Django with MariaDB Troubleshoot

If you are struggling with below error while deploying Django on VPS, this post may help and save you hours for MariaDB Troubleshoot.

  • Did you install mysqlclient or MySQL-python?
  • OSError: mysql_config not found
  • ModuleNotFoundError: No module named ‘ConfigParser’

This is my 2nd times try out Django with MariaDB. The 1st one went smoothly. Couple of searches and I find that I only need to add a simple line into “activate” file of Python VirtualEnv

2nd time didn’t go right, when running “python manage.py migrate“, I got “Did you install mysqlclient or MySQL-python?“. Continue trying to run “pip install mysqlclient“, I got “OSError: mysql_config not found“, and sometimes “ModuleNotFoundError: No module named ‘ConfigParser‘”

MariaDB Troubleshoot

I tried and installed many things and not quite sure which one resolved the issue. I do believe below helped me out

“yum install mariadb-devel”

After running above command, I was able to “pip install mysqlclient” and “python manage.py migrate”

Setup Django behind uWSGI and NGINX on CentOS 7

Setting up a web server for Django could be challenging and headache. Let’s try to make it simple: Django behind uWSGI and NGINX on CentOS 7 from scratch. At the end, our complete stack of components will look like this:

the web client <-> the web server <-> the socket <-> uwsgi <-> Django

1. Install Dependencies

Assuming that you are working on a smallest VPS like mine (1GB of RAM, 1 vCPU, 25GB SSD). I am currently use Linode and DigitalOcean.

1.1. NGINX

yum install epel-release -y
yum install nginx -y

1.2. Python 3 & PIP

yum install python34-devel gcc -y
curl -O https://bootstrap.pypa.io/get-pip.py
/usr/bin/python3.4 get-pip.py

1.3. Create VirtualEnv with Python3

pip install virtualenv
mkdir -p /var/www && cd /var/www
python3.7 -m venv p3venv

If you are up-to-dated person, you can install 3.6.2 (latest python version as of now – Aug 28, 2017) follow this instruction https://janikarhunen.fi/how-to-install-python-3-6-1-on-centos-7.html

1.4. Install uWSGI & Django

# Activate virtual environment
source p3venv/bin/activate
pip install uwsgi
pip install django

2. Configurations

2.1. Basic NGINX config

For simplest & testing purposes, let’s create NGINX server block by issuing “vi /etc/nginx/conf.d/django.conf”. Any *.conf file inside this folder will be loaded as per instructed by main & default NGINX configuration (/etc/nginx/nginx.conf).

Save NGINX config and start NGINX service: systemctl start nginx

As of now, we have NGINX serves static files and by pass others to Django Server which will be configured shortly. It means you will get 502 bad gateway when accessing the site but this is totally fine.

2.2. Create Django project

# Make sure we are in right place
cd /var/www/example
django-admin.py startproject djangodemo
# Also allow domain or IP in Django settings (/var/www/example/djangodemo/djangodemo/settings.py)

Test if they look good by starting Django Development and uWSGI server. You will get “It worked! Congratulations on your first Django-powered page.”

python manage.py runserver 0.0.0.0:8000 ("ctrl + c" to terminate)
uwsgi --http :8000 --module djangodemo.wsgi ("ctrl + c" to terminate)

Alright, let’s configure uWSGI as service so we don’t have to keep terminal open.

2.3. Configure uWSGI as service

Save djangodemo_uwsgi.ini file and create symlink from the default config directory to your config file

ln -s /var/www/example/djangodemo/djangodemo_uwsgi.ini /etc/uwsgi/vassals/

Quick test if the configuration is good by start uWSGI server and navigate to the site. You should get “It worked! Congratulations on your first Django-powered page.”
/var/www/p3venv/bin/uwsgi --emperor /etc/uwsgi/vassals
Ctrl + C to terminate uWSGI server and let’s make it runs as a service

Start uWSGI and NGINX services and you should be able to access to your Django app without having to hold terminal open.

systemctl start uwsgi
systemctl restart nginx

Final thought

Congratulations. You’ve completed setting up NGINX, uWSGI to serve Django application. I know this is not so easy, especially when you are new to Django and uWSGI like me. It took me almost 2 weeks to search and try things out before writing this article.

