Single HTTPS vHost, FLASK, HTTPS redirection


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: grazehound.com

I ran this command:
certbot --apache --staging
–cert-name test_graze-jn
–webroot-path /var/www/graze-sg
-d jn.grazehound.com

It produced this output:

Enabling available site: /etc/apache2/sites-available/graze-jn-le-ssl.conf
Error while running apache2ctl configtest.
Action ‘configtest’ failed.
The Apache error log may have more information.

AH00526: Syntax error on line 9 of /etc/apache2/sites-enabled/graze-jn.conf:
Name duplicates previous WSGI daemon definition.

My web server is (include version): Apache2 (version?)

The operating system my web server runs on is (include version):
Ubuntu 16.04/3

My hosting provider, if applicable, is: self

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):


Following is a comprehensive explanation and request for help:
When I get a (test) certificate with the command:
certbot --apache --staging
–cert-name test_graze-jn
–webroot-path /var/www/graze-sg
-d jn.grazehound.com

Most of the time I do not get the option to just have a single HTTPS vHost file, a second vHost file is created. (Note: I said most of the time because one time I did get the prompt to have a single vHost file or two. I really don’t what I did that allowed this prompt to appear.)

I’m using Flask and have the WSGIDaemonProcess directive in my vHost file. Apache states that the WSGIDaemonProcess name must be unique across all the vHosts. When the certbot apache plugin created the HTTPS vHost the original WSGIDaemonProcess was placed in the HTTPS file. Now I have two vHost file with the same name for the WSGIDaemonProcess directive.

This resulted in a failure to update my vHosts. Commenting out the offending line, allowed the creation of the HTTPS vHost file, but nothing worked. My Flask driven site was non-functional. Going back into the certbot generated (HTTPS) vHost file and uncommenting the WSGIDaemonProcess directive restored the sites operation That is with the HTTP vHost still having the WSGIDaemonProcess directive commented out.

I have three questions:
Is there a command line parameter to always create a single HTTPS vHost with redirection of the HTTP protocol to HTTPS?
What am I doing wrong that is preventing the prompt to choose between two vHost files, one for HTTP the other for HTTPS and a single vHost that redirects the HTTP to HTTPS?
Are there a set of command line parameters that will allow me to fully automate this process? No prompts, just get the certificates and create a single HTTPS with HTTP redirection vHost file, in order to automate this process?

Thanks in advance for any help or insight you can offer.

Jeffrey


#2

WSGIDaemonProcess (and most mod_wsgi directives) can appear outside of VirtualHosts. If you define it globally in the first place (thus avoiding it getting copied by Certbot’s Apache plugin), would that suit your setup?

You can pass -n to Certbot to force it to be non-interactive. This will allow you to discover a command that will run without any prompts.

Most, but not all options can be passed to Certbot non-interactively.

certbot help all

The redirect options you are looking for:

--redirect            Automatically redirect all HTTP traffic to HTTPS for
                      the newly authenticated vhost. (default: Ask)
--no-redirect         Do not automatically redirect all HTTP traffic to
                      HTTPS for the newly authenticated vhost. (default:
                      Ask)

#3

In my particular case I think it would.
Where should I add this directive? /etc/apache2/apache2.conf in the Global configuration section?

I’m running on Ubuntu 16.04 soon to move to 18.04 and there are a lot of comments about Debian derived Apache configurations are different from the upstream recommendations.


#4

I believe that Certbot’s Apache plugin works on the basis of copying the scoped VirtualHost rather than entire files, so you should be able to keep it in the same file but move it to the line directly above where your <VirtualHost ..> is opened.

Failing that, try apache2.conf above the line where it includes conf.d/sites-enabled, sure.


#5

Thanks, before I received your reply I created a new site-available vHost file: grazeWSGIDaemonProcess.conf and sym linked it to the sites-enabled. Then removed the directive from both the http and https version of the .conf files. This worked.

Now I just have clean up my hacks and move this into my setup script. I’ll try the --no-redirect once I get my work cleaned up. I assume the I should give it True if I do not want any redirection.

thanks again for your help, I really appreciate it.

Jeffrey


#6

For what it’s worth, you can follow this Certbot bug about WSGIDaemonProcess and other Apache settings that can’t be copied.


#7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.