From cb8ce3160afd963cec6186e535232275d9930b3c Mon Sep 17 00:00:00 2001
From: Wojtek Kosior <koszko@koszko.org>
Date: Wed, 27 Apr 2022 11:45:18 +0200
Subject: fix/improve wsgi deployment

---
 doc/examples/hydrilla.example.com.tls.conf | 33 ++++++++++++++++++++++++++++--
 1 file changed, 31 insertions(+), 2 deletions(-)

(limited to 'doc/examples/hydrilla.example.com.tls.conf')

diff --git a/doc/examples/hydrilla.example.com.tls.conf b/doc/examples/hydrilla.example.com.tls.conf
index e9d241f..357ecb3 100644
--- a/doc/examples/hydrilla.example.com.tls.conf
+++ b/doc/examples/hydrilla.example.com.tls.conf
@@ -10,6 +10,8 @@
 # /etc/apache2/sites-available/ or similar. Then, enable it using the following
 # command:
 #    a2ensite hydrilla.example.com.tls
+# You also need to install and enable the wsgi module for Apache if you haven't
+# already (e.g. with libapache2-mod-wsgi-py3 Debian package).
 # The new configuration will only take effect after you restart/reload Apache2
 # daemon.
 
@@ -39,17 +41,43 @@
     DocumentRoot /var/lib/hydrilla/malcontent
 
     <Directory /var/lib/hydrilla/malcontent >
-      Require all granted
+      <IfVersion < 2.4>
+        Order allow,deny
+        Allow from all
+      </IfVersion>
+      <IfVersion >= 2.4>
+        Require all granted
+      </IfVersion>
     </Directory>
 
     <Directory ~ "^/var/lib/hydrilla/malcontent/(resource|mapping)/" >
       ForceType application/json
     </Directory>
 
+    # Make Apache2 automatically pick up the new version of the wsgi script when
+    # it gets written. This line will fail if you don't have mod_wsgi installed
+    # and enabled.
     WSGIScriptReloading On
 
+    # The default configuration of mod_wsgi on most *nix systems is to run wsgi
+    # scripts in so-called embedded mode. The following 2 lines instruct Apache
+    # to instead run our wsgi script in a daemon process which makes it more
+    # flexible and reliable. Here we also set environment variables that are
+    # needed to tell Python that the system supports UTF-8 encoding.
+    # Feel free to modify the arguments to WSGIDaemonProcess according to your
+    # needs:
+    # https://modwsgi.readthedocs.io/en/develop/user-guides/quick-configuration-guide.html#delegation-to-daemon-process
+    WSGIDaemonProcess hydrilla.example.com lang='C.UTF-8' locale='C.UTF-8'
+    WSGIProcessGroup hydrilla.example.com
+
     <Directory /var/lib/hydrilla/wsgi >
-      Require all granted
+      <IfVersion < 2.4>
+        Order allow,deny
+        Allow from all
+      </IfVersion>
+      <IfVersion >= 2.4>
+        Require all granted
+      </IfVersion>
     </Directory>
 
     WSGIScriptAliasMatch "^/((resource|mapping)/[^/]+[.]json|query)$" "/var/lib/hydrilla/wsgi/hydrilla.wsgi/$1"
@@ -57,6 +85,7 @@
     ErrorLog ${APACHE_LOG_DIR}/error.log
     CustomLog ${APACHE_LOG_DIR}/access.log combined
 
+    # Change the paths to point to your actual certificate files.
     SSLEngine on
     SSLCertificateFile          /etc/letsencrypt/live/example.com/cert.pem
     SSLCertificateKeyFile       /etc/letsencrypt/live/example.com/privkey.pem
-- 
cgit v1.2.3