Version 4.1.0

With version 4.1.0 of mod_wsgi, a switch to a X.Y.Z version numbering scheme from the existing X.Y scheme is being made. This is to enable a much quicker release cycle with more incremental changes.

Version 4.1.0 of mod_wsgi can be obtained from:

Note that mod_wsgi 4.1.0 was originally derived from mod_wsgi 3.1. It has though all changes from later releases in the 3.X branch. Thus also see:

Known Issues

1. The makefiles for building mod_wsgi on Windows are currently broken and need updating. As most new changes relate to mod_wsgi daemon mode, which is not supported under Windows, you should keep using the last available binary for version 3.X on Windows instead.

Bugs Fixed

1. If a UNIX signal received by daemon mode process while still being initialised to signal that it should be shutdown, the process could crash rather than shutdown properly due to not registering the signal pipe prior to registering signal handler.

2. Python doesn’t initialise codecs in sub interpreters automatically which in some cases could cause code running in WSGI script to fail due to lack of encoding for Unicode strings when converting them. The error message in this case was:

LookupError: no codec search functions registered: can't find encoding

The ‘ascii’ encoding is now forcibly loaded when initialising sub interpreters to get Python to initialise codecs.

3. Fixed reference counting bug under Python 3 in SSL var_lookup() function which can be used from an auth handler to look up SSL variables.

4. The WWW-Authenticate headers returned from a WSGI application when run under daemon mode are now always preserved as is.

Because of previously using an internal routine of Apache, way back in time the values of multiple WWW-Authenticate headers would be merged when there was more than one. This would cause an issue with some browsers.

A workaround was subsequently implemented above the Apache routine to break apart the merged header to create separate ones again, however, if the value of a header validly had a ‘,’ in it, this would cause the header value to be broken apart where it wasn’t meant to. This could issues with some type of WWW-Authenticate headers.

Features Removed

1. No longer support the use of mod_python in conjunction with mod_wsgi. When this is attempted an error is forced and Apache will not be able to start. An error message is logged in main Apache error log.

2. No longer support the use of Apache 1.3. Minimum requirement is now Apache 2.0.

Features Changed

1. Use of kernel sendfile() function by wsgi.file_wrapper is now off by default. This was originally always on for embedded mode and completely disabled for daemon mode. Use of this feature can be enabled for either mode using WSGIEnableSendfile directive, setting it to On to enable it.

The default is now off because kernel sendfile() is not always able to work on all file objects. Some instances where it will not work are described for the Apache EnableSendfile directive.

Although Apache has use of sendfile() enabled by default for static files, they are moving to having it off by default in future version of Apache. This change is being made because of the problems which arise and users not knowing how to debug it and solve it.

Thus also erring on side of caution and having it off by default but allowing more knowledgeable users to enable it where they know always using file objects which will work with sendfile().

2. The HTTPS variable is no longer set within the WSGI environment. The authoritative indicator of whether a SSL connection is used is wsgi.url_scheme and a WSGI compliant application should check for wsgi.url_scheme. The only reason that HTTPS was supplied at all was because early Django versions supporting WSGI interface weren’t correctly using wsgi.url_scheme. Instead they were expecting to see HTTPS to exist.

This change will cause non conformant WSGI applications to finally break. This possibly includes some Django versions prior to Django version 1.0.

Note that you can still set HTTPS in Apache configuration using the SetEnv or SetEnvIf directive, or via a rewrite rule. In that case, that will override what wsgi.url_scheme is set to and once wsgi.url_scheme is set appropriately, the HTTPS variable will be removed from the set of variables passed through to the WSGI environment.

3. The wsgi.version variable has been reverted to 1.0 to conform to the WSGI PEP 3333 specification. It was originally set to 1.1 on expectation that revised specification would use 1.1 but that didn’t come to be.

