PrivacyIDEA on Debian 12 - 500 Internal Server Error on Apache

Hello all,

I am working on installing PrivacyIDEA onto a Debian 12 server dedicated to the tasks of PrivacyIDEA and RADIUS.
I have followed the documentation to the best of my ability to run the PIP installation. However, the steps are somewhat vague. I think I got somewhere though because I can get PrivacyIDEA WebUI to load with the Flask server. However, I cannot get Apache to load the WebUI. I have the privacyidea.conf file from NetKnights GitHub repo, I have an SSL certificate, and I have checked all the paths in the configuration files. All modules mentioned in the documentation are enabled and installed. Additionally, I installed Python 3.10 into the /opt/privacyidea virtual environment before installing.

I stumbled upon this page in the documentation for v3.2 that has some specifics for Debian installationā€¦from Wheezy. It said that the /etc/privacyidea folder needed to be manually created and populated which made sense to me since I noticed a lot of paths in the config files point to /etc/privacyidea.
I also did not have any config.py or /etc/privacyidea/pi.cfg files in the initial install. I created pi.cfg manually to hold the SQLALCHEMY property and other keys created with pi-manage. I know those work because the development environment works. I donā€™t know if I missed something when I initially installed to have not ended up with the config files. The documentation seemed to indicate that they would be there.

My problem is that I cannot get the live/production environment to work on Apache. As far as I can tell, I have followed the documentation and everything, by all appearances, should work. Clearly I am missing something, and I welcome insight from anyone who has trod this path before me. I appreciate the time of everyone reading this. If Iā€™ve left out any details that would help, please let me know and I will follow up.

Thank you in advance.

Hello Egg Beater,

please take look into the log files.
privacyidea.log and Apache error.log.

Hi @cornelinux ,

I donā€™t have anything in privacyidea.log, but here is what is in Apacheā€™s error.log:

[Fri Apr 26 12:00:33.808038 2024] [ssl:warn] [pid 2900:tid 140705114859392] AH01909: localhost:443:0 server ce
rtificate does NOT include an ID which matches the server name
[Fri Apr 26 12:00:33.847035 2024] [ssl:warn] [pid 2901:tid 140705114859392] AH01909: localhost:443:0 server ce
rtificate does NOT include an ID which matches the server name
[Fri Apr 26 12:00:33.853948 2024] [mpm_event:notice] [pid 2901:tid 140705114859392] AH00489: Apache/2.4.59 (De
bian) OpenSSL/3.0.11 mod_wsgi/4.9.4 Python/3.11 configured -- resuming normal operations
[Fri Apr 26 12:00:33.853991 2024] [core:notice] [pid 2901:tid 140705114859392] AH00094: Command line: '/usr/sb
in/apache2'
[Fri Apr 26 12:00:34.024558 2024] [wsgi:alert] [pid 2912:tid 140705114859392] (2)No such file or directory: mo
d_wsgi (pid=2912): Unable to change working directory to home directory '/home/privacyidea' for uid=999.
[Fri Apr 26 12:00:34.024712 2024] [wsgi:alert] [pid 2912:tid 140705114859392] mod_wsgi (pid=2912): Failure to
configure the daemon process correctly and process left in unspecified state. Restarting daemon process after
delay.
[Fri Apr 26 12:00:54.880183 2024] [wsgi:alert] [pid 3027:tid 140705114859392] (2)No such file or directory: mo
d_wsgi (pid=3027): Unable to change working directory to home directory '/home/privacyidea' for uid=999.
[Fri Apr 26 12:00:54.880245 2024] [wsgi:alert] [pid 3027:tid 140705114859392] mod_wsgi (pid=3027): Failure to
configure the daemon process correctly and process left in unspecified state. Restarting daemon process after
delay.
[Fri Apr 26 12:01:14.901769 2024] [wsgi:alert] [pid 3095:tid 140705114859392] (2)No such file or directory: mo
d_wsgi (pid=3095): Unable to change working directory to home directory '/home/privacyidea' for uid=999.
[Fri Apr 26 12:01:14.901828 2024] [wsgi:alert] [pid 3095:tid 140705114859392] mod_wsgi (pid=3095): Failure to
configure the daemon process correctly and process left in unspecified state. Restarting daemon process after
delay.

Perfect. Read it. And act accordingly.

