The Linux Questions Thread: a bunch of pitfalls, but technically it's possible

The Something Awful Forums > Discussion > Serious Hardware/Software Crap > The Linux Questions Thread: a bunch of pitfalls, but technically it's possible

DelphiAegis: Jun 21, 2010

So I have a question. I'm using a Debian10 server hosted by AWS' EC2 platform, to give some context. And if this isn't the right place please feel free to tell me I'm an idiot.

I'm trying to setup a Mercurial repository server for a friend and I. However, I'm running headfirst into a wall and since this is my first linux server, I'm probably doing something stupid and not knowing about it. I'm following the general directions here and have setup Apache2 server, installed Python on the server, installed the mercurial package (pretty sure globally, not 100% on how to check) and have tried to get it running via a .wsgi script, but the Apache2 service won't start if I have "WSGIScriptAlias /foo /home/user/webdir/hgweb.wsgi" in the Apache2.conf file. It puts out an "Invalid Command 'WSGIScriptAlias', perhaps misspelled or defined by a module not included in the server configuration' but ScriptAlias is defined, so it's possible I just didn't get a good package, maybe?

Either way I started forging ahead with just the hgweb.cgi instead, and despite doing chown a+x hgweb.cgi and restarting the server, I still get a 403 when attempting to navigate to the directory on the server that I specified in the apache2.conf file.

The end goal of this is just to be able to securely host a repository, using TortoiseHg workbench as a front-end since that's what my friend has been using for a while now, and hasn't had "proper" repository control since bitbucket discontinued support for Mercurial (and he doesn't want to move to git/new repository management option). Since TortoiseHG workbench supports pushing to a url I also tried pushing via http, though from the errors I was getting, my research pointed me to get the script running on the server and accessible to make that viable.

On the upside I've learned a lot about Linux doing all of these things and it's been fun to learn, and I now have opinions on Vi/Nano which helps my nerd cred, but I'm sort of lost and am thinking I'm doing something dumb here.

# ¿ Apr 28, 2021 17:36

Adbot: ADBOT LOVES YOU

# ¿ Apr 26, 2024 13:38

DelphiAegis: Jun 21, 2010

RFC2324 posted:

If you check httpd -M do you see the wgsi module? I'm not sure what its called off the top of my head, but it probably has that 4 letter sequence in it.

This server doesn't have an httpd; I'm very confused by that.

Though based on that I found /etc/apache2/mods-available section and successfully used a2enmod proxy_uwsgi which did put proxy_uwsgi.load, and doing the same for cgi gave "Your MPM seems to be threaded. Selecting cgid instead of cgi". Restarting after loading both of those still throws a 403 forbidden error.

Even adding this to the apache2.conf file doesn't resolve the 403:

code:

<Directory /foo>
	Order allow,deny
	Allow from all
</Directory>

I can get a default html page to load from /var/www/html/index.html by navigating in a browser to the server's IP, but anywhere besides there isn't navigable for some reason and I'm probably dumb.

DelphiAegis fucked around with this message at 18:48 on Apr 28, 2021

# ¿ Apr 28, 2021 18:45

DelphiAegis: Jun 21, 2010

RFC2324 posted:

https://tecadmin.net/install-apache-with-python-mod-wsgi-on-debian-10/

this may help. the step by step nature of it may make it more clear where wgsi is failing, assuming you are using mod_wgsi

tbh my experience with linux is that the real skill comes from googling 15 different almost accurate guides up and following them in a random way til it works, and this is sounding like one of those projects

Definitely is that type of project, yes. Both the steps in that link were an issue (I didn't properly install wsgi before) and I apparently didn't properly install mercurial either, even though I thought I did. At least, running python didn't throw an error when I did 'import mercurial' so it was probably part of the python package I got, but not specifically installed itself.

Though now the server itself being up is one step, the next is getting TortoiseHg to work with it. Thanks for the help though.

Edit: Now I can't even push over http using Tortoise despite specifying in the settings to not use SSL (as a test, to ensure I could). I don't want to learn about certificate chains.

DelphiAegis fucked around with this message at 22:11 on Apr 28, 2021

# ¿ Apr 28, 2021 21:07

DelphiAegis: Jun 21, 2010

I use passphrases like the other posters, writing l1k3 th15, then if a change is needed, I select a (or multiple) words to hold shift when typing, so something like 'th15' turns into 'TH!%' but it's still an easy phrase to remember and type. Not sure if you're forced to change your sudo password or not, but that method has served me well on many sets of credentials to remember.

Bonus is that if you're doing 90 day expiry is that you can simply write the reminder of the phrase, using the first one/two letters of each word, to remind you of the sequence and the capitalization scheme you used for that 90 day period.

Of course, cue the security expects to poke holes in my methodology. :v:

I welcome that, though, I don't want my stuff to get owned. :ohdear:

# ¿ May 4, 2021 23:46

The Something Awful Forums > Discussion > Serious Hardware/Software Crap > The Linux Questions Thread: a bunch of pitfalls, but technically it's possible