Develop Reference

mkcert certificate not works on local ip adress

I'm trying to convert my app to PWA and I need to use https on localhost on my raspberrypi 4 and can be reached using 192.168.0.2 on LAN
Certificate seems to be not valid and I don't understand what I'm missing.
All command are executed as root user and all steps are from GitHub official page
mkcert -install
mkcert 192.168.80.2
Using the local CA at "/root/.local/share/mkcert" ✨
Created a new certificate valid for the following names �
- "192.168.0.2"
The certificate is at "./192.168.0.2.pem" and the key at "./192.168.0.2-key.pem" ✅
mv 192.168.0.2-key.pem /etc/apache2/ssl/192.168.0.2-key.pem
mv 192.168.0.2.pem /etc/apache2/ssl/192.168.0.2.pem
ls -l /etc/apache2/sites-enabled
lrwxrwxrwx 1 root root 29 Jul 21 16:34 hiker.conf -> ../sites-available/hiker.conf
sites-available/hiker.conf
<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
ServerName 192.168.0.2
ServerAdmin webmaster#localhost
DocumentRoot /var/www
Alias /hiker /var/www/hiker/public
<Directory /var/www/hiker/public>
AllowOverride All
Order Allow,Deny
Allow from All
</Directory>
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerName 192.168.0.2
ServerAdmin webmaster#localsite.test
DocumentRoot /var/www
Alias /hiker /var/www/hiker/public
<Directory /var/www/hiker/public>
AllowOverride All
Order Allow,Deny
Allow from All
</Directory>
ErrorLog ${APACHE_LOG_DIR}/localsite-error.log
CustomLog ${APACHE_LOG_DIR}/localsite-access.log combined
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/192.168.0.2.pem
SSLCertificateKeyFile /etc/apache2/ssl/192.168.0.2-key.pem
</VirtualHost>
</IfModule>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
apachectl configtest
Syntax OK
service apache2 restart

I found the solution thank to #SteffenUllrich.
I order to import CA into windows 10 follow steps described here "make-computer-trust-certificate-authority"
I can now make tests to convert my app to PWA

How to run FastAPI on apache2?

I've developed an api using fastapi that will act as a wrapper that receives sms requests and call the sms api to send said sms and now I'm ready to deploy it. This is the code:
import logging
import uvicorn
from fastapi import FastAPI, HTTPException
from pydantic import BaseModel
from fastapi.middleware.trustedhost import TrustedHostMiddleware
import verifier
logging.basicConfig(
format='%(asctime)s - %(funcName)s - %(levelname)s - %(message)s',
level=logging.INFO
)
# get logger
logger = logging.getLogger(__name__)
bot_verifier = None
class DataForBot(BaseModel):
number: str
msg_txt: str
def get_application():
app = FastAPI(title='bot_wrapper', version="1.0.0")
return app
app = get_application()
#app.on_event("startup")
async def startup_event():
global bot_verifier
try:
bot_verifier = await verifier.Verifier.create()
except Exception as e:
logger.error(f"exception occured during bot creation -- {e}", exc_info=True)
#app.post('/telegram_sender/')
async def send_telegram_msg(data_for_bot: DataForBot):
global bot_verifier
if not bot_verifier:
bot_verifier = await verifier.Verifier.create()
else:
dict_data = data_for_bot.dict()
try:
if await bot_verifier.send_via_telegram(dict_data):
return {'status': "success", 'data': data_for_bot}
else:
raise HTTPException(status_code=404, detail="unable to send via telegram, perhaps user has not started the bot")
except Exception as e:
logger.error(f"{e}", exc_info=True)
raise HTTPException(status_code=500, detail="Something went wrong, please contact server admin")
I want to deploy it on apache b/c it's the only thing I can get my hand onto in my country. I'm using python3.8.9 with fastapi version 0.65.2 and apache/2.4.29, but for the life of me I can't get it to work. I've written an apache conf file and enabled that as such:
<VirtualHost *:80>
ServerName gargarsa.sms.local
ServerAdmin webmaster#localhost
ServerAlias gargarsa.sms.local
DocumentRoot /var/www/verify_bot_api/
ServerAlias gargarsa.sms.local
<Directory /var/www/verify_bot_api/src/app/>
Order deny,allow
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/gargarsa.sms.local-error.log
LogLevel debug
CustomLog ${APACHE_LOG_DIR}/gargarsa.sms.local-access.log combined
</VirtualHost>
but no avail.
I tried running gunicorn via a screen session but I couldn't access it either.
I tried running it programmatically as such but no avail:
if __name__ == "__main__":
uvicorn.run(app, host="0.0.0.0", port=8000)
I understand this is a very broad way to ask, but I'm truly stumped.
How do I run an api built using fastapi on Apache2?
Thank you for your assistance.

