os.makedirs 导致 Amazon AWS Ubuntu 实例上出现 OSError
os.makedirs leads to OSError on Amazon AWS Ubuntu instance
在 Ubuntu AWS 实例上,我试图在设置 Apache 后设置 Flask 服务。
在 /var/www/html/myApp/ 中,我有这些文件,其中包括:
myApp.py
myApp.wsgi
这里是myApp.wsgi的内容:
import sys
sys.path.insert(0, '/var/www/html/myApp')
from myApp import app as application
这里是/etc/apache2/sites-enabled/000-default.conf的内容:
<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
WSGIDaemonProcess charter threads=5
WSGIScriptAlias / /var/www/html/myApp/myApp.wsgi
<Directory flaskapp>
WSGIProcessGroup myApp
WSGIApplicationGroup %{GLOBAL}
Order deny,allow
Allow from all
</Directory>
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
</VirtualHost>
在 myApp.py 中,我有一些代码可以创建一个目录:
if not os.path.exists("dir"):
os.makedirs("dir")
但是当我将浏览器导航到 http://MY-UBUNTU-EC2-ADDRESS.compute-1.amazonaws.com/myApp/ 时,它 returns 出现了 500 错误。
当我在 /var/log/apache2/error.log 查看错误日志时,我看到了这些行:
[Mon Aug 14 22:57:06.346698 2017] [:error] [pid 6641:tid 139812646708992] [client IP-ADDRESS-REMOVED:48792] mod_wsgi (pid=6641): Target WSGI script '/var/www/html/myApp/myApp.wsgi' cannot be loaded as Python module.
[Mon Aug 14 22:57:06.346734 2017] [:error] [pid 6641:tid 139812646708992] [client IP-ADDRESS-REMOVED:48792] mod_wsgi (pid=6641): Exception occurred processing WSGI script '/var/www/html/myApp/myApp.wsgi'.
[Mon Aug 14 22:57:06.346750 2017] [:error] [pid 6641:tid 139812646708992] [client IP-ADDRESS-REMOVED:48792] Traceback (most recent call last):
[Mon Aug 14 22:57:06.346768 2017] [:error] [pid 6641:tid 139812646708992] [client IP-ADDRESS-REMOVED:48792] File "/var/www/html/myApp/myApp.wsgi", line 4, in <module>
[Mon Aug 14 22:57:06.346791 2017] [:error] [pid 6641:tid 139812646708992] [client IP-ADDRESS-REMOVED:48792] from myApp import app as application
[Mon Aug 14 22:57:06.346797 2017] [:error] [pid 6641:tid 139812646708992] [client IP-ADDRESS-REMOVED:48792] File "/var/www/html/myApp/myApp.py", line 12, in <module>
[Mon Aug 14 22:57:06.346806 2017] [:error] [pid 6641:tid 139812646708992] [client IP-ADDRESS-REMOVED:48792] os.makedirs(graphicsFiles)
[Mon Aug 14 22:57:06.346811 2017] [:error] [pid 6641:tid 139812646708992] [client IP-ADDRESS-REMOVED:48792] File "/usr/lib/python2.7/os.py", line 157, in makedirs
[Mon Aug 14 22:57:06.346820 2017] [:error] [pid 6641:tid 139812646708992] [client IP-ADDRESS-REMOVED:48792] mkdir(name, mode)
[Mon Aug 14 22:57:06.346837 2017] [:error] [pid 6641:tid 139812646708992] [client IP-ADDRESS-REMOVED:48792] OSError: [Errno 13] Permission denied: 'dir'
我需要更改什么才能确保我的应用程序有权创建目录或文件?
