[筆記] ⭐️ Apache2 + Uncomplicated Firewall + uWSGI + Flask

2023.02.02
Linux Ubuntu 22.04 Uncomplicated Firewall

安裝 ~~Django~~ Flask
1. 我使用sudo pip install Flask安裝時出現了以下錯誤 (記得使用 sudo )
  所以改用sudo pip install --ignore-installed Flask
  
  Installing collected packages: MarkupSafe, itsdangerous, click, blinker, Werkzeug, Jinja2, Flask
  …
  Attempting uninstall: blinker
  Found existing installation: blinker 1.4
  ERROR: Cannot uninstall ‘blinker’. It is a distutils installed project and thus we cannot accurately determine which files belong to it which would lead to only a partial uninstall.
2. 確認安裝結果：flask --version
建立 Flask APP
1. 建立 {FlaskApps}/main.py
```
from flask import Flask
 
app = Flask(__name__)
 
@app.route("/")
def index():
  return 'Hello, Flask!'
```
2. 測試
  export FLASK_APP=main.py # only available in the current session
  flask run --host=0.0.0.0 --port=8000
安裝 Apache2：sudo apt install apache2
確認參數設置：apachectl configtest
1. 出現：
  AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.1.1. Set the ‘ServerName’ directive globally to suppress this message
2. sudo nano /etc/apache2/apache2.conf
  新增ServerName localhost:80
```
# Include the virtual host configurations:
ServerName localhost:80
IncludeOptional sites-enabled/*.conf
```
3. 再次確認參數設置：apachectl configtest → Syntax OK
4. 確認 Apache2 運作狀態：sudo service apache2 status
  會看到「Active: active (running)」
啟動 Uncomplicated Firewall 防火牆
1. 設定白名單（允許OpenSSH通過防火牆）
  1. OpenSSH：sudo ufw allow OpenSSH
  2. Samba：sudo ufw allow Samba
  3. 自定義：sudo ufw allow start[[:end/]{tcp/udp}]
2. sudo ufw allow in "Apache Full"
3. sudo ufw enable
4. sudo ufw status 確認防火牆狀態
Apache2 模組 mod-proxy-uwsgi
1. 安裝：sudo apt install libapache2-mod-proxy-uwsgi
2. 啟用：
  sudo a2enmod proxy_uwsgi
  sudo systemctl restart apache2
3. apachectl -M確認 Apache 啟用中的模組是否有proxy_uwsgi_module (shared)
安裝 uWSGI
1. sudo apt install python3.11-dev
2. sudo pip install uwsgi
建立 uWSGI 的 .ini
1. 建立 {FlaskApps}/uwsgi/uwsgi.ini
```
[uwsgi]
chdir = {FlaskApps}
wsgi-file = %(chdir)/main.py
callable = app
http-socket = :5000
processes = 4
threads = 2
master = true
chmod-socket = 666
logfile-chmod = 664
vacuum = true
die-on-term = true
socket = %(chdir)/uwsgi/uwsgi.sock
status = %(chdir)/uwsgi/uwsgi.status
pidfile = %(chdir)/uwsgi/uwsgi.pid
daemonize = %(chdir)/uwsgi/uwsgi.log
```
2. 啟動：uwsgi --ini {FlaskApps}/uwsgi/uwsgi.ini
  查看 log：tail -f {FlaskApps}/uwsgi/uwsgi.log
  關閉：uwsgi --stop {FlaskApps}/uwsgi/uwsgi.pid
  重啟：uwsgi --reload {FlaskApps}/uwsgi/uwsgi.pid
  ※ 當 Flask 內容有異動時，須將 uWSGI 關閉再啟動
  關閉再啟動：
  uwsgi --stop {FlaskApps}/uwsgi/uwsgi.pid \ && sleep 3s && \ uwsgi --ini {FlaskApps}/uwsgi/uwsgi.ini
3. 無法用上述方法關閉 uWSGI 時：※
  1. 用 sudo netstat -tulpn 找到占用 5000 Port 的 PID
  2. 用 sudo kill -9 {PID_NUMBER} 關閉

配置 Apache2 的 VirtualHost

sudo nano /etc/apache2/sites-available/000-default.conf

<VirtualHost *:80>
    ServerName <your.domain.name>
    ServerAlias <your.domain.name>

    ProxyPass / unix:{FlaskApps}/uwsgi/uwsgi.sock|uwsgi://127.0.0.1:5000/
</VirtualHost>

重新啟動 Apache2：sudo systemctl restart apache2

我在此處 Apache2 發生了 503 error
1. 查看錯誤原因：/var/log/apache2/error.log
  Permission denied: AH02454: uwsgi: attempt to connect to Unix domain socket {FlaskApps}/uwsgi/uwsgi.sock (127.0.0.1) failed
2. 我的處理方法：
  將 www-data(Ubuntu 中預設配置給 Apache2 的使用者) 加入 {Flask} 資料夾 owner 的 group
  sudo gpasswd -d www-data {Flask_owner}
  ※ 確認 group ：cat /etc/group | grep www-data
  
  ※ /var/www/html是 Apache2 預設的 document root 資料夾
  owner 為root，其中資料夾的權限是 755 ，檔案的權限是 644
3. 重新啟動 Apache2：sudo systemctl restart apache2
開機時自動啟動 uWSGI：
參考開機時自動執行腳本 (rc-local.service)
sudo nano /etc/rc.local寫入命令uwsgi --ini {FlaskApps}/uwsgi/uwsgi.ini

Last Updated on 2025/04/18 by A1go