Q httpd apache modrewrite, second request leads to internal server error

raspberryswirl · June 1, 2022, 5:07pm

Hi,

I have installed privacyidea python package in apache access via WSGI. Working fine.
I also have another machine where I do a ProxyPass to the proxy server.
To mention: I use sqlite - as test…
Now the fun part begins:
Restarting both webservers.
Accessing Webserver1 from client → PI works
Accessing Webserver2 from client → PI goes INTO 500 with
mod_wsgi (pid=11322): Target WSGI script ‘/etc/privacyidea/privacyideaapp.wsgi’ cannot be loaded as Python module.
mod_wsgi (pid=11322): Exception occurred processing WSGI script ‘/etc/privacyidea/privacyideaapp.wsgi’.
…
RecursionError: maximum recursion depth exceeded in comparison

Restarting both webservers. AGAIN
Accessing Webserver2 from client → PI WORKS
Accessing Webserver1 from client → PI goes into 500 AGAIN

I wonder, is there a “lock” which from the request server info will be written into db? Or a generall lock for the sqlite feature?
I am using sqllite - will it be fixed with any other DB?
can I configure it so, that itself gets resetted by time to time.
Or is it anywhere documented maybe? Can I set the “servername”, PI_INSTANCE? where eg. in emails then comes: you have to click this link… htttp:…:PORTNUMBER:/passwordrecovery

this error/feature is reproducable.

TIA
rasp

webserver1:
WSGIScriptAlias /a /etc/privacyidea/privacyideaapp.wsgi
WSGIPythonHome /opt/privacyidea/
WSGIPythonPath /opt/privacyidea/lib/python3.6/site-packages/
WSGIDaemonProcess privacyidea processes=2 threads=15 display-name=%{GROUP} user=privacyidea

webserver2:
ProxyPass /a http://xxx/a/
ProxyPassReverse /a http://xx/a/

cornelinux · June 1, 2022, 6:26pm

Welcome to privacyIDEA!

It is not clear to me, why you are talking about a webserver2.

Here are some generic hints, how to drill down problems.

Always look an one problem after another. Do not put several problems into one post.
Always try to reduce complexity. ReverseProxy? Why? Would it run without it?
If a client communicates to a server and the server responds with an error. What would you do? Where would you look for more hints?
Do not trust single threaded software like sqlite in complex environments

raspberryswirl · June 2, 2022, 6:11pm

Hi cornelinux

It is not clear to me, why you are talking about a webserver2.

So I have on webserver1 PrivacyIdea installed.
This I need to access from another machine - therefore on this machine webserver2 there is a Proxy gooing to webserver1.
Its written in the beginning of my post - and its a problem with the privacy idea - as I have written its reproducable behaviour:
Depending on from which way I access the privacyidea server (wsgi) - the FIRST way works - the SECOND not goes to recursion / 500 on WEBSERVER1.
So it must be some env in the wsgi, which get setted by privacyidea.

cheers
jonathan