Just incase anybody else stumbles on here, this is what I did and this is how it worked for me.
This came about b/c there was not a lot of information on the web -- that I could find -- in regards
to deploying fastapi on linux -- specifically ubuntu 18.04.4 -- with apache2
and no other things. When I say no other thing, I mean docker, caddy, or
whatever of the sorts.
The usual things must be done before hand, these are:
create the db the api will use
install the virtual environment
install the necessary dependencies from requirements.txt
either scp or clone from github the production code of the api
place the production code of the api in the /var/www/
you can use gunicorn to be the actual server while apache is a reverse proxy that can connect you to it (remember to cd into the actual directory that contains the module 1st also to use screen with it)
set up apache2 as a reverse proxy by "a2enmod proxy proxy_ajp proxy_http rewrite deflate headers proxy_balancer proxy_connect proxy_html"
actually type up the server conf file and enable it (sample provided at the bottom)
ALLWAYS MAKE BACKUPS
Reference: https://www.vioan.eu/blog/2016/10/10/deploy-your-flask-python-app-on-ubuntu-with-apache-gunicorn-and-systemd/
Functioning Sample apache conf file:
<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerName server-name
ServerAdmin webmaster#localhost
ServerAlias server-alias
#DocumentRoot /document/root/
<Proxy *>
AuthType none
AuthBasicAuthoritative Off
SetEnv proxy-chain-auth On
Order allow,deny
Allow from all
</Proxy>
ProxyPass / http://127.0.0.1:port/
ProxyPassReverse / http://127.0.0.1:port/
#ProxyPass /api http://127.0.0.1:port/api
#ProxyPassReverse /api http://127.0.0.1:port/api
<Directory /document/root/>
Order deny,allow
Allow from all
</Directory>
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/server-error.log
LogLevel debug
CustomLog ${APACHE_LOG_DIR}/server-access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
</VirtualHost>
To run the actual api:
gunicorn api:app -w 1 -k uvicorn.workers.UvicornWorker -b "127.0.0.1:port"
Edit: I have not placed any security mechanism at all here

WSGI servers is not compatible with FastAPI, FastAPI only runs in ASGI server, gunicorn and all the other WSGI servers just implements PEP Standards with ASGI workers in depth they still work as ASGI with the workers.

This site can’t be reached after installing WSL2 and apache2

I updated my WSL1 to WSL2 and install
ubuntu 20.04,
Apache2 and
php8
Now visiting localhost will display the Apache2 Ubuntu Default Page
Next I create a conf file on /etc/apache2/sites-available/items.test.conf containing
<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
ServerName items.test
ServerAdmin admin#items.test
DocumentRoot /mnt/c/www/path/to/public
<Directory /mnt/c/www/path/to/public/>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
run sudo a2ensite items.test.conf and sudo service apache2 reload. Next open host with notepad with administrator, and added 127.0.0.1 items.test
Visiting the site locally items.test give me this message
This site can’t be reached
What am I missing in this, spend 24hrs tweaking and no luck

After digging another few hours I found the answer, update host file with such a like:
127.0.0.1 test.tld
::1 test.tld
Source: https://github.com/microsoft/WSL/issues/4347

How to change default document root (www) and cgi-bin to home directory?

