How do the backend servers work?
What is a backend server?
The backend servers are the main component of any functional website which uses API, databases, and other features.
What the user sees on the browser is the frontend website and the processing of the login, signup, storing credentials, and data are done by backend servers on cloud services.
Frontend servers are rendered on the client-side, and backend servers are rendered on the server-side, and on the server, it processes all the complex functions and receives data from the database so that the frontend server can use it.
Hosting backend servers in any cloud system requires different configurations for each of the, there are different programming languages and the most popular programming languages which are used for writing backend servers are Python, Go, Javascript, PHP, RUBY Java.
Each language has its own framework to write backend servers, for python language Django framework is used widely, for javascript Node is used, for Go, Gin framework is used.
Dependency and required configurations for hosting backend servers
Different backend servers are built on different languages and different languages have their own frameworks and each framework has its own required dependency and tools to work on web servers.
Python - WSGI (Web Server Gateway Interface)
Building projects in Django creates auto-generated files by default which are the skeleton or the structure of the Django framework, wsgi.py is one such important file that is used to communicate with web servers. WSGI is Web Server Gateway Interface, it describes the communication between web servers and Python web application servers or frameworks.
WSGI (Web Server Gateway Interface) is a standard interface between web server software and web applications written in Python.
It covers how a web server connects with Python web applications/frameworks, as well as how web applications/frameworks may be chained together to execute a request.
The apache webservers are popular for their customization and multi-platform support, it has a specific module for Django servers, called mod_wsgi. The mod WSGI module provides a WSGI compliant interface for executing and running a python based web application server within apache.
Node - Proxy Module
In an apache web server, the node or javascript servers are hosted or run using the proxypass and reverse proxy method and its modules.
A reverse proxy serves as a link between the client and the server, forwarding requests to the main web server or application webservers. It manages the requests and responses between clients and servers and offers security and a high level of abstraction.
The ProxyPass directive defines how inbound requests are routed to the backend server (or a cluster of servers known as a Balancer group).
And another directive used is the ProxyPass directive, which defines how the inbound requests are sent to the Node/Javascript backend servers, it manages any requests or responses under the root URL (/) that should be sent or routes to the Node/Javascript backed servers localhost address or the root default address.
.
Hosting backend servers in the cloud
Django server configurations
Setup and install the Django dependencies and packages.
The basic requirements for hosting the Django server are its requiremnets.txt file in which all of the dependency packages are written and connecting it to the database and running its migrations.
For installing the dependency and packages, check the python version which the Django project application needs to be set and make a virtual environment upon which the Django server will run.
In any cloud service, Linux servers are mostly used, use these commands to check the python version and virtual environment.
- Install all Python 3 packages. These will ensure we have everything for Python - Django framework application server.
Update the Linux/ubuntu system
$ sudo apt-get update && sudo apt-get dist-upgrade
$ sudo apt install -y python3-pip python3 python3-setuptools build-essential libssl-dev libffi-dev python3-dev python3-venv
- Make a virtual environment
$ mkdir project_env
## Directory where environment files can be stored
$ cd project_env
$ python3 -m venv penv
## penv can be named anything
- Activate virtulenv and it should look like this :
$ cd project_env
$ source penv/bin/activate
(penv)[user]$ / directory /
- Install the packages inside the virtualenv
$ pip install package_name
OR
$ pip install -r requiremenrs.txt
Configuring WSGI.py
Django autogenerates the wsgi.py file inside the main directory of django alonside settings.py and other files.
Open the wsgi.py and configure the project directory path.
"""
WSGI config for lgraph project.
It exposes the WSGI callable as a module-level variable named ``application``.
For more information on this file, see
https://docs.djangoproject.com/en/2.0/howto/deployment/wsgi/
"""
import os
import sys
from django.core.wsgi import get_wsgi_application
## Add this line to add project directory.
sys.path.append('/home/your_project')
os.environ.setdefault("DJANGO_SETTINGS_MODULE", "project.settings")
application = get_wsgi_application()
Installing and enabling "Mod WSGI"
sudo apt-get update
sudo apt-get install libapache2-mod-wsgi-py3
Enabling the mod_wsgi module server wide.
