can you please open an issue in google code so it is tracked. I do not think there an issue with wsgi but there may be one with access.py
On Wednesday, 23 May 2012 21:03:04 UTC-5, Chris wrote: > > This seems like a problem in web2py or mod_wsgi -- or else I am confused. > Would appreciate any pointers from the experts. > > I'm running web2py 1.99.7 on a Red Hat (RHEL 6) server using Apache 2.2.15 > and mod_wsgi 3.3. This is all running on a small virtual server at Amazon > Web Services. > > Since I don't want to open that box up to the world, I have been using ssh > tunneling to allow processes on my local machine to connect to the AWS > machine as if that is my local host. > > That is done via sshe command lines that look like this: > > ssh -i hs-test-000001.pem -L *:55080:localhost:80 -N root@107.21.240.172 & > ssh -i hs-test-000001.pem -L *:55443:localhost:443 -N root@107.21.240.172& > > The -L option has ssh create a listener on local port 55080 and forward > all traffic to that port to IP address 107.21.240.172 / its localhost port > 80. The second command line is the same for port 443 (https). > > This works well. I can open a browser on my local machine, type > localhost:55080 in the address bar, and it does indeed connect with the > remote server and serve up the Welcome app. (The AWS machine -- Apache and > web2py -- function just as if the request came from that localhost. The > response is the same if I use a prompt on the AWS host and run 'curl > localhost:80'. It all checks out. So far so good. > > The problem has to do with how port numbers are interpreted on the AWS > machine. Browsing locally to http://localhost:55080 worked fine, but > https://localhost:55443 resulted in an error. After reading the error > dump file and putting a little debug code in applications / admin / models > / access.py, I could see the failure was caused by access.py trying to open > a local password file 'parameters_55443.py'. And indeed, when I copied the > existing parameters_443.py file and names the copy parameters_55443.py, > everything worked -- https://localhost:55443/admin brought up the admin > add as I had expected. > > I don't understand why the AWS web2py process would care about the port > number from the client machine that initiated the request. More than that, > I don't understand how web2py even knows what the port number from the > client is, since supposedly that is all handled in the ssh client side / > sshd server side process that ssh -L provides. > > To look further into this, I made a change in access.py to dump the entire > 'request' structure to the Apache error log and paged through this. The > port number 55443 shows up several times: > > -- 'HTTP_REFERER': 'https://localhost:55443/admin/default/site' > -- 'SERVER_SIGNATURE': '<address>Apache/2.2.15 (Red Hat) Server at > localhost Port 55443</address> > -- 'SERVER_PORT': '55443' > -- 'HTTP_HOST': 'localhost:55443' > -- 'mod_wsgi.application_group': 'ip-10-114-191-91.ec2.internal:55443| > > This is concerning because it means I may need to create new / redundant > parameters_*.py files for multiple port numbers on a production machine if > we use multiple port numbers in the ssh -L bridging. > > More than that, it makes me wonder if there is something wrong with > mod_wsgi or WSGI or how I have set them up -- and will this cause other > problems. > > Does it make sense that Apache and web2py would be aware of / use the port > number from the remote client when it is mapped to a local port? > > It seems like a bug to me. > > Thanks >
