How Does a Virtual Environment Work?

post from here

Using Virtual Environments

To get started, if you’re not using Python 3, you’ll want to install the virtualenv tool with pip:

$ pip install virtualenv

If you are using Python 3, then you should already have the venv module from the standard library installed.

Start by making a new directory to work with:

$ mkdir python-virtual-environments && cd python-virtual-environments

Create a new virtual environment inside the directory:

# Python 2:
$ virtualenv env

# Python 3
$ python3 -m venv env

The Python 3 venv approach has the benefit of forcing you to choose a specific version of the Python 3 interpreter that should be used to create the virtual environment. This avoids any confusion as to which Python installation the new environment is based on.

From Python 3.3 to 3.4, the recommended way to create a virtual environment was to use the pyvenv command-line tool that also comes included with your Python 3 installation by default. But on 3.6 and above, python3 -m venv is the way to go.

In the above example, this command creates a directory called env, which contains a directory structure similar to this:

├── bin
│   ├── activate
│   ├── activate.csh
│   ├── activate.fish
│   ├── easy_install
│   ├── easy_install-3.5
│   ├── pip
│   ├── pip3
│   ├── pip3.5
│   ├── python -> python3.5
│   ├── python3 -> python3.5
│   └── python3.5 -> /Library/Frameworks/Python.framework/Versions/3.5/bin/python3.5
├── include
├── lib
│   └── python3.5
│       └── site-packages
└── pyvenv.cfg

Here’s what each folder contains:

  • bin: files that interact with the virtual environment
  • include: C headers that compile the Python packages
  • lib: a copy of the Python version along with a site-packages folder where each dependency is installed

Further, there are copies of, or symlinks to, a few different Python tools as well as to the Python executables themselves. These files are used to ensure that all Python code and commands are executed within the context of the current environment, which is how the isolation from the global environment is achieved. We’ll explain this in more detail in the next section.

More interesting are the activate scripts in the bin directory. These scripts are used to set up your shell to use the environment’s Python executable and its site-packages by default.

In order to use this environment’s packages/resources in isolation, you need to “activate” it. To do this, just run the following:

$ source env/bin/activate
(env) $

Notice how your prompt is now prefixed with the name of your environment (env, in our case). This is the indicator that env is currently active, which means the python executable will only use this environment’s packages and settings.

To show the package isolation in action, we can use the bcrypt module as an example. Let’s say we have bcrypt installed system-wide but not in our virtual environment.

Before we test this, we need to go back to the “system” context by executing deactivate:

(env) $ deactivate
$

Now your shell session is back to normal, and the python command refers to the global Python install. Remember to do this whenever you’re done using a specific virtual environment.

Now, install bcrypt and use it to hash a password:

$ pip -q install bcrypt
$ python -c "import bcrypt; print(bcrypt.hashpw('password'.encode('utf-8'), bcrypt.gensalt()))"
$2b$12$vWa/VSvxxyQ9d.WGgVTdrell515Ctux36LCga8nM5QTW0.4w8TXXi

Here’s what happens if we try the same command when the virtual environment is activated:

$ source env/bin/activate
(env) $ python -c "import bcrypt; print(bcrypt.hashpw('password'.encode('utf-8'), bcrypt.gensalt()))"
Traceback (most recent call last):
  File "<string>", line 1, in <module>
ImportError: No module named 'bcrypt'

As you can see, the behavior of the python -c "import bcrypt..." command changes after the source env/bin/activate call.

In one instance, we have bcrypt available to us, and in the next we don’t. This is the kind of separation we’re looking to achieve with virtual environments, which is now easily achieved.

 

To explain how this works, let’s first check out the locations of the different python executables. With the environment “deactivated,” run the following:

$ which python
/usr/bin/python

Now, activate it and run the command again:

$ source env/bin/activate
(env) $ which python
/Users/michaelherman/python-virtual-environments/env/bin/python

After activating the environment, we’re now getting a different path for the python executable because, in an active environment, the $PATH environment variable is slightly modified.

