Saturday, October 11, 2014

Nginx + fastcgi/wsgi

Python web application normally should use wsgi as interface, but nginx only support fascgi, scgi,uwsgi and no wsgi support.

flup is python library which could convert your wsgi application into fastcgi server. Since it is a library, you don't need to setup other extra standalone application. flup could hep to set up fastcgi through Unix socket domain or TCP port. It is also support scgi. webpy could use flup directly.
app = web.application(urls,locals())
if __name__ == '__main__':
#web.wsgi.runwsgi = lambda func, addr=None: web.wsgi.runfcgi(func, addr) for unix socket domain
#web.wsgi.runwsgi = lambda func, addr="/tmp/test.sock": web.wsgi.runfcgi(func, addr) for Tcp port
#web.wsgi.runwsgi = lambda func, addr=("localhost",7070): web.wsgi.runfcgi(func, addr) used with spawn-fcgi
app.run()
different addr could be config as different fastcgi behavior. app.run() just simply refer to web.wsgi.runwsgi.

uwsgi needs to be isntalled if you want use wsgi + nginx. I don't see webpy could support uwsgi protocal directly.

Wednesday, October 08, 2014

https build with nginx + startssl

startssl provide free ssl certification. I have updated my website with https connection.

first step is to apply a ssl certifciation on startsll. Please notice there is no username/passwd to login startsll website instead of certification on your browser which is installed by startssl. second is to follow website to fill personal information, validation your email and produce private key. private key (ssl.key) is not stored in startsll server, but it will download to your computer. Then you need to wait for sometimes to fetch public key (ssl.crt) and retrieve it from "Retrieve Certificate" in Toolbox.

second step is to configure nginx to use ssl.key and ssl.crt, see this link for detail. You also could use this website to check if any problem

Last thing needs to notice is firewall configuration on your server. Please open 443 port and remove other un-necessory configuration rule for 443. Previously I forwarded 443 to 8080 for shadowsocks and it toke me long time to find that is root caused for my https connection failure