Join Log in
Score:0
Jai avatar Server

Unix socket communication with Apache 2.4.51 and Flask App using Uwsgi returning "404 Not Found"

io flag
Jai

I'm using Apache in the front as web server and running python flask application at the back end and they communicate using Unix socket as mentioned in the link below for mod_proxy_uwsgi module and i have loaded both mod_proxy and mod_proxy_uwsgi as suggested https://uwsgi-docs.readthedocs.io/en/latest/Apache.html

httpd/bin/apachectl -S
VirtualHost configuration:
*:2020                 host-rh7-1 (/home/user/httpd-2.4.51/conf/httpd.conf:156)
*:2022                 host-rh7-1 (/home/user/httpd-2.4.51/conf/httpd.conf:169)
*:2021                 host-rh7-1 (/home/user/httpd-2.4.51/conf/extra/httpd-ssl.conf:123)
*:2023                 host-rh7-1 (/home/user/httpd-2.4.51/conf/extra/httpd-ssl.conf:294)
ServerRoot: "/home/user/httpd-2.4.51"
Main DocumentRoot: "/home/user/web/html"
Main ErrorLog: "/home/user/httpd-2.4.51/logs/error_log"
Mutex default: dir="/home/user/httpd-2.4.51/logs/" mechanism=default
Mutex proxy-balancer-shm: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex ssl-cache: using_defaults
PidFile: "/home/user/httpd-2.4.51/logs/httpd.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="user" id=995 not_used
Group: name="support" id=1034 not_used

-------------------------------------

httpd.conf
------------
<VirtualHost *:2022>
    ProxyPass / unix:/home/user/flask_app/myproject.sock|uwsgi://home/user/flask_app/
</VirtualHost>



uwsgi conf.ini
---------------
[uwsgi]
chdir = /home/user/flask_app
module = app
master = true
processes = 2
thread = 2
socket = myproject.sock
chmod-socket = 660
enable-threads = true
vacuum = true
die-on-term = true

It was working fine until I was running Apache with 2.4.48, but after upgrading Apache to 2.4.51, it stopped working and i don't see http request reaching flask app, and it gives "404 Not Found" instead.

I know that there was a vulnerability ticket around this which states "CVE-2021-40438 is a Server Side Request Forgery (SSRF) vulnerability in Apache HTTP Server version 2.4.48 and earlier" and Apache has fixed that vulnerability issue in 2.4.51, but i do not understand the full effect of the fix in my configuration.

More information is here in this link https://www.fastly.com/blog/apache-redux-preventing-server-side-request-forgery-via-cve-2021-40438 and the fix looks to be in this revision https://svn.apache.org/viewvc?view=revision&revision=1892814

Is there an alternative way to enable Unix socket communication in httpd.conf going forward OR I have to use TCP socket instead ?

Please note that I know that if I use TCP socket instead of Unix socket as follows, it works fine

httpd.conf
-----------
<VirtualHost *:2022>
    ProxyPass / uwsgi://127.0.0.1:2024/
</VirtualHost>



uwsgi conf.ini
--------------
[uwsgi]
chdir = /home/user/flask_app
module = app
master = true
processes = 2
thread = 2
socket = 127.0.0.1:2024
enable-threads = true
vacuum = true
die-on-term = true
147
0 + 0
Score:0
Jai avatar Server
io flag
Jai

After seeing some more examples around, I just tried another version of encoding the ProxyPass line as follows and it worked for me:

httpd.conf
------------
<VirtualHost *:2022>
    ProxyPass / unix:/home/user/flask_app/myproject.sock|uwsgi://localhost/
</VirtualHost>
0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.