Upon acting accordingly, it turns out the home directory wasnā€™t created when I created the user (duh me). I deleted the user and used adduser to create the privacyidea user instead of using useradd like I had. That solved the ā€œdirectory not foundā€ issue, but that gives rise to a new wave of errors:

[Fri Apr 26 13:24:24.732741 2024] [mpm_event:notice] [pid 8247:tid 140106657560448] AH00489: Apache/2.4.59 (Debian) OpenSSL/3.0.11 mod_wsgi/4.9.4 Python/3.11 configured -- resuming normal operations
[Fri Apr 26 13:24:24.732783 2024] [core:notice] [pid 8247:tid 140106657560448] AH00094: Command line: '/usr/sbin/apache2'
[Fri Apr 26 13:26:17.564011 2024] [wsgi:error] [pid 8254:tid 140106602108608] [remote 10.1.x.x:57964] mod_wsgi (pid=8254): Failed to exec Python script file '/etc/privacyidea/privacyideaapp.wsgi'.
[Fri Apr 26 13:26:17.564078 2024] [wsgi:error] [pid 8254:tid 140106602108608] [remote 10.1.x.x:57964] mod_wsgi (pid=8254): Exception occurred processing WSGI script '/etc/privacyidea/privacyideaapp.wsgi'.
[Fri Apr 26 13:26:17.574225 2024] [wsgi:error] [pid 8254:tid 140106602108608] [remote 10.1.x.x:57964] Traceback (most recent call last):
[Fri Apr 26 13:26:17.578634 2024] [wsgi:error] [pid 8254:tid 140106602108608] [remote 10.1.x.x:57964]   File "/etc/privacyidea/privacyideaapp.wsgi", line 3, in <module>
[Fri Apr 26 13:26:17.578726 2024] [wsgi:error] [pid 8254:tid 140106602108608] [remote 10.1.x.x:57964]     from privacyidea.app import create_app
[Fri Apr 26 13:26:17.578758 2024] [wsgi:error] [pid 8254:tid 140106602108608] [remote 10.1.x.x:57964] ModuleNotFoundError: No module named 'privacyidea'
[Fri Apr 26 13:26:19.850179 2024] [wsgi:error] [pid 8254:tid 140106484610752] [remote 10.1.x.x:57966] mod_wsgi (pid=8254): Failed to exec Python script file '/etc/privacyidea/privacyideaapp.wsgi'.
[Fri Apr 26 13:26:19.850247 2024] [wsgi:error] [pid 8254:tid 140106484610752] [remote 10.1.x.x:57966] mod_wsgi (pid=8254): Exception occurred processing WSGI script '/etc/privacyidea/privacyideaapp.wsgi'.
[Fri Apr 26 13:26:19.850377 2024] [wsgi:error] [pid 8254:tid 140106484610752] [remote 10.1.x.x:57966] Traceback (most recent call last):
[Fri Apr 26 13:26:19.850472 2024] [wsgi:error] [pid 8254:tid 140106484610752] [remote 10.1.x.x:57966]   File "/etc/privacyidea/privacyideaapp.wsgi", line 3, in <module>
[Fri Apr 26 13:26:19.850480 2024] [wsgi:error] [pid 8254:tid 140106484610752] [remote 10.1.x.x:57966]     from privacyidea.app import create_app
[Fri Apr 26 13:26:19.850505 2024] [wsgi:error] [pid 8254:tid 140106484610752] [remote 10.1.x.x:57966] ModuleNotFoundError: No module named 'privacyidea'
[Fri Apr 26 13:26:20.684526 2024] [wsgi:error] [pid 8254:tid 140106602108608] [remote 10.1.x.x:57967] mod_wsgi (pid=8254): Failed to exec Python script file '/etc/privacyidea/privacyideaapp.wsgi'.
[Fri Apr 26 13:26:20.691778 2024] [wsgi:error] [pid 8254:tid 140106602108608] [remote 10.1.x.x:57967] mod_wsgi (pid=8254): Exception occurred processing WSGI script '/etc/privacyidea/privacyideaapp.wsgi'.
[Fri Apr 26 13:26:20.692052 2024] [wsgi:error] [pid 8254:tid 140106602108608] [remote 10.1.x.x:57967] Traceback (most recent call last):
[Fri Apr 26 13:26:20.692189 2024] [wsgi:error] [pid 8254:tid 140106602108608] [remote 10.1.x.x:57967]   File "/etc/privacyidea/privacyideaapp.wsgi", line 3, in <module>
[Fri Apr 26 13:26:20.692198 2024] [wsgi:error] [pid 8254:tid 140106602108608] [remote 10.1.x.x:57967]     from privacyidea.app import create_app
[Fri Apr 26 13:26:20.692218 2024] [wsgi:error] [pid 8254:tid 140106602108608] [remote 10.1.x.x:57967] ModuleNotFoundError: No module named 'privacyidea'