$ a2enmod wsgi
The Django doundation has offical docmentation about how to used mod_wsgi with django - https://docs.djangoproject.com/en/4.0/howto/deployment/wsgi/modwsgi/
Running and testing Django server in localhost
After setting up the django application, now start the server, check if everything is working, start the django server with these commands:
To migrate the database, get static files ready and to test run the Django application server use these commands:
$ python manage.py makemigrations
$ python manage.py migrate
$ python manage.py collectstatic
$ python manage.py runserver 0.0.0.0:8000
Node server configuration
Setup Setup and install the Node dependencies and packages
Running and testing node server in localhost
Install and enable proxy_modules
Configuring apache virtualhost to serve the backend servers.
Configuring Virtualhost for Django Backend Server
After enabling the mod_wsgi, now it's time to configure the virtualhost to deploy the application server to expose it to internet
- enable mod wsgi
$ a2enmod wsgi
Open the /etc/apache2/site-available
directory and edit the project's configuration file.
$ cd /etc/apache2/sites-available
$ /etc/apache2/sites-available / ~ ls
$ ls
$ nano django-project.conf
OR
$ vim django-project.conf
Configure and add the following line:
- WSGIScriptAlias
- WSGIDaemonProcess
- WSGIProcessGroup
<VirtualHost *:80>
ServerName mysite.example.com
DocumentRoot /var/www/vhosts/mysite
WSGIScriptAlias / /var/www/vhosts/mysite/myproject/wsgi.py
# adjust the following line to match your Python path
WSGIDaemonProcess mysite.example.com processes=2 threads=15 display-name=%{GROUP} python-home=/var/www/vhosts/mysite/venv/lib/python3.5
WSGIProcessGroup mysite.example.com
<directory /var/www/vhosts/mysite>
AllowOverride all
Require all granted
Options FollowSymlinks
</directory>
Alias /static/ /var/www/vhosts/mysite/static/
<Directory /var/www/vhosts/mysite/static>
Require all granted
</Directory>
</VirtualHost>
Configuring Virtualhost for Node Backend Server
Dry run and testing the live servers
To check the application server is running or not
Check the apache webserver status
Check the application server status
Curl localhost:80
If in the cloud get the public IP and open the web application using the IP or domain set in the configuration file.
Top comments (1)
I went through and decided to set up a fresh server (on the internet) with a LAMP stack (which I always install by hand) and decided to give mod_security another chance. As 99% of the sites I administrate are command line based servers or Apache web servers running Wordpress, I thought this a good time to give mod_security another chance.
And once again it proved to be a bigger headache than what it's worth. Between plugins like Sucuri and Wordfence (Wordfence is what I use predominantly now), network firewalls, and host based firewalls, mod_security just doesn't give me any real benefit.
I think the real benefit to mod_security would be when starting fresh and then developing an application around it, so you can discover the ins and outs as part of a development process. I admit it can be very secure from what I've gathered but all the other plugin based tools and firewalls, plus specific rules set up in Apache configurations files, all those pretty much do what mod_security(2) would do for me.
So for now it's not for me. I do know there is wordpress.conf template out there to deal with this, as well as plenty of posts one can find googling to install band aids by voiding specific mod_security rules which interfere with Wordpress operation, but I've decided I just don't need it.
I'm responsible for approximately 50 domains/subdomains all running some version of Ubuntu Linux and I've never been hacked once. The all important good password choice as well as staying up to date on security notices as they occur, plus updating my software has kept me hacker free for the past 10 years.
Now this isn't to say people don't try to hack my sites. It happens everyday all day long but 99% of security is a good security policy with that other 1% just keeping up to date on the software you run and paying attention to security notices as they occur as it pertains to the applications you (I) run.
This reply is of course in reference to Step 1 above, hardening Apache and I just wanted to comment because I did go through those steps and followed that article and wanted to try again and it just turned out to be more hassle than it was worth.
However, I do have a small contract to build a vanilla Mediawiki site and when that comes up, I just might give mod_security another chance and see how well it interacts or interrupts Mediawiki.
Thanks for taking the time to read this if you did.