I am currently trying out some CGI programming tutorials in C++ in my ubuntu 14 and I have freshly installed apache2 (sudo apt-get install apache2) and it installed properly. http://localhost returned a successful responce and also default document root in var/www/html/ and cgi-bin in /usr/lib/cgi-bin/. The problem is both directories doesn't have permission to write to it and also I don't want to work in those directories. I want to change my default document root to /home/user/www/html/ and cgi-bin inside '/home/user/www/cgi-bin/' because it can be easily accessed.
Searching returned this solution to edit this file
/etc/apache2/sites-available/000-default.conf
my current content is this
<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerAdmin webmaster#localhost
DocumentRoot /var/www/html
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
I changed default document root from DocumentRoot /var/www/html to DocumentRoot /home/user/www/html and changed file here also /etc/apache2/apache2.conf [user is our system username]
from
<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
to
<Directory /home/user/www/>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
and restarted the server sudo service apache2 restart. I then added a small index file (index.html) to /home/user/www/html
<html>
<body>
hello world
</body>
</html>
But when I tried to access through html http://localhost it returned 403 forbidden error.
Forbidden
You don't have permission to access / on this server.
Apache/2.4.7 (Ubuntu) Server at localhost Port 80
What is causing this error and now how should I also change cgi-bin directory?
EDIT 1: also tried this method but still not working.
EDIT 2: Still I cant solve my problem so I am providing here the content of /etc/apache2/apache2.conf`
# This is the main Apache server configuration file. It contains the
# configuration directives that give the server its instructions.
# See http://httpd.apache.org/docs/2.4/ for detailed information about
# the directives and /usr/share/doc/apache2/README.Debian about Debian specific
# hints.
#
#
# Summary of how the Apache 2 configuration works in Debian:
# The Apache 2 web server configuration in Debian is quite different to
# upstream's suggested way to configure the web server. This is because Debian's
# default Apache2 installation attempts to make adding and removing modules,
# virtual hosts, and extra configuration directives as flexible as possible, in
# order to make automating the changes and administering the server as easy as
# possible.
# It is split into several files forming the configuration hierarchy outlined
# below, all located in the /etc/apache2/ directory:
#
# /etc/apache2/
# |-- apache2.conf
# | `-- ports.conf
# |-- mods-enabled
# | |-- *.load
# | `-- *.conf
# |-- conf-enabled
# | `-- *.conf
# `-- sites-enabled
# `-- *.conf
#
#
# * apache2.conf is the main configuration file (this file). It puts the pieces
# together by including all remaining configuration files when starting up the
# web server.
#
# * ports.conf is always included from the main configuration file. It is
# supposed to determine listening ports for incoming connections which can be
# customized anytime.
#
# * Configuration files in the mods-enabled/, conf-enabled/ and sites-enabled/
# directories contain particular configuration snippets which manage modules,
# global configuration fragments, or virtual host configurations,
# respectively.
#
# They are activated by symlinking available configuration files from their
# respective *-available/ counterparts. These should be managed by using our
# helpers a2enmod/a2dismod, a2ensite/a2dissite and a2enconf/a2disconf. See
# their respective man pages for detailed information.
#
# * The binary is called apache2. Due to the use of environment variables, in
# the default configuration, apache2 needs to be started/stopped with
# /etc/init.d/apache2 or apache2ctl. Calling /usr/bin/apache2 directly will not
# work with the default configuration.
# Global configuration
#
#
# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
#
# NOTE! If you intend to place this on an NFS (or otherwise network)
# mounted filesystem then please read the Mutex documentation (available
# at <URL:http://httpd.apache.org/docs/2.4/mod/core.html#mutex>);
# you will save yourself a lot of trouble.
#
# Do NOT add a slash at the end of the directory path.
#
#ServerRoot "/etc/apache2"
#
# The accept serialization lock file MUST BE STORED ON A LOCAL DISK.
#
Mutex file:${APACHE_LOCK_DIR} default
#
# PidFile: The file in which the server should record its process
# identification number when it starts.
# This needs to be set in /etc/apache2/envvars
#
PidFile ${APACHE_PID_FILE}
#
# Timeout: The number of seconds before receives and sends time out.
#
Timeout 300
#
# KeepAlive: Whether or not to allow persistent connections (more than
# one request per connection). Set to "Off" to deactivate.
#
KeepAlive On
#
# MaxKeepAliveRequests: The maximum number of requests to allow
# during a persistent connection. Set to 0 to allow an unlimited amount.
# We recommend you leave this number high, for maximum performance.
#
MaxKeepAliveRequests 100
#
# KeepAliveTimeout: Number of seconds to wait for the next request from the
# same client on the same connection.
#
KeepAliveTimeout 5
# These need to be set in /etc/apache2/envvars
User ${APACHE_RUN_USER}
Group ${APACHE_RUN_GROUP}
#
# HostnameLookups: Log the names of clients or just their IP addresses
# e.g., www.apache.org (on) or 204.62.129.132 (off).
# The default is off because it'd be overall better for the net if people
# had to knowingly turn this feature on, since enabling it means that
# each client request will result in AT LEAST one lookup request to the
# nameserver.
#
HostnameLookups Off
# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a <VirtualHost>
# container, error messages relating to that virtual host will be
# logged here. If you *do* define an error logfile for a <VirtualHost>
# container, that host's errors will be logged there and not here.
#
ErrorLog ${APACHE_LOG_DIR}/error.log
#
# LogLevel: Control the severity of messages logged to the error_log.
# Available values: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the log level for particular modules, e.g.
# "LogLevel info ssl:warn"
#
LogLevel warn
# Include module configuration:
IncludeOptional mods-enabled/*.load
IncludeOptional mods-enabled/*.conf
# Include list of ports to listen on
Include ports.conf
# Sets the default security model of the Apache2 HTTPD server. It does
# not allow access to the root filesystem outside of /usr/share and /var/www.
# The former is used by web applications packaged in Debian,
# the latter may be used for local directories served by the web server. If
# your system is serving content from a sub-directory in /srv you must allow
# access here, or in any related virtual host.
<Directory />
Options FollowSymLinks
AllowOverride None
Require all denied
</Directory>
<Directory /usr/share>
AllowOverride None
Require all granted
</Directory>
<Directory /home/user/www/html>
Options Indexes FollowSymLinks
AllowOverride None
#AllowOverride All
Require all granted
</Directory>
#<Directory /srv/>
# Options Indexes FollowSymLinks
# AllowOverride None
# Require all granted
#</Directory>
# AccessFileName: The name of the file to look for in each directory
# for additional configuration directives. See also the AllowOverride
# directive.
#
AccessFileName .htaccess
#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<FilesMatch "^\.ht">
Require all denied
</FilesMatch>
#
# The following directives define some format nicknames for use with
# a CustomLog directive.
#
# These deviate from the Common Log Format definitions in that they use %O
# (the actual bytes sent including headers) instead of %b (the size of the
# requested file), because the latter makes it impossible to detect partial
# requests.
#
# Note that the use of %{X-Forwarded-For}i instead of %h is not recommended.
# Use mod_remoteip instead.
#
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %O" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
# Include of directories ignores editors' and dpkg's backup files,
# see README.Debian for details.
# Include generic snippets of statements
IncludeOptional conf-enabled/*.conf
# Include the virtual host configurations:
IncludeOptional sites-enabled/*.conf
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
EDIT 3: This is the error log of apache2
[core:error] [pid 16536:tid 139636399695616] (13)Permission denied:
[client 127.0.0.1:46221] AH00035: access to / denied (filesystem path
'/home/user/www') because search permissions are missing on a
component of the path
So I tried to change the permission of my directory and files using chmod +x,644,755 etc.
result of namei -m /home/user/www/html/index.html
drwxr-xr-x /
drwxr-xr-x home
drwx------ user
drwxr-xr-x www
drwxr-xr-x html

