Teru's blog

web2py 2

have run web2py on a local desktop, and now try to install on a local server.

Downlod the source from here.

$ cd web2py-read-only
$ python web2py -help

gives me

Usage: python web2py.py

web2py Web Framework startup script.  ATTENTION: unless a password is
specified (-a 'passwd') web2py will attempt to run a GUI. In this case command
line options are ignored.

Options:
  --version             show program's version number and exit
  -h, --help            show this help message and exit
  -i IP, --ip=IP        the ip address of the server (127.0.0.1)
  -p PORT, --port=PORT  the port for of server (8000)
  -a PASSWORD, --password=PASSWORD
                        the password to be used for administration (use -a
                        "<recycle>" to reuse the last password))
  -u UPGRADE, --upgrade=UPGRADE
                        upgrade applications
  -c SSL_CERTIFICATE, --ssl_certificate=SSL_CERTIFICATE
                        file that contains ssl certificate
  -k SSL_PRIVATE_KEY, --ssl_private_key=SSL_PRIVATE_KEY
                        file that contains ssl private key
  -d PID_FILENAME, --pid_filename=PID_FILENAME
                        file where to store the pid of the server
  -l LOG_FILENAME, --log_filename=LOG_FILENAME
                        file where to log connections
  -n NUMTHREADS, --numthreads=NUMTHREADS
                        number of threads
  -s SERVER_NAME, --server_name=SERVER_NAME
                        the server name for the web server
  -q REQUEST_QUEUE_SIZE, --request_queue_size=REQUEST_QUEUE_SIZE
                        max number of queued requests when server unavailable
  -o TIMEOUT, --timeout=TIMEOUT
                        timeout for individual request
  -z SHUTDOWN_TIMEOUT, --shutdown_timeout=SHUTDOWN_TIMEOUT
                        timeout on shutdown of server
  -f FOLDER, --folder=FOLDER
                        the folder where to run web2py
  -v, --verbose         increase --test verbosity
  -Q, --quiet           disable all output
  -D DEBUGLEVEL, --debug=DEBUGLEVEL
                        set debug output level (0-100, 0 means all, 100 means
                        none, default is 30)
  -S APPNAME, --shell=APPNAME
                        run web2py in interactive shell or IPython(if
                        installed) with specified appname
  -P, --plain           only use plain python shell, should be used with
                        --shell option
  -M, --import_models   auto import model files, default is False, should be
                        used with --shell option
  -R PYTHON_FILE, --run=PYTHON_FILE
                        run PYTHON_FILE in web2py environment, should be used
                        with --shell option
  -T TEST_PATH, --test=TEST_PATH
                        run doctests in web2py environment, TEST_PATH like
                        a/c/f (c,f optional)
  -W WINSERVICE, --winservice=WINSERVICE
                        -W install|start|stop as windows service
  -C, --cron            trigger a cron run manually, usually invoked from a
                        system crontab
  -N, --no-cron         Do not start cron automatically
  -L CONFIG, --config=CONFIG
                        Config file
  -F PROFILER_FILENAME, --profiler=PROFILER_FILENAME
                        profiler filename
  -t, --taskbar         Use web2py gui and run in taskbar (system tray)

Run the server as

$ python web2py --ip=192.168.1.81 --port=8801 --password=******

where ****** is a password. To make it secure, rerun it in the background as

$ python web2py --ip=192.168.1.81 --port=8801 --password="<recycle>" &

where "<recycle>" spacifies the password used last time. Open a browser on a desktop computer connected thru LAN, and wow

It worked so easily. Thanks Massimo for making this excellent software

Now, when I click the link "click here for the administrative interface" on the page, I get a message on a browser:

Admin is disabled because unsecure channel

Ooops, what's wrong? Checked the archive of GoogleGroup web2py Web Framework, and found a comment by Massimo: "... admin and appadmin only work from localhost and remotely via ssl (ssh tunnel or https is enabled) " OK, some work to do. Looked at Deployment Recipes in a manual for web2py. Hmm, seems a lot of work to run behind Apache...

Seek a minimal requirement to let me access to admin thru LAN here. I.e., get a ssl certificate and a ssl private key as options for running web2py. Found a page for Creating Certificate Authorities and self-signed SSL certificates. Follow the instructions to create a self-signed certificate.

$ sudo su
$ cd /etc/ssl
$ mkdir self_signed
$ chown root.ssl-cert self_signe
$ chmod 7
$ cd /etc/ssl/self_signed
$ chown root.ssl-cert self_sign
$ openssl genrsa -des3 -out server.key 4096

Typed a pass phrase when asked.

$ openssl req -new -key server.key -out server.csr

then

Country Name (2 letter code) [AU]:JA
State or Province Name (full name) [Some-State]:Yamagata
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:YUI Limited Partnership   
Organizational Unit Name (eg, section) []:                        
Common Name (eg, YOUR name) []:web2py.emedia.jp
Email Address []:xxxxxxx@gmail.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

For signing the certificate signing request,

$  openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Signature ok
subject=/C=JA/ST=Yamagata/O=ip/CN=web2py.emedia.jp/emailAddress=xxxxxxx@gmail.com
Getting Private key
Enter pass phrase for server.key:******

Create a version without password.

$ openssl rsa -in server.key -out server.key.insecure
Enter pass phrase for server.key:******
writing RSA key

$ mv server.key server.key.secure
$ mv server.key.insecure server.key

Now accessing http://192.168.1.81:8801/ from a browser at a desktop gives
Oops
Changed to http://192.168.1.81:8801/ gives

Hitting to accept it,

Jump to the link " click here for the administrative interface", then

After typing the password, get

OK. Ready to run appliances/applications!
Later, will need to daemonize the start of the server with the script providec as ./scripts/web2py.ubuntu.sh. To deploy in production, will need to run web2py as an wsgi application on Apache.