Notice the difference between the first path in $PATH before and after the activation:

$ echo $PATH
/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:

$ source env/bin/activate
(env) $ echo $PATH
/Users/michaelherman/python-virtual-environments/env/bin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:

In the latter example, our virtual environment’s bin directory is now at the beginning of the path. That means it’s the first directory searched when running an executable on the command line. Thus, the shell uses our virtual environment’s instance of Python instead of the system-wide version.

The commands to check CentOS version

The following table contains most common and recommended ways on how to check CentOS version on your CentOS Linux server or desktop.

Command Description
$ rpm -q centos-release CentOS version valid for CentOS 6 and higher. Causes to reveal major, minor and asynchronous CentOS version.
$ lsb_release -d Requires redhat-lsb package to be installed before execution.
$ rpm -E %{rhel} RPM macro to reveal a major CentOS version
$ rpm –eval %{centos_ver} RPM macro to display a major version of CentOS
$ cat /etc/centos-release Linux cat command to output content of the /etc/centos-release to query CentOS version. Works with CentOS 6 and higher.

In case the above-provided commands did not help you to obtain the CentOS version number you may try the following alternative commands.

Although available only for CentOS version 7 and above the hostnamectl command might provide you with a significant clue about your OS version number:

$ hostnamectl 
   Static hostname: localhost.localdomain
         Icon name: computer-vm
           Chassis: vm
        Machine ID: fe069af6a1764e07be909d7cf64add99
           Boot ID: b81bb73dc549484c8927e830e149eb55
    Virtualization: kvm
  Operating System: CentOS Linux 7 (Core)
       CPE OS Name: cpe:/o:centos:centos:7
            Kernel: Linux 3.10.0-862.6.3.el7.x86_64
      Architecture: x86-64

For more answers try to query all release files within the /etc directory:

$ cat /etc/*elease
CentOS Linux release 7.5.1804 (Core) 
NAME="CentOS Linux"
VERSION="7 (Core)"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="7"
PRETTY_NAME="CentOS Linux 7 (Core)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:7"
HOME_URL="https://www.centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"

CENTOS_MANTISBT_PROJECT="CentOS-7"
CENTOS_MANTISBT_PROJECT_VERSION="7"
REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="7"

CentOS Linux release 7.5.1804 (Core) 
CentOS Linux release 7.5.1804 (Core)

Bash Script to check CentOS version

The following bash script can be used to obtain the CentOS version number given that the /etc/centos-release file exists and is populated.

The below script serves as an example, feel free to modify wherever appropriate. For more information about Bash Scripting visit our bash scripting tutorial:

#!/bin/bash

full=`cat /etc/centos-release | tr -dc '0-9.'`
major=$(cat /etc/centos-release | tr -dc '0-9.'|cut -d \. -f1)
minor=$(cat /etc/centos-release | tr -dc '0-9.'|cut -d \. -f2)
asynchronous=$(cat /etc/centos-release | tr -dc '0-9.'|cut -d \. -f3)

echo CentOS Version: $full
echo Major Relase: $major
echo Minor Relase: $minor
echo Asynchronous Relase: $asynchronous

Output:

$ ./check-centos-version.sh 
CentOS Version: 7.5.1804
Major Relase: 7
Minor Relase: 5
Asynchronous Relase: 1804

Python program to check CentOS version

The following python script will output the distribution name along with the OS version number:

#!/usr/bin/python

import platform
print platform.linux_distribution()

Alternatively, one can execute python code directly from the shell:

$ python -c 'import platform; print platform.linux_distribution()'

Output:

$ python check-centos-version.py 
('CentOS Linux', '7.5.1804', 'Core')

How to generate linux server certificates

  1. Generate a Private Key
openssl genrsa -des3 -out server.key 1024
  1. Generate a CSR (Certificate Signing Request)
openssl req -new -key server.key -out server.csr
  1. Remove Passphrase from Key
cp server.key server.key.org
openssl rsa -in server.key.org -out server.key
  1. Generating a Self-Signed Certificate
openssl x509 -req -days 1365 -in server.csr -signkey server.key -out server.crt
  1. Installing the Private Key and Certificate
cp server.crt /etc/pki/tls/certs/ssl.crt
cp server.key /etc/pki/tls/private/ssl.key

 

ISPConfig: replace apache with nginx

This Article from here

In this tutorial i show you how to replace apache with nginx using ISPConfig 3.0.5.4. I performed the migration for serveral sites running Joomla 2.x, Joomla 3.x, WordPress and some static / self-written pages.

