Every so often I want to try something new… and with Tas learning python and flask, it looks like time to try and work out how to host flask projects on njoror.
Installing Flask on my machine is done by sudo apt-get install python-virtualenv
, I also installed mod_wsgi so I could use Apache Server to host and serve my flask stuff (apt-get install libapache2-mod-wsgi
).
My test space is flask.skippy.org.uk, I first set up https using my Sentora Let’s Encrypt VHost Generator, which gave me this for my vhost in Sentora:
# Redirect Permanent / https://flask.skippy.org.uk/ # when un commented, for some reason the above causes a # redirect loop, this makes me sad </VirtualHost> # DOMAIN: flask.skippy.org.uk:443 <VirtualHost *:443> ServerName flask.skippy.org.uk ServerAlias www.flask.skippy.org.uk ServerAdmin [email protected] DocumentRoot "/var/sentora/hostdata/philip/public_html/flask_skippy_org_uk" php_admin_value open_basedir "/var/sentora/hostdata/philip/public_html/flask_skippy_org_uk:/var/sentora/temp/" php_admin_value suhosin.executor.func.blacklist "passthru, show_source, shell_exec, system, pcntl_exec, popen, pclose, proc_open, proc_nice, proc_terminate, proc_get_status, proc_close, leak, apache_child_terminate, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, escapeshellcmd, escapeshellarg, exec" ErrorLog "/var/sentora/logs/domains/philip/flask.skippy.org.uk-error.log" CustomLog "/var/sentora/logs/domains/philip/flask.skippy.org.uk-access.log" combined CustomLog "/var/sentora/logs/domains/philip/flask.skippy.org.uk.log" common AddType application/x-httpd-php .php3 .php <Directory "/var/sentora/hostdata/philip/public_html/flask_skippy_org_uk"> Options +FollowSymLinks -Indexes AllowOverride All Require all granted </Directory> ErrorDocument 403 /_errorpages/403.html ErrorDocument 500 /_errorpages/500.html ErrorDocument 510 /_errorpages/510.html ErrorDocument 404 /_errorpages/404.html DirectoryIndex index.html index.htm index.php index.asp index.aspx index.jsp index.jspa index.shtml index.shtm SSLEngine on SSLProtocol all -SSLv2 -SSLv3 SSLCertificateFile /etc/letsencrypt/live/flask.skippy.org.uk/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/flask.skippy.org.uk/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/flask.skippy.org.uk/fullchain.pem
I don’t need www. so I removed line 8 (you will need to remove -d www.flask.skippy.org.uk
from the command to generate the keys).
I found Bob and asked his help at this point…
My Document root is /var/sentora/hostdata/philip/public_html/flask_skippy_org_uk
, changing folder into my document root I then ran virtualenv venv
to start the virtual environment you run . venv/bin/activate
, next you need to install Flask using pip install Flask
.
In my document root I removed all the standard Sentora files (I left let’s encrypt’s .well-known and the venv folder), and added a index.html containing it works!
.
Making a Flask App
My Flask app is called hello.py
, located in my document root and contains the following:
from flask import Flask app = Flask(__name__) @app.route('/') def hello_world(): return 'Hello Skippy!' if __name__ == '__main__': app.run(host='0.0.0.0', port=5000)
Creating a .wsgi file
My .wsgi (Bob said it was named whisky) file is called flask_skippy.wsgi
and contains
activate_this = '/var/sentora/hostdata/philip/public_html/flask_skippy_org_uk/venv/bin/activate_this.py' with open(activate_this) as file_: exec(file_.read(), dict(__file__=activate_this)) import sys sys.path.append('/var/sentora/hostdata/philip/public_html/flask_skippy_org_uk') from hello import app as application
Configuring Apache
My vhost now has the following added to the bottom (this is done in the Sentora VHost manager)
# Redirect Permanent / https://flask.skippy.org.uk/ # when un commented, for some reason the above causes a # redirect loop, this makes me sad </VirtualHost> # DOMAIN: flask.skippy.org.uk:443 <VirtualHost *:443> ServerName flask.skippy.org.uk ServerAlias www.flask.skippy.org.uk ServerAdmin [email protected] DocumentRoot "/var/sentora/hostdata/philip/public_html/flask_skippy_org_uk" WSGIDaemonProcess hello threads=5 WSGIScriptAlias / /var/sentora/hostdata/philip/public_html/flask_skippy_org_uk/flask_skippy.wsgi ErrorLog "/var/sentora/logs/domains/philip/flask.skippy.org.uk-error.log" CustomLog "/var/sentora/logs/domains/philip/flask.skippy.org.uk-access.log" combined CustomLog "/var/sentora/logs/domains/philip/flask.skippy.org.uk.log" common <Directory "/var/sentora/hostdata/philip/public_html/flask_skippy_org_uk"> WSGIProcessGroup hello WSGIApplicationGroup %{GLOBAL} WSGIScriptReloading On AllowOverride All Require all granted </Directory> SSLEngine on SSLProtocol all -SSLv2 -SSLv3 SSLCertificateFile /etc/letsencrypt/live/flask.skippy.org.uk/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/flask.skippy.org.uk/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/flask.skippy.org.uk/fullchain.pem
Now if you goto http://flask.skippy.org.uk you will get a file served by Apache, if you go to https://flask.skippy.org.uk it is Python and Flask, I can deal with this by abusing a .htaccess
file.
2 thoughts on “Sentora and Flask”
Is python secure on Sentora?
I know the main security on Sentora is done with suhosin, and because of that perl and c are insecure.
Python is set up only on trusted projects, I also now have node red on https://iot.skippy.org.uk for my own (ab)use.