您不能使用相对路径名,也不能使用 Apache 用户无法写入的目录。请参阅文档:
- http://modwsgi.readthedocs.io/en/develop/user-guides/application-issues.html#application-working-directory
- http://modwsgi.readthedocs.io/en/develop/user-guides/application-issues.html#access-rights-of-apache-user
你的Apache配置也是错误的。
<Directory flaskapp>
WSGIProcessGroup myApp
WSGIApplicationGroup %{GLOBAL}
Order deny,allow
Allow from all
</Directory>
在此处使用 flaskapp 作为 Directory 的参数是不正确的。该参数应该是 WSGI 脚本文件所在的目录。
<Directory /var/www/html/myApps>
WSGIProcessGroup myApp
WSGIApplicationGroup %{GLOBAL}
Order deny,allow
Allow from all
</Directory>
另一个问题是将源代码放在 DocumentRoot 指定的目录下是不好的做法。如果您在 Apache 配置中出错,人们可能会下载您的源代码,可能包括源代码中的任何配置机密。
在 Ubuntu AWS 实例上,我试图在设置 Apache 后设置 Flask 服务。
在 /var/www/html/myApp/ 中,我有这些文件,其中包括:
myApp.py
myApp.wsgi
这里是myApp.wsgi的内容:
import sys
sys.path.insert(0, '/var/www/html/myApp')
from myApp import app as application
这里是/etc/apache2/sites-enabled/000-default.conf的内容:
<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
WSGIDaemonProcess charter threads=5
WSGIScriptAlias / /var/www/html/myApp/myApp.wsgi
<Directory flaskapp>
WSGIProcessGroup myApp
WSGIApplicationGroup %{GLOBAL}
Order deny,allow
Allow from all
</Directory>
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
</VirtualHost>
在 myApp.py 中,我有一些代码可以创建一个目录:
if not os.path.exists("dir"):
os.makedirs("dir")
但是当我将浏览器导航到 http://MY-UBUNTU-EC2-ADDRESS.compute-1.amazonaws.com/myApp/ 时,它 returns 出现了 500 错误。
当我在 /var/log/apache2/error.log 查看错误日志时,我看到了这些行:
[Mon Aug 14 22:57:06.346698 2017] [:error] [pid 6641:tid 139812646708992] [client IP-ADDRESS-REMOVED:48792] mod_wsgi (pid=6641): Target WSGI script '/var/www/html/myApp/myApp.wsgi' cannot be loaded as Python module.
[Mon Aug 14 22:57:06.346734 2017] [:error] [pid 6641:tid 139812646708992] [client IP-ADDRESS-REMOVED:48792] mod_wsgi (pid=6641): Exception occurred processing WSGI script '/var/www/html/myApp/myApp.wsgi'.
[Mon Aug 14 22:57:06.346750 2017] [:error] [pid 6641:tid 139812646708992] [client IP-ADDRESS-REMOVED:48792] Traceback (most recent call last):
[Mon Aug 14 22:57:06.346768 2017] [:error] [pid 6641:tid 139812646708992] [client IP-ADDRESS-REMOVED:48792] File "/var/www/html/myApp/myApp.wsgi", line 4, in <module>
[Mon Aug 14 22:57:06.346791 2017] [:error] [pid 6641:tid 139812646708992] [client IP-ADDRESS-REMOVED:48792] from myApp import app as application
[Mon Aug 14 22:57:06.346797 2017] [:error] [pid 6641:tid 139812646708992] [client IP-ADDRESS-REMOVED:48792] File "/var/www/html/myApp/myApp.py", line 12, in <module>
[Mon Aug 14 22:57:06.346806 2017] [:error] [pid 6641:tid 139812646708992] [client IP-ADDRESS-REMOVED:48792] os.makedirs(graphicsFiles)
[Mon Aug 14 22:57:06.346811 2017] [:error] [pid 6641:tid 139812646708992] [client IP-ADDRESS-REMOVED:48792] File "/usr/lib/python2.7/os.py", line 157, in makedirs
[Mon Aug 14 22:57:06.346820 2017] [:error] [pid 6641:tid 139812646708992] [client IP-ADDRESS-REMOVED:48792] mkdir(name, mode)
[Mon Aug 14 22:57:06.346837 2017] [:error] [pid 6641:tid 139812646708992] [client IP-ADDRESS-REMOVED:48792] OSError: [Errno 13] Permission denied: 'dir'
我需要更改什么才能确保我的应用程序有权创建目录或文件?
您不能使用相对路径名,也不能使用 Apache 用户无法写入的目录。请参阅文档:
- http://modwsgi.readthedocs.io/en/develop/user-guides/application-issues.html#application-working-directory
- http://modwsgi.readthedocs.io/en/develop/user-guides/application-issues.html#access-rights-of-apache-user
你的Apache配置也是错误的。
<Directory flaskapp>
WSGIProcessGroup myApp
WSGIApplicationGroup %{GLOBAL}
Order deny,allow
Allow from all
</Directory>
在此处使用 flaskapp 作为 Directory 的参数是不正确的。该参数应该是 WSGI 脚本文件所在的目录。
<Directory /var/www/html/myApps>
WSGIProcessGroup myApp
WSGIApplicationGroup %{GLOBAL}
Order deny,allow
Allow from all
</Directory>
另一个问题是将源代码放在 DocumentRoot 指定的目录下是不好的做法。如果您在 Apache 配置中出错,人们可能会下载您的源代码,可能包括源代码中的任何配置机密。