The server runs ISPConfig 3.0.5.4.p6 installed using the Perfect Server Howto from howtoforge.com.

There are some differents between apache and nginx so you may have to adjust some settings for your web-sites.
nginx does not support .htaccess
nginx does not use different apache-modules like mod_rewrite

You can use different online-converters like www.anilcetin.com to move the configs from apache to nginx. But keep in mind, that it´s not guranteed, that the convert works with out any errors. I used for different (very simple) htaccess without any problems

If you change the webserver in ISPConfig from apache to nginx, you can´t see your additional apache directives in the interface (but they are still in the database). You can browse through all you websites and write down the directives or you can grab them from the databse using phpmyadmin or mysql with this sql-command:
SELECT domain, apache_directives FROM web_domain WHERE apache_directives != '';

To find all .htaccess files, you ran run find /var/www/clients/ -name .htaccess -not -path "*/stats/*".

1. install nginx
apt-get install nginx

2. install php-fpm
apt-get install php5-fpm
and make sure, that /etc/php5/fpm/php.ini contains:

cgi.fix_pathinfo=0
date.timezone=”Europe/Berlin”

Restart php-fpm with /etc/init.d/php5-fpm reload.

Now nginx is installed but apache is still your active webserver.

3. enable Maintaince mode
Enable the Maintenance Mode in ISPConfig under System / Mainconfig on the tab Misc to prevent changes during the migration.

4. switch to nginx in ISPConfig
Login as root into phpmyadmin, open the database dbispconfig, select the table server and edit the server.

Scroll down to config and find the line [global] finden. In the next line replace

webserver=apache

with

webserver=nginx

Scroll futher down to the line [web] And change the next line from

server_type=apache

to

server_type=nginx

6. Create ispconfig.vhost in /etc/nginx/sites-available:
vi /etc/nginx/sites-avaliable/ispconfig.vhost
and paste one of the following contents:

with SSL:

server {
listen 8080;
ssl on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_certificate /usr/local/ispconfig/interface/ssl/ispserver.crt
ssl_certificate_key /usr/local/ispconfig/interface/ssl/ispserver.key;
server_name _;

root /usr/local/ispconfig/interface/web/;

client_max_body_size 20M;

location / {
index index.php index.html;
}

# serve static files directly
location ~* ^.+.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt)$ {
access_log off;
}

location ~ \.php$ {
try_files $uri =404;
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/var/lib/php5-fpm/ispconfig.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
#fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_buffer_size 128k;
fastcgi_buffers 256 4k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
}

location ~ /\. {
deny all;
}
}

without SSL:

server {
listen 8080;
ssl off;
server_name _;

root /usr/local/ispconfig/interface/web/;

client_max_body_size 20M;

location / {
index index.php index.html;
}

# serve static files directly
location ~* ^.+.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt)$ {
access_log off;
}

location ~ \.php$ {
try_files $uri =404;
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/var/lib/php5-fpm/ispconfig.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
#fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_buffer_size 128k;
fastcgi_buffers 256 4k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
}

location ~ /\. {
deny all;
}
}

And create the symlink with
ln -s /etc/nginx/sites-available/ispconfig.vhost /etc/nginx/sites-enabled/000-ispconfig.vhost

7. adjust websites
Disable the Maintaince Mode and convert existing htaccess-file and apache-directives and insert the new values in the webinterface for each website.

If you did not change all websites, run the resyn-tool for the websites.

8. disable apache and start nginx
/etc/init.d/apache2 stop
update-rc.d -f apache2 remove
/etc/init.d/nginx start

Done

If you need to switch-back to apache, just revert the steps 4. and 8.

Check if your web site is secure

Analyze your web site with this mozzilla link

  1. put this link in the header of your html template page :

    <meta http-equiv=“Content-Security-Policy” content=“default-src ‘self’; child-src ‘none’; object-src ‘none'”>

  2. in your php.ini file set these rows :

    session.cookie_secure = 1

    session.use_only_cookies = 1

    session.cookie_httponly = 1

  3. Enabling