By this, I gather that the WSGI mod for apache2 is made in Python 3.11. The privacyIDEA pip install was done in a 3.10.14 virtual environment. I suspect that the WSGI mod needs to be Python 3.10.16 as well. I may be wrong there, Iā€™m not sure. Please correct me if I am.

Furthermore, it throws ā€œNo module named ā€˜privacyideaā€™ā€. This is where the water gets murky for meā€¦Iā€™m not sure where itā€™s trying to pull privacyidea.app from. I ran a search on the entire / partition and it didnā€™t find privacyidea.app anywhere. I will look around the documentation for some answers. If anyone knows what that error requires, I would be very grateful for any input.

I will work on these things currently and post any revelations or headway.

Iā€™ve made a little headway! I uninstalled the wsgi module I installed from apt and installed it via pip in my virtual environment:

sudo systemctl stop apache2
sudo apt remove libapache2-mod-wsgi-py3 --purge
sudo apt install apache2-dev
cd /opt/privacyidea
source bin/activate
which pip # make sure the right binary of pip is in use
pip install mod_wsgi
sudo ./bin/mod_wsgi-express install-module
# copy the output of the previous command
deactivate
sudo nano /etc/apache2/mods-available/wsgi_express.load
# paste line 1 of the output of install-module command into this file and save
sudo nano /etc/apache2/mods-available/wsgi_express.conf
# paste line 2 of the output of install-module command into this file and save
sudo a2enmod wsgi_express
sudo systemctl restart apache2

Apache started without any console errors, but the log now shows this:

[Fri Apr 26 15:41:05.101580 2024] [core:notice] [pid 11598:tid 140217657124736] AH00094: Command line: '/usr/sbin/apache2'
Python path configuration:
  PYTHONHOME = (not set)
  PYTHONPATH = (not set)
  program name = '/opt/privacyidea/bin/python'
  isolated = 0
  environment = 1
  user site = 1
  import site = 1
  sys._base_executable = '/opt/privacyidea/bin/python'
  sys.base_prefix = '/home/radius/.pyenv/versions/3.10.14'
  sys.base_exec_prefix = '/home/radius/.pyenv/versions/3.10.14'
  sys.platlibdir = 'lib'
  sys.executable = '/opt/privacyidea/bin/python'
  sys.prefix = '/home/radius/.pyenv/versions/3.10.14'
  sys.exec_prefix = '/home/radius/.pyenv/versions/3.10.14'
  sys.path = [
    '/home/radius/.pyenv/versions/3.10.14/lib/python310.zip',
    '/home/radius/.pyenv/versions/3.10.14/lib/python3.10',
    '/home/radius/.pyenv/versions/3.10.14/lib/lib-dynload',
  ]
Fatal Python error: init_fs_encoding: failed to get the Python codec of the filesystem encoding
Python runtime state: core initialized
ModuleNotFoundError: No module named 'encodings'

At the very least, Iā€™ve moved beyond a 500 error and into ā€œconnection timed outā€.
Next I will work on PYTHONHOME = (not set) and PYTHONPATH = (not set), which Iā€™m pretty sure are contributing to ModuleNotFoundError: No module named 'encodings'.

One step at a time :upside_down_face:

Creds: python 3.x - Installing mod_wsgi for Python3 on Ubuntu - Stack Overflow

Indeed. You need to correct WSGI module for things to run accordingly.

You may keep track of this issue:

We are working on supporting Python 3.11, so maybe waiting for this issue to be closed and PR merged is the more painless way to go.

1 Like

Just wanted to follow up on this:

I reinstalled privacyidea 3.10 from scratch and I was able to get it to load without a hitch! It was relatively run-and-go vs. my previous runaround with previous versions of Python patched in.

@cornelinux, Thank you for your hard work on this project and getting it to work with Python 3.11.

1 Like