I am using Linux Mint 17.1 which is a Ubuntu derivative. I have Apache2 installed by default. In my /etc/apache2 directory I have apache2.conf with the following directive:
# Include module configuration:
IncludeOptional mods-enabled/*.load
IncludeOptional mods-enabled/*.conf
All this does is tell Apache2 to "include" the configuration directives found in the various files under the /etc/apache2/mods-enabled directory. When I look in the mods-enabled directory, I find a bunch of symlinks to files in the /etc/apache2/mods-available/ directory. For each module Apache2 has been told to load, there are two symlinks: [module].conf and [module].load.
What you need is to enable the userdir module. On my machine I was able to do this simply by creating a symlink in the mods-enabled directory to /etc/apache2/mods-available/userdir.conf and userdir.load, then restarting the server. After that I was able to put a basic index.html in /home/user/public_html/ and surf to http://localhost/~user/ to see it in action.
If your apache2 isn't configured using modules loaded in separate directories this way, you can also try adding the userdir directives directly into apache2.conf. This is what they contain on my machine:
<IfModule mod_userdir.c>
UserDir public_html
UserDir disabled root
<Directory /home/*/public_html>
AllowOverride FileInfo AuthConfig Limit Indexes
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
<Limit GET POST OPTIONS>
Require all granted
</Limit>
<LimitExcept GET POST OPTIONS>
Require all denied
</LimitExcept>
</Directory>
</IfModule>
There are some security concerns with this configuration you should be aware of, so I would strongly encourage looking over the userdir documentation here: http://httpd.apache.org/docs/2.4/howto/public_html.html

Change document root folder of Apache web server on Linux

My PC is windows 8.1 and Linux mint 16 dual boot pc.I created Local web server on Linux Mint.It's document root is "/var/www".But all my projects are located on a NTFS partion which i mount to linux and use(/media/randika/HardDisk/Works/Lab).I need to make a symbolic link to projects folder or change document root of Apache server.How can i do it?`
My 000-default.conf file located in sites-available folder
<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerAdmin webmaster#localhost
DocumentRoot /var/www
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

Just change inside your Virtualhost
DocumentRoot /var/www
to
DocumentRoot /media/randika/HardDisk/Works/Lab
and add the rights on the new directory
<Directory "/media/randika/HardDisk/Works/Lab">
Order Allow,Deny
Allow from all
Options Indexes
AllowOverride AuthConfig
</Directory>
And restart Apache for reload the configuration

Fixed it.when mounting a partition, linux automatically sets permissions for all files and directories in that partition.Permissions cannot change after mounted.Therefore Unmounted the partition,changed umask value to 022 in etc/fstab and created a symbolic link.Everything works fine.