相關問題參考:
https://community.privacyidea.org/t/privacyidea-on-debian-12-500-internal-server-error-on-apache/3360/1
透過 Apache log 可看看出目前 mod_wsgi (Web Server Gateway Interface [Python])的版本為何?
如 Python 3.9 的 wsgi 4.7.1 另 Python 3.12 則為 4.9.4 ,如下 log 所示:
Apache/2.4.62 (Oracle Linux Server) OpenSSL/3.2.2 mod_auth_gssapi/1.6.3 mod_wsgi/4.7.1 Python/3.9 configured -- resuming normal operations
Apache/2.4.62 (Oracle Linux Server) OpenSSL/3.2.2 mod_auth_gssapi/1.6.3 mod_wsgi/4.9.4 Python/3.12 configured -- resuming normal operations
相關資訊可以透過 dnf info 取得
[root@Oracle9 conf.modules.d]# dnf info mod_wsgi
Last metadata expiration check: 1:33:33 ago on Sun 27 Apr 2025 10:55:14 AM CST.
Available Packages
Name : mod_wsgi
Version : 4.7.1
Release : 11.el9
Architecture : src
Size : 705 k
Source : None
Repository : ol9_appstream
Summary : A WSGI interface for Python web applications in Apache
URL : https://modwsgi.readthedocs.io/
License : ASL 2.0
Description : The mod_wsgi adapter is an Apache module that provides a WSGI compliant
: interface for hosting Python based web applications within Apache. The
: adapter is written completely in C code against the Apache C runtime and
: for hosting WSGI applications within Apache has a lower overhead than using
: existing WSGI adapters for mod_python or CGI.
[root@Oracle9 conf.modules.d]# dnf info python3.12-mod_wsgi
Last metadata expiration check: 1:34:08 ago on Sun 27 Apr 2025 10:55:14 AM CST.
Installed Packages
Name : python3.12-mod_wsgi
Version : 4.9.4
Release : 2.el9
Architecture : x86_64
Size : 1.1 M
Source : python3.12-mod_wsgi-4.9.4-2.el9.src.rpm
Repository : @System
From repo : ol9_appstream
Summary : A WSGI interface for Python web applications in Apache
URL : https://modwsgi.readthedocs.io/
License : ASL 2.0 and CC-BY
Description : The mod_wsgi adapter is an Apache module that provides a WSGI compliant
: interface for hosting Python based web applications within Apache. The
: adapter is written completely in C code against the Apache C runtime and
: for hosting WSGI applications within Apache has a lower overhead than using
: existing WSGI adapters for mod_python or CGI.
指定安裝
# dnf install python3.12-mod_wsgi.x86_64
切換作業系統所使用的 Python 版本.
[root@Oracle9 conf.modules.d]# alternatives --config python3
There are 2 programs which provide 'python3'.
Selection Command
-----------------------------------------------
*+ 1 /usr/bin/python3.12
2 /usr/bin/python3.11
Enter to keep the current selection[+], or type selection number:
[root@Oracle9 conf.modules.d]# python -V
Python 3.12.5
[root@Oracle9 conf.modules.d]# cat /opt/privacyidea/requirements.txt | more
#
# This file is autogenerated by pip-compile with Python 3.12
# by the following command:
#
# pip-compile --allow-unsafe --generate-hashes --output-file=requirements.txt
#
alembic==1.14.1 \
--hash=sha256:1acdd7a3a478e208b0503cd73614d5e4c6efafa4e73518bb60e4f2846a37b1c5 \
--hash=sha256:496e888245a53adf1498fcab31713a469c65836f8de76e01399aa1c3e90dd213
# via flask-migrate
.......