4. The inactivity-timeout option to WSGIDaemonProcess now only results in the daemon process being restarted after the idle timeout period where there are no active requests. Previously it would also interrupt a long running request. See the new request-timeout option for a way of interrupting long running, potentially blocked requests and restarting the process.

5. If the home option is used with WSGIDaemonProcess, in addition to that directory being made the current working directory for the process, an empty string will be added to the start of the Python module search path. This causes Python to look in the current working directory for Python modules when they are being imported.

This behaviour brings things into line with what happens when running the Python interpreter from the command line. You must though be using the home option for this to come into play.

Do not that if your application then changes the working directory, it will start looking in the new current working directory and not that which is specified by the home option. This again mirrors what the normal Python command line interpreter does.

New Features

1. Add supplementary-groups option to WSGIDaemonProcess to allow group membership to be overridden and specified comma separate list of groups used instead.

2. Add a graceful-timeout option to WSGIDaemonProcess. This option is applied in a number of circumstances.

When maximum-requests and this option are used together, when maximum requests is reached, rather than immediately shutdown, potentially interupting active requests if they don’t finished with shutdown timeout, can specify a separate graceful shutdown period. If the all requests are completed within this time frame then will shutdown immediately, otherwise normal forced shutdown kicks in. In some respects this is just allowing a separate shutdown timeout on cases where requests could be interrupted and could avoid it if possible.

When cpu-time-limit and this option are used together, when CPU time limit reached, rather than immediately shutdown, potentially interupting active requests if they don’t finished with shutdown timeout, can specify a separate graceful shutdown period.

3. Add potentially graceful process restart option for daemon processes when sent a graceful restart signal. Signal is usually SIGUSR1 but is platform dependent as using same signal as Apache would use. If the graceful-timeout option had been provided to WSGIDaemonProcess, then the process will attempt graceful shutdown first based on the that timeout, otherwise normal shutdown procedure used as if received a SIGTERM.

4. Add memory-limit option to WSGIDaemonProcess to allow memory usage of daemon processes to be restricted. This will have no affect on some platforms as RLIMIT_AS/RLIMIT_DATA with setrlimit() isn’t always implemented. For example MacOS X and older Linux kernel versions do not implement this feature. You will need to test whether this feature works or not before depending on it.

5. Add virtual-memory-limit option to WSGIDaemonProcess to allow virtual memory usage of daemon processes to be restricted. This will have no affect on some platforms as RLIMIT_VMEM with setrlimit() isn’t always implemented. You will need to test whether this feature works or not before depending on it.

6. Access, authentication and authorisation hooks now have additional keys in the environ dictionary for mod_ssl.is_https and mod_ssl.var_lookup. These equate to callable functions provided by mod_ssl for determining if the client connection to Apache used SSL and what the values of variables specified in the SSL certifcates, server or client, are. These are only available if Apache 2.0 or later is being used.

7. For Python 2.6 and above, the WSGIDontWriteBytecode directive can be used at global scope in Apache configuration to disable writing of all byte code files, ie., .pyc, by the Python interpreter when it imports Python code files. To disable writing of byte code files, set directive to On.

Note that this doesn’t prevent existing byte code files on disk being used in preference to the corresponding Python code files. Thus you should first remove .pyc files from web application directories if relying on this option to ensure that .py file is always used.

8. Add request-timeout option to WSGIDaemonProcess to allow a separate timeout to be applied on how long a request is allowed to run for before the daemon process is automatically restarted to interrupt the request.

This is to counter the possibility that a request may become blocked on some backend service, thereby using up available requests threads and preventing other requests to be handled.

In the case of a single threaded process, then the timeout will happen at the specified time duration from the start of the request being handled.

Applying such a timeout in the case of a multithreaded process is more problematic as doing a restart when a single requests exceeds the timeout could unduly interfere with with requests which just commenced.

In the case of a multi threaded process, what is instead done is to take the total of the current running time of all requests and divide that by the number of threads handling requests in that process. When this average time exceeds the time specified, then the process will be restarted.

