the virtual environment you run . venv/bin/activate, next you need to install Flask using pip install Flask.

In my document root I removed all the standard Sentora files (I left let’s encrypt’s .well-known and the venv folder), and added a index.html containing it works!.

Making a Flask App

My Flask app is called hello.py, located in my document root and contains the following:

from flask import Flask
app = Flask(__name__)

@app.route('/')
def hello_world():
return 'Hello Skippy!'

if __name__ == '__main__':
app.run(host='0.0.0.0', port=5000)

Creating a .wsgi file

My .wsgi (Bob said it was named whisky) file is called flask_skippy.wsgi and contains

activate_this = '/var/sentora/hostdata/philip/public_html/flask_skippy_org_uk/venv/bin/activate_this.py'
with open(activate_this) as file_:
exec(file_.read(), dict(__file__=activate_this))

import sys

sys.path.append('/var/sentora/hostdata/philip/public_html/flask_skippy_org_uk')

from hello import app as application

Configuring Apache

My vhost now has the following added to the bottom (this is done in the Sentora VHost manager)

#    Redirect Permanent / https://flask.skippy.org.uk/
# when un commented, for some reason the above causes a
# redirect loop, this makes me sad
</VirtualHost>

# DOMAIN:  flask.skippy.org.uk:443
<VirtualHost *:443>
    ServerName flask.skippy.org.uk
    ServerAlias www.flask.skippy.org.uk
    ServerAdmin [email protected]

    DocumentRoot "/var/sentora/hostdata/philip/public_html/flask_skippy_org_uk"
    
    WSGIDaemonProcess hello threads=5
    WSGIScriptAlias / /var/sentora/hostdata/philip/public_html/flask_skippy_org_uk/flask_skippy.wsgi

    ErrorLog "/var/sentora/logs/domains/philip/flask.skippy.org.uk-error.log"
    CustomLog "/var/sentora/logs/domains/philip/flask.skippy.org.uk-access.log" combined
    CustomLog "/var/sentora/logs/domains/philip/flask.skippy.org.uk.log" common

    <Directory "/var/sentora/hostdata/philip/public_html/flask_skippy_org_uk">
        WSGIProcessGroup hello
        WSGIApplicationGroup %{GLOBAL}
        WSGIScriptReloading On
        AllowOverride All
        Require all granted
    </Directory>

    SSLEngine on
    SSLProtocol all -SSLv2 -SSLv3
    SSLCertificateFile /etc/letsencrypt/live/flask.skippy.org.uk/cert.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/flask.skippy.org.uk/privkey.pem
    SSLCertificateChainFile /etc/letsencrypt/live/flask.skippy.org.uk/fullchain.pem

Now if you goto http://flask.skippy.org.uk you will get a file served by Apache, if you go to https://flask.skippy.org.uk it is Python and Flask, I can deal with this by abusing a .htaccess file.

2 thoughts on “Sentora and Flask”

Ron-e
2016-12-03, 18:44

Is python secure on Sentora?
I know the main security on Sentora is done with suhosin, and because of that perl and c are insecure.

Loading...

Reply
Skippy Post author
2016-12-03, 20:24

Python is set up only on trusted projects, I also now have node red on https://iot.skippy.org.uk for my own (ab)use.

Loading...

Reply

Sentora and Flask

Making a Flask App

Creating a .wsgi file

Configuring Apache

Like this:

Like this:

Like this:

Like this:

Like this:

Leave a Reply Cancel reply

2 thoughts on “Sentora and Flask”