I am still stuck at djangodemo_uwsgi.ini with chmod-socket = 666. Whenever I change it to chmod-socket = 664, I get 502 bad gateway. If someone knows the cause and how to fix it, please let me know.

Any input or comment are more than welcomed and appreciated. So why not leave a comment now, huh?

Image credit: http://technerd.tistory.com/55

References:
– https://uwsgi-docs.readthedocs.io/en/latest/tutorials/Django_and_nginx.html
– https://www.youtube.com/watch?v=DzXCHAuHf0I
http://ask.xmodulo.com/install-python3-centos.html
– https://stackoverflow.com/questions/41588925/pip-install-django-on-python3-6
– https://www.nginx.com/resources/admin-guide/gateway-uwsgi-django/

Setup Python3 Development Environment on Mac

By default, you do not need to install or configure anything else to use Python 2. This article is aimed to serve as a shortcut or references on how to setup Python3 Development Environment. Basically you will need to install the following:

1. XCode & XCode Command Line Tools

You can download and install XCode from AppStore. XCode is free and is at least 4.5 GB in size and may take some time to download (must have an Apple account).

To install Command Line Tools, you can issue below command “xcode-select –install”

2. Install and Setup Homebrew

Type below command on Terminal

/usr/bin/ruby -e “$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)”

Once above installation completes, we’ll set PATH environment variable for Homebrew:

nano ~/.bash_profile
# Add the following
export PATH=”/usr/local/sbin:$PATH”

On Terminal, type below command to activate changes

source ~/.bash_profile

To check if it works, type

brew doctor
# And you should get: Your system is ready to brew.

3. Install Python3

Simply type below command on Terminal. Along with Python3, Homebrew will install pip, setuptools and wheel.

brew install python3
# It will take some time. You may want to keep everything updated by typing
brew update
brew upgrade python3

4. Create Virtual Environment

mkdir Environments
cd Environments
python3.6 -m venv my_env
source my_env/bin/activate

Your virtual environment is ready to use.

Wrap up

Congratulations, you have your MAC ready as Python Development Environment. Please leave your comments, ideas or share if you find this article helpful.

References
1. http://python-guide-pt-br.readthedocs.io/en/latest/starting/install3/osx/
2. http://machinelearningmastery.com/install-python-3-environment-mac-os-x-machine-learning-deep-learning/
3. https://www.digitalocean.com/community/tutorials/how-to-install-python-3-and-set-up-a-local-programming-environment-on-macos

Building a secured Java web server using Spark framework and Nginx

Spark framework (www.sparkjava.com) is a small Java framework used to build a REST server quickly. You can build a Java web server with only a few lines of code. But adding SSL to your server needs more effort.

Java used its own format for the keystore file which contains keys. First of all, you need to generate your private key. Java key tool will store it in a keystore file .jks. The following command creates a key has 2048 bit length for localhost valid in one year:
keytool -genkey -alias localhost -keyalg RSA -keystore KeyStore.jks -validity 365 -keysize 2048

Now you have your private key in the keystore file. Here is a code snippet to build a web server using Spark framework:

[java]

import spark.Request;
import spark.Response;

import static spark.Spark.*;

public class Server {
private final int port = 12345;

public Server() {
port(port);
secure("KeyStore.jks", "password", null, null);

get("/", (request, response) -> {
return "Hello World";
});
}
}

[/java]

This code load the keystore you’ve recently created to support SSL. Try to access your server with the URL: https://localhost:12345/, you’ll get the text “Hello World”.

Your web server supports SSL, but it’s quite dangerous when you exposing it directly to the world. Enhancing security of your web server by adding a proxy in front of it. Requests will go to your proxy first, then your proxy forward it to your server.