pip install
[privacyidea@Oracle9 ~]$ pip3 install mod_wsgi
Collecting mod_wsgi
Using cached mod_wsgi-5.0.2.tar.gz (498 kB)
Installing build dependencies ... done
Getting requirements to build wheel ... done
Preparing metadata (pyproject.toml) ... done
Building wheels for collected packages: mod_wsgi
Building wheel for mod_wsgi (pyproject.toml) ... done
Created wheel for mod_wsgi: filename=mod_wsgi-5.0.2-cp312-cp312-linux_x86_64.whl size=743647 sha256=539296f08235beaa861b605ab3957d6a9f06666a2eabb2895cc3b08e02934605
Stored in directory: /opt/privacyidea/.cache/pip/wheels/20/ff/89/b795934127969d1eb6a9edb07d8fc96f484e45e2b6e2f6736d
Successfully built mod_wsgi
Installing collected packages: mod_wsgi
Successfully installed mod_wsgi-5.0.2
==> mod_wsgi-py312.cpython-312-x86_64-linux-gnu.so
# cp mod_wsgi-py312.cpython-312-x86_64-linux-gnu.so /etc/httpd/modules/
# vi /etc/httpd/conf.modules.d/10-wsgi-python3.conf
[root@Oracle9 httpd]# cat /etc/httpd/conf.modules.d/10-wsgi-python3.conf
# NOTE: mod_wsgi_python3 can not coexist in the same apache process as
# mod_wsgi (python2). Only load if mod_wsgi is not already loaded.
<IfModule !wsgi_module>
#LoadModule wsgi_module modules/mod_wsgi_python3.so
LoadModule wsgi_module modules/mod_wsgi-py312.cpython-312-x86_64-linux-gnu.so
</IfModule>
Apache log
=> Apache/2.4.62 (Oracle Linux Server) OpenSSL/3.2.2 mod_auth_gssapi/1.6.3 mod_wsgi/5.0.2 Python/3.12 configured -- resuming normal operations
[root@Oracle9 httpd]#
PrivacyIDEA 整合 Apache + mod_wsgi 能否正常運行
要確定 Apache 內的 privacyidea.conf 是否正確.
# vi /etc/httpd/conf.d/privacyidea.conf
還有 privacyideaapp.wsgi 及 pi.cfg 內容設定及相關權限/目錄等等設定.
[root@Oracle9 conf.d]# vi /etc/privacyidea/privacyideaapp.wsgi
[root@Oracle9 conf.d]# cat /etc/privacyidea/privacyideaapp.wsgi
import sys
sys.stdout = sys.stderr
from privacyidea.app import create_app
application = create_app(config_name="production", config_file="/etc/privacyidea/pi.cfg")
[root@Oracle9 conf.d]# vi /etc/privacyidea/pi.cfg
[root@Oracle9 conf.d]# cat /etc/privacyidea/pi.cfg
import logging
# The realm, where users are allowed to login as administrators
SUPERUSER_REALM = ['super', 'administrators']
# Your database
SQLALCHEMY_DATABASE_URI = 'mysql+pymysql://pi_user:password@localhost/pi_db'
# This is used to encrypt the auth_token
# This is used to encrypt the admin passwords
# This is used to encrypt the token data and token passwords
PI_ENCFILE = '/etc/privacyidea/enckey'
# This is used to sign the audit log
PI_AUDIT_KEY_PRIVATE = '/etc/privacyidea/private.pem'
PI_AUDIT_KEY_PUBLIC = '/etc/privacyidea/public.pem'
PI_AUDIT_SQL_TRUNCATE = True
# The Class for managing the SQL connection pool
PI_ENGINE_REGISTRY_CLASS = "shared"
PI_AUDIT_POOL_SIZE = 20
#PI_LOGFILE = '/tmp/privacyidea.log'
PI_LOGFILE = '/var/log/privacyidea/privacyidea.log'
PI_LOGLEVEL = logging.INFO
PI_PEPPER = 'v9EW6gt1SGEHgpBQpznTmPtn'
SECRET_KEY = 'BnLflBoiKfc9HOJyFR2agAv9'
[root@Oracle9 conf.d]#
