I am working on installing PrivacyIDEA onto a Debian 12 server dedicated to the tasks of PrivacyIDEA and RADIUS.
I have followed the documentation to the best of my ability to run the PIP installation. However, the steps are somewhat vague. I think I got somewhere though because I can get PrivacyIDEA WebUI to load with the Flask server. However, I cannot get Apache to load the WebUI. I have the privacyidea.conf file from NetKnights GitHub repo, I have an SSL certificate, and I have checked all the paths in the configuration files. All modules mentioned in the documentation are enabled and installed. Additionally, I installed Python 3.10 into the /opt/privacyidea virtual environment before installing.
I stumbled upon this page in the documentation for v3.2 that has some specifics for Debian installation…from Wheezy. It said that the /etc/privacyidea folder needed to be manually created and populated which made sense to me since I noticed a lot of paths in the config files point to /etc/privacyidea.
I also did not have any config.py or /etc/privacyidea/pi.cfg files in the initial install. I created pi.cfg manually to hold the SQLALCHEMY property and other keys created with pi-manage. I know those work because the development environment works. I don’t know if I missed something when I initially installed to have not ended up with the config files. The documentation seemed to indicate that they would be there.
My problem is that I cannot get the live/production environment to work on Apache. As far as I can tell, I have followed the documentation and everything, by all appearances, should work. Clearly I am missing something, and I welcome insight from anyone who has trod this path before me. I appreciate the time of everyone reading this. If I’ve left out any details that would help, please let me know and I will follow up.
I don’t have anything in privacyidea.log, but here is what is in Apache’s error.log:
[Fri Apr 26 12:00:33.808038 2024] [ssl:warn] [pid 2900:tid 140705114859392] AH01909: localhost:443:0 server ce
rtificate does NOT include an ID which matches the server name
[Fri Apr 26 12:00:33.847035 2024] [ssl:warn] [pid 2901:tid 140705114859392] AH01909: localhost:443:0 server ce
rtificate does NOT include an ID which matches the server name
[Fri Apr 26 12:00:33.853948 2024] [mpm_event:notice] [pid 2901:tid 140705114859392] AH00489: Apache/2.4.59 (De
bian) OpenSSL/3.0.11 mod_wsgi/4.9.4 Python/3.11 configured -- resuming normal operations
[Fri Apr 26 12:00:33.853991 2024] [core:notice] [pid 2901:tid 140705114859392] AH00094: Command line: '/usr/sb
in/apache2'
[Fri Apr 26 12:00:34.024558 2024] [wsgi:alert] [pid 2912:tid 140705114859392] (2)No such file or directory: mo
d_wsgi (pid=2912): Unable to change working directory to home directory '/home/privacyidea' for uid=999.
[Fri Apr 26 12:00:34.024712 2024] [wsgi:alert] [pid 2912:tid 140705114859392] mod_wsgi (pid=2912): Failure to
configure the daemon process correctly and process left in unspecified state. Restarting daemon process after
delay.
[Fri Apr 26 12:00:54.880183 2024] [wsgi:alert] [pid 3027:tid 140705114859392] (2)No such file or directory: mo
d_wsgi (pid=3027): Unable to change working directory to home directory '/home/privacyidea' for uid=999.
[Fri Apr 26 12:00:54.880245 2024] [wsgi:alert] [pid 3027:tid 140705114859392] mod_wsgi (pid=3027): Failure to
configure the daemon process correctly and process left in unspecified state. Restarting daemon process after
delay.
[Fri Apr 26 12:01:14.901769 2024] [wsgi:alert] [pid 3095:tid 140705114859392] (2)No such file or directory: mo
d_wsgi (pid=3095): Unable to change working directory to home directory '/home/privacyidea' for uid=999.
[Fri Apr 26 12:01:14.901828 2024] [wsgi:alert] [pid 3095:tid 140705114859392] mod_wsgi (pid=3095): Failure to
configure the daemon process correctly and process left in unspecified state. Restarting daemon process after
delay.
Upon acting accordingly, it turns out the home directory wasn’t created when I created the user (duh me). I deleted the user and used adduser to create the privacyidea user instead of using useradd like I had. That solved the “directory not found” issue, but that gives rise to a new wave of errors:
By this, I gather that the WSGI mod for apache2 is made in Python 3.11. The privacyIDEA pip install was done in a 3.10.14 virtual environment. I suspect that the WSGI mod needs to be Python 3.10.16 as well. I may be wrong there, I’m not sure. Please correct me if I am.
Furthermore, it throws “No module named ‘privacyidea’”. This is where the water gets murky for me…I’m not sure where it’s trying to pull privacyidea.app from. I ran a search on the entire / partition and it didn’t find privacyidea.app anywhere. I will look around the documentation for some answers. If anyone knows what that error requires, I would be very grateful for any input.
I will work on these things currently and post any revelations or headway.
I’ve made a little headway! I uninstalled the wsgi module I installed from apt and installed it via pip in my virtual environment:
sudo systemctl stop apache2
sudo apt remove libapache2-mod-wsgi-py3 --purge
sudo apt install apache2-dev
cd /opt/privacyidea
source bin/activate
which pip # make sure the right binary of pip is in use
pip install mod_wsgi
sudo ./bin/mod_wsgi-express install-module
# copy the output of the previous command
deactivate
sudo nano /etc/apache2/mods-available/wsgi_express.load
# paste line 1 of the output of install-module command into this file and save
sudo nano /etc/apache2/mods-available/wsgi_express.conf
# paste line 2 of the output of install-module command into this file and save
sudo a2enmod wsgi_express
sudo systemctl restart apache2
Apache started without any console errors, but the log now shows this:
[Fri Apr 26 15:41:05.101580 2024] [core:notice] [pid 11598:tid 140217657124736] AH00094: Command line: '/usr/sbin/apache2'
Python path configuration:
PYTHONHOME = (not set)
PYTHONPATH = (not set)
program name = '/opt/privacyidea/bin/python'
isolated = 0
environment = 1
user site = 1
import site = 1
sys._base_executable = '/opt/privacyidea/bin/python'
sys.base_prefix = '/home/radius/.pyenv/versions/3.10.14'
sys.base_exec_prefix = '/home/radius/.pyenv/versions/3.10.14'
sys.platlibdir = 'lib'
sys.executable = '/opt/privacyidea/bin/python'
sys.prefix = '/home/radius/.pyenv/versions/3.10.14'
sys.exec_prefix = '/home/radius/.pyenv/versions/3.10.14'
sys.path = [
'/home/radius/.pyenv/versions/3.10.14/lib/python310.zip',
'/home/radius/.pyenv/versions/3.10.14/lib/python3.10',
'/home/radius/.pyenv/versions/3.10.14/lib/lib-dynload',
]
Fatal Python error: init_fs_encoding: failed to get the Python codec of the filesystem encoding
Python runtime state: core initialized
ModuleNotFoundError: No module named 'encodings'
At the very least, I’ve moved beyond a 500 error and into “connection timed out”.
Next I will work on PYTHONHOME = (not set) and PYTHONPATH = (not set), which I’m pretty sure are contributing to ModuleNotFoundError: No module named 'encodings'.