This strategy for a multithreaded process means that individual requests can actually run longer than the specified timeout and a restart will only be performed when the overall capacity of the processes appears to be getting consumed by a number of concurrent long running requests, or when a specific requests has been blocked for an excessively long time.

The intent of this is to allow the process to still keep handling requests and only perform a restart when the available capacity of the process to handle more requests looks to be potentially on the decline.

9. Add connect-timeout option to WSGIDaemonProcess to allow a timeout to be specified on how long the Apache child worker processes should wait on being able to obtain a connection to the mod_wsgi daemon process.

As UNIX domain sockets are used, connections should always succeed, however there have been some incidences seen which could only be explained by the operating system hanging on the initial connect call without being added to the daemon process socket listener queue. As such the timeout has been added. The timeout defaults to 15 seconds.

This timeout also now dictates how long the Apache child worker process will attempt to get a connection to the daemon process when the connection is refused due to the daemon socket listener queue being full. Previously how long connection attempts were tried was based on an internal retry count rather than a configurable timeout.

10. Add socket-timeout option to WSGIDaemonProcess to allow the timeout on indvidual read/writes on the socket connection between the Apache child worker and the daemon process to be specified separately to the Apache Timeout directive.

If this option is not specified, it will default to the value of the Apache Timeout directive.

11. Add queue-timeout option to WSGIDaemonProcess to allow a request to be aborted if it never got handed off to a mod_wsgi daemon process within the specified time. When this occurs a ‘503 Service Unavailable’ response will be returned.

This is to allow one to control what to do when backlogging of requests occurs. If the daemon process is overloaded and getting behind, then it is more than likely that a user will have given up on the request anyway if they have to wait too long. This option allows you to specify that a request that was queued up waiting for too long is discarded, allowing any transient backlog to be quickly discarded and not simply cause the daemon process to become even more backlogged.

12. Add listen-backlog option to WSGIDaemonProcess to allow the daemon process socket listener backlog size to be specified. By default this limit is 100, although this is actually a hint, as different operating systems can have different limits on the maximum value or otherwise treat it in special ways.

13. Add WSGIPythonHashSeed directive to allow Python behaviour related to initial hash seed to be overridden when the interpreter supports it.

This is equivalent to setting the PYTHONHASHSEED environment variable and should be set to either random or a number in the range in range [0; 4294967295].

14. Implemented a new streamlined way of installing mod_wsgi as a Python package using a file or from PyPi. This includes a mod_wsgi-express script that can then be used to start up Apache/mod_wsgi with an auto generated configuration on port 8000.

This makes it easy to run up Apache for development without interfering with the main Apache on the system and without having to worry about configuring Apache. Command line options can be used to override behaviour.

Once the mod_wsgi package has been installed into your Python installation, you can run:

mod_wsgi-express start-server

Then open your browser on the listed URL. This will verify that everything is working. Enter CTRL-C to exit the server and shut it down.

You can now point it at a specific WSGI application script file:

mod_wsgi-express start-server

For options run:

mod_wsgi-express start-server --help

If you already have another web server running on port 8000, you can override the port to be used using the --port option:

mod_wsgi-express start-server --port 8001

15. Implemented a Django application plugin to add a runmodwsgi command to the Django management command script. This allows the automatic run up of the new mod_wsgi express script, with it hosting the Django web site the plugin was added to.

To enable, once the mod_wsgi package has been installed into your Python installation, add mod_wsgi.server to the INSTALLED_APPS setting in your Django settings file.

After having run the collectstatic Django management command, you can then run:

python runmodwsgi

For options run:

python runmodwsgi --help

To enable automatic code reloading in a development setting, use the option:

python runmodwsgi --reload-on-changes

16. The maximum size that a response header/value can be that is returned from a WSGI application under daemon mode can now be configured. The default size has also now been increased from 8192 bytes to 32768 bytes. The name of the option to WSGIDaemonProcess to set the buffer size used is header-buffer-size.