Just a short post to talk about something since I’ve messed the permissions up multiple times. The IPv6 thing is new, though.<\/p>\n\n\n\n
Whenever I install a web server with Flask and Gunicorn, there’s always a problem with permissions with the \/var\/www\/[website-name]\/[website-name].sock. It also has to do with the file at \/etc\/systemd\/system\/[website-name].service; you want to make sure you set it up as a good user and group. Your linux username with www-data<\/strong> as group usually works for both fields.<\/p>\n\n\n\n I set up a virtualenv within the website directory via virtualenv \/var\/www\/[website-name]<\/strong>, so your file layout might be different.<\/p>\n\n\n\n First of all, make sure you set up the \/etc\/systemd\/system\/[website-name].service<\/strong> file properly. Here’s some example code:<\/p>\n\n\n\n If you haven’t set this service to run automatically, here’s how you do that:<\/p>\n\n\n\n To adjust the permissions for the website files as well as [website-name].sock<\/strong> file, run these commands:<\/p>\n\n\n\n There’s more to the setup with Flask, Nginx and Gunicorn, but those are the parts I usually get stuck on.<\/p>\n\n\n\n Another issue I ran into has to do with my VPS only allowing IPv6 on their cheapest plan. As a result, I have to set up some of my websites a bit differently to point them toward IPv6 to get the website to work and certbot to be able to successfully issue a certificate.<\/p>\n\n\n\n One example is with the routes.py<\/strong> file, or the main Python code for Flask. I had to use ‘::’ instead of ‘0.0.0.0’ for the ‘host’ value. Here’s the code for that, which should be at the end of the file:<\/p>\n\n\n\n I also had to alter the Nginx server block for the website to make it work with ipv6. Just make sure to have this in it:<\/p>\n\n\n\n If you haven’t put your Nginx server block in sites-enabled with a symbolic link yet, do it with this command:<\/p>\n\n\n\n These changes should allow the website to connect and let you get a certbot certificate, as long as you have the appropriate AAAA ipv6 record for your domain.<\/p>\n","protected":false},"excerpt":{"rendered":" Just a short post to talk about something since I’ve messed the permissions up multiple times. The IPv6 thing is new, though. Whenever I install a web server with Flask and Gunicorn, there’s always a problem with permissions with the \/var\/www\/[website-name]\/[website-name].sock. It also has to do with the file at \/etc\/systemd\/system\/[website-name].service; you want to make … Gunicorn Permissions and IPv6 Certbot with Flask<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[],"_links":{"self":[{"href":"https:\/\/blog.sacko.dev\/index.php?rest_route=\/wp\/v2\/posts\/110"}],"collection":[{"href":"https:\/\/blog.sacko.dev\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.sacko.dev\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.sacko.dev\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.sacko.dev\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=110"}],"version-history":[{"count":6,"href":"https:\/\/blog.sacko.dev\/index.php?rest_route=\/wp\/v2\/posts\/110\/revisions"}],"predecessor-version":[{"id":195,"href":"https:\/\/blog.sacko.dev\/index.php?rest_route=\/wp\/v2\/posts\/110\/revisions\/195"}],"wp:attachment":[{"href":"https:\/\/blog.sacko.dev\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=110"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.sacko.dev\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=110"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.sacko.dev\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=110"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}[Unit]\nDescription=Gunicorn instance to serve [website-name]<\/strong>\nAfter=nework.target\n\n[Service]\nUser=[linux-user]<\/strong>\nGroup=www-data<\/strong>\nWorkingDirectory=\/var\/www\/[website-name]<\/strong>\nEnvironment=\"PATH=\/var\/www\/[website-name]<\/strong>\/bin\"\nExecStart=\/var\/www\/[website-name]<\/strong>\/bin\/gunicorn --workers 3 --bind unix:[website-name]<\/strong>.sock -m 007 wsgi:app\n\n[Install]\nWantedBy=multi-user.target\n<\/code><\/pre>\n\n\n\nsystemctl start [website-name] #starts the flask server\nsystemctl enable [website-name] #runs on startup<\/code><\/pre>\n\n\n\nchown -R [linux-user]:[linux-user]<\/strong> \/var\/www\/[website-name]<\/strong>\nchmod -R 775 [linux-user]:[linux-user]<\/strong> \/var\/www\/[website-name]<\/strong>\n\n#might have to do this part while your flask server is running\nchmod 770 \/var\/www\/[website-name]<\/strong>\/[website-name]<\/strong>.sock\nchown [linux-user]:www-data<\/strong> \/var\/www\/[website-name]<\/strong>\/[website-name]<\/strong>.sock<\/code><\/pre>\n\n\n\nif __name__ == '__main__':\n app.run(host='::')<\/code><\/pre>\n\n\n\nserver{\n listen[::]:80;\n ...\n}<\/code><\/pre>\n\n\n\nln -s \/etc\/nginx\/sites-available\/[website-name] \/etc\/nginx\/sites-enabled\/<\/code><\/pre>\n\n\n\n