I use Nginx (www.nginx.com) for this purpose. This is a famous web server that solved the C10K problem (https://en.wikipedia.org/wiki/C10k_problem). After installing it, change its configuration file (conf/nginx.conf) to allow forwarding requests to your server:

[sourcecode language=”plain”] # HTTPS server
server {
listen 443 ssl;
server_name localhost;

ssl_certificate "localhost.crt";
ssl_certificate_key "localhost.key";

server_tokens off;

#ssl_session_cache shared:SSL:1m;
#ssl_session_timeout 5m;

#ssl_ciphers HIGH:!aNULL:!MD5;
#ssl_prefer_server_ciphers on;

location / {
proxy_pass https://localhost:12345;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
}
[/sourcecode]

Please replace ‘localhost’ at ‘server_name’ field by your real domain. This configuration file guides Nginx server to listen at port 443 (SSL port) and forward requests to your web server at port 12345. Please note that you’ll need a private key and a certificate for your Nginx server. They’re different from the keystore of your web server. The OpenSSL tool (www.openssl.org) will help you to generate them easily, or you may want to contact to a CA to get an authorized certificate.

Try to open the URL https://. It’ll return ‘Hello World’. You’ve built a secured java web server successfully!

Add Google reCAPTCHA to WooCommerce Signup

That’s all I need “Add Google reCAPTCHA to WooCommerce Signup Form”. There are ton of plugins out there can satisfy this simple requirement. However they have more than what I need. So I googled the minimum requirement to reach the goal and try it out. Let’s check below and share if you find it helpful.

Google reCAPTCHA

Get Google reCAPTCHA Keys

Basically you need

  1. Site Key
  2. Secret Key

You can get the keys as well as learn more about Google reCAPTCHA at https://www.google.com/recaptcha/intro/index.html

Make it happens

Simply put below script into your WordPress theme’s functions.php

Final thoughts

You can replace woocommerce_register_form by register_form and woocommerce_register_post by register_post if you don’t use WooCommerce. Further customization can be found as below

There are many reasons for using WooCommerce and here are mine: E-Commerce readiness, prevent user from accessing backend.

Self-signed certificate for local HTTPS connection

When setting up an HTTPS server for development purpose, you probably don’t want to buy a certificate. However you still need to run with HTTPS locally to develop/test if your web application works under HTTPS connections. You can create a self-signed certificate for free using OpenSSL.

Generate a private key

This command is to genetate a 4096-bit private key using SHA512 algorithm:

openssl genrsa -out localhost.key 4096 -sha512

-out <filepath> : path of the output file that will contain private key
-sha[number] : the algorithm applies for private key, it can be sha1, sha256, sha512; default value is sha1 if this parameter is missing. sha1 is not recommended because browsers like Chrome will treat it as unsecured.

Generate a Certificate Signing Request (CSR)

A CSR file will contain information about your organization and needs to use the private key. You can include organization details in only one command line, otherwise it will ask you to input manually for each field. The following command generates a CSR file using SHA512 algorithm:

openssl req -new -key localhost.key -out localhost.csr -sha512 -subj “/C=US/ST=State/L=City/O=Your Organization/CN=localhost”

out <filepath> : path of the output fle that will contain a Certificate Signing Request
subj : subject details included in the CSR
/C : two letters of country code
/ST: full name of state
/L: full name of city
/O: full name of your organization
/CN: usually a domain name which you want to install certificate on

Generate the certificate based on the CSR and sign it using the private key

The following commands create a X509 certificate which is valid within 365 days from the creation date and uses SHA-512 algorithm:

openssl x509 -req -days 365 -in localhost.csr -signkey localhost.key -out localhost.crt -fingerprint -sha512

-days <number> : number of days from the creation date that the certificate is still vallid
– in <filepath> : path of the CSR file
– out <filepath> : path of the output certificate file
– fingerprint : to print information of fingerprint to check the algorithm used in this certificate

Now you can install both your private key file and your certificate file to your server.

Notes

OpenSSL needs its configuration file. If you’re using Windows build from GnuWin32, you can set the environment variable ‘OPENSSL_CONF’ to  the OpenSSL config file using the following command:

set OPENSSL_CONF=C:\Program Files (x86)\GnuWin32\share\openssl.cnf

The certificate is not signed by a Trusted CA. So it will be treated as not secured by browsers and rejected by Postman. You can import it as a trusted certificate into the certicate store on your machine.