mod_python Support?

[thirty20]

I spoke to someone via HG live chat, and they informed me that yes, mod_python is installed on shared hosting servers. (which was incorrect).

he even went away from the chat for a while, came back after saying he "had to go double check, he thought so, but the answer is yes".

I guess he had mod_python confused with python support... the two are very different. You can rapidly deploy web2.0-style content using mod_python and apache, but it is a performance hit (and feature loss) to run it via a CGI (which is all that HG currently supports on shared hosting, according to the excellent-as-usual email support response I got today from "Carl L.").

So my suggestion is... PLEASE support mod_python in the near future. I have lost what would have been my largest customer today because I told him yesterday that my host supports HG and today I had to backtrack. Ouch. It hurts my pocketbook. ;-)

A dedicated server should not be required in order to facilitate the use of mod_python for a customer, unless there are some major security issues with mod_python that I am not aware of.

Any thoughts from HG or others? Aside from this, I'm a very happy customer...

Thanks,
Steve

[GatorDaveC]

Hello,
Do you remember who told you that we support mod_python? Everyone should know that we only support Python as a CGI Handler.

One reason why we don't support mod_python is it could be a potential security issue. Apache modules run as the user name "Nobody" which means, if a file was writable, any client on the server using mod_python would be able to overwrite your clients files. We can't have such a security risk on a shared environment.

The best solution for performance + Security on a shared environment would be to run Python with FastCGI, since you run SuEXEC with it.

I don't have FastCGI on my todo list *yet*, but there has been some talk about it, specifically for Ruby On Rails.

I'm sorry about the false information given to you.

[zzz]

Please start supporting FastCGI for shared servers!

[thirty20]

Hi GatorDaveC,

Thanks very much for the reply. I don't actually recall the agent's name in the livechat, as I didn't bother saving a transcript.. oh well.

Count my vote for fastCGI+suexec!! This would be an excellent option, I would even pay a slightly higher fee per month to have this level of performance in my hosting.

Your explanation of why you don't currently support mod_python makes sense, although isn't apache equally as non-secure for mod_php and mod_perl then if all the modules run as 'nobody'? There must be a way around that behaviour... I look forward to you adding it to your to-do list ;-)

Steve

[Sam]

Quote:

Originally Posted by thirty20

...although isn't apache equally as non-secure for mod_php and mod_perl then if all the modules run as 'nobody'?

HG run php as CGI with SuPHP/PHPSuExec so the script runs under your username

[GatorDaveC]

Quote:

Originally Posted by thirty20

Hi GatorDaveC,

Your explanation of why you don't currently support mod_python makes sense, although isn't apache equally as non-secure for mod_php and mod_perl then if all the modules run as 'nobody'? There must be a way around that behaviour... I look forward to you adding it to your to-do list ;-)

Steve

mod_php & mod_python are fine on environments that aren't shared. Having scripts running as a single user on a shared server is what makes it insecure. I believe Apache now has MPM in the newers version which will prefork, and it *may* be able to run as other users. I know there has been problems in the past with it.

But anyway, I do have Apache 2.x migrations on my to do list with a couple of extra features, and maybe we'll add in FastCGI at the same time. Before any of these upgrades go on the servers, we need to make sure it won't cause many issues.

[thirty20]

Quote:

Originally Posted by GatorDaveC

mod_php & mod_python are fine on environments that aren't shared. Having scripts running as a single user on a shared server is what makes it insecure. I believe Apache now has MPM in the newers version which will prefork, and it *may* be able to run as other users. I know there has been problems in the past with it.

But anyway, I do have Apache 2.x migrations on my to do list with a couple of extra features, and maybe we'll add in FastCGI at the same time. Before any of these upgrades go on the servers, we need to make sure it won't cause many issues.

GatorDave,

This is exciting to hear! Thanks very much for listening to your customers... and I really hope the Apache2 upgrade goes smoothly

[Goddess Dix]

Quote:

Originally Posted by GatorDaveC

But anyway, I do have Apache 2.x migrations on my to do list with a couple of extra features, and maybe we'll add in FastCGI at the same time. Before any of these upgrades go on the servers, we need to make sure it won't cause many issues.

so, if a managed dedi customer asks for an apache2/modsec 2 update, is this something that would be available/supported in the not-too-distant future, perchance?

[GatorDaveC]

Quote:

Originally Posted by Goddess Dix

so, if a managed dedi customer asks for an apache2/modsec 2 update, is this something that would be available/supported in the not-too-distant future, perchance?

We can upgrade your server to Apache 2.x, and it will be supported. However we don't have a rule set for Mod security 2 yet, so you would have to stick with the standard rules, or create your own.

[IronWarrior]

Could Apache 2 be installed on the shared servers?

[Sam]

Quote:

Originally Posted by IronWarrior

Could Apache 2 be installed on the shared servers?

Not until Hg decide to upgrade the whole server to apache2

[GvilleRick]

As GatorDave mentioned previously the servers will be migrated to Apache 2 at some point.

[slapshotw]

Are the old mod_security rules automatically removed when doing the upgrade?

[thirty20]

Hi, Just popping in on this thread I started because what with all the recent upgrades to the services on my reseller account (i.e. a webserver now identifying itself as: "Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.8i DAV/2 FrontPage/5.0.2.2635 mod_bwlimited/1.4 mod_auth_passthrough/2.1", I was curious as to the status of FastCGI/mod_python support. Is it now possible since we are running upgraded apache software?

Thanks,
Steve

Quote:

Originally Posted by GvilleRick

As GatorDave mentioned previously the servers will be migrated to Apache 2 at some point.

[thirty20]

Anyone? Anyone? ..... Bueller?

Quote:

Originally Posted by IronWarrior

Could Apache 2 be installed on the shared servers?

As noted below, Apache 2 is now available on all shared and reseller servers.

Quote:

Originally Posted by slapshotw

Are the old mod_security rules automatically removed when doing the upgrade?

Yes. mod_security and mod_security2 are incompatible in every way, including rulesets. Upgrading from Apache 1.x with modsec to Apache 2.x with modsec2 would remove all the old rules and replace them with the modsec2 rules.

Quote:

Originally Posted by thirty20

Hi, Just popping in on this thread I started because what with all the recent upgrades to the services on my reseller account (i.e. a webserver now identifying itself as: "Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.8i DAV/2 FrontPage/5.0.2.2635 mod_bwlimited/1.4 mod_auth_passthrough/2.1", I was curious as to the status of FastCGI/mod_python support. Is it now possible since we are running upgraded apache software?

Thanks,
Steve

Most of our shared servers now have FastCGI support and the rest should have it within the next 2-4 weeks. After that, they plan to do reseller servers as well, however there is currently no ETA on when reseller servers will start or finish. Keep an eye on the General Announcements forum for updates on that. As for python running through FastCGI and suEXEC, I don't have any information on that. You may submit a support ticket to try to find out.