0

I wanted to run a flask application using nginx. I have gone through this tutorial and up to the point when I start service using wsgi from command line everything works fine (which means I can access my page on localhost:8000 and display Hello, there! message). The location of my project is as follows:

(venv-dvwa) root@kali:~/services/dvwa# pwd
/root/services/dvwa
(venv-dvwa) root@kali:~/services/dvwa# ls
dvwa.sock  main.py  __pycache__  requirements.txt  uwsgi.ini  venv-dvwa  wsgi.py
(venv-dvwa) root@kali:~/services/dvwa# which uwsgi
/root/services/dvwa/venv-dvwa/bin/uwsgi
(venv-dvwa) root@kali:~/services/dvwa#

The config file for nginx:

(venv-dvwa) root@kali:~/services/dvwa# cat /etc/nginx/nginx.conf 
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
    worker_connections 768;
    # multi_accept on;
}

http {

    ##
    # Basic Settings
    ##

    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 65;
    types_hash_max_size 2048;
    # server_tokens off;

    # server_names_hash_bucket_size 64;
    # server_name_in_redirect off;

    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    ##
    # SSL Settings
    ##

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
    ssl_prefer_server_ciphers on;

    ##
    # Logging Settings
    ##

    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;

    ##
    # Gzip Settings
    ##

    gzip on;

    # gzip_vary on;
    # gzip_proxied any;
    # gzip_comp_level 6;
    # gzip_buffers 16 8k;
    # gzip_http_version 1.1;
    # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

    ##
    # Virtual Host Configs
    ##

    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;
    server {
        listen 80;
        server_name server_domain_or_IP;
        location / {
            include uwsgi_params;
            uwsgi_pass unix:/root/services/dvwa/dvwa.sock;
        }
    }
}

And for my service:

(venv-dvwa) root@kali:~/services/dvwa# cat /etc/systemd/system/dvwa.service 
[Unit]
Description=uWSGI instance to serve dvwa csp hacks
After=network.target

[Service]
User=root
Group=root
WorkingDirectory=/root/services/dvwa
Environment="PATH=/root/services/dvwa/venv-dvwa/bin"
ExecStart=/root/services/dvwa/venv-dvwa/bin/uwsgi --ini uwsgi.ini

[Install]
WantedBy=multi-user.target

Both services are up and running:

(venv-dvwa) root@kali:~/services/dvwa# systemctl status nginx
● nginx.service - A high performance web server and a reverse proxy server
   Loaded: loaded (/lib/systemd/system/nginx.service; disabled; vendor preset: disabled)
   Active: active (running) since Thu 2018-11-22 07:13:34 CET; 35min ago
     Docs: man:nginx(8)
 Main PID: 2823 (nginx)
    Tasks: 2 (limit: 4690)
   Memory: 2.8M
   CGroup: /system.slice/nginx.service
           ├─2823 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
           └─2824 nginx: worker process

lis 22 07:13:34 kali systemd[1]: Starting A high performance web server and a reverse proxy server...
lis 22 07:13:34 kali systemd[1]: nginx.service: Failed to parse PID from file /run/nginx.pid: Invalid argument
lis 22 07:13:34 kali systemd[1]: Started A high performance web server and a reverse proxy server.
(venv-dvwa) root@kali:~/services/dvwa# systemctl status dvwa.service 
● dvwa.service - uWSGI instance to serve dvwa csp hacks
   Loaded: loaded (/etc/systemd/system/dvwa.service; disabled; vendor preset: disabled)
   Active: active (running) since Thu 2018-11-22 07:15:37 CET; 33min ago
 Main PID: 2938 (uwsgi)
    Tasks: 2 (limit: 4690)
   Memory: 17.2M
   CGroup: /system.slice/dvwa.service
           ├─2938 /root/services/dvwa/venv-dvwa/bin/uwsgi --ini uwsgi.ini
           └─2940 /root/services/dvwa/venv-dvwa/bin/uwsgi --ini uwsgi.ini

lis 22 07:15:37 kali uwsgi[2938]: your server socket listen backlog is limited to 100 connections
lis 22 07:15:37 kali uwsgi[2938]: your mercy for graceful operations on workers is 60 seconds
lis 22 07:15:37 kali uwsgi[2938]: mapped 145808 bytes (142 KB) for 1 cores
lis 22 07:15:37 kali uwsgi[2938]: *** Operational MODE: single process ***
lis 22 07:15:37 kali uwsgi[2938]: WSGI app 0 (mountpoint='') ready in 0 seconds on interpreter 0x55971c483d90 pid: 2938 (default app)
lis 22 07:15:37 kali uwsgi[2938]: uWSGI running as root, you can use --uid/--gid/--chroot options
lis 22 07:15:37 kali uwsgi[2938]: *** WARNING: you are running uWSGI as root !!! (use the --uid flag) ***
lis 22 07:15:37 kali uwsgi[2938]: *** uWSGI is running in multiple interpreter mode ***
lis 22 07:15:37 kali uwsgi[2938]: spawned uWSGI master process (pid: 2938)
lis 22 07:15:37 kali uwsgi[2938]: spawned uWSGI worker 1 (pid: 2940, cores: 1)

When I enter localhost or my ip address in the browser I have 404 nginx message. I am running latest kali linux version (that's because I wanted to play around with another project - dvwa and learn a few things). One final notice: I know that using root account is a bad idea when it comes to production purposes, but this project is not intended to do so.

roblee
  • 1
  • 2

1 Answers1

0

OK, there were several problems with my settings. First of all, including default sites-enabled override my settings. Second, I changed server name to match all cases. Last but not least the socket had to be given 666 instead of 660 rights.

My new nginx.conf:

root@kali:~/services/dvwa# cat /etc/nginx/nginx.conf
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
    worker_connections 768;
    # multi_accept on;
}

http {

    ##
    # Basic Settings
    ##

    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 65;
    types_hash_max_size 2048;
    # server_tokens off;

    # server_names_hash_bucket_size 64;
    # server_name_in_redirect off;

    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    ##
    # SSL Settings
    ##

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
    ssl_prefer_server_ciphers on;

    ##
    # Logging Settings
    ##

    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;

    ##
    # Gzip Settings
    ##

    gzip on;

    # gzip_vary on;
    # gzip_proxied any;
    # gzip_comp_level 6;
    # gzip_buffers 16 8k;
    # gzip_http_version 1.1;
    # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

    ##
    # Virtual Host Configs
    ##

    include /etc/nginx/conf.d/*.conf;
    # include /etc/nginx/sites-enabled/*;
    server {
        listen 80;
        server_name _;
        location / {
            include uwsgi_params;
            uwsgi_pass unix:/root/services/dvwa/dvwa.sock;
        }
    }
}

And uwsgi.ini:

root@kali:~/services/dvwa# cat uwsgi.ini 
[uwsgi]

module = wsgi

master = true
processes = 1

socket = dvwa.sock
chmod-socket = 666
vacuum = true

die-on-term = true

EDIT I assume that my solutions are a bit of an overkill, so if someone can suggest something more efficient I will be happy to include it in my answer.

roblee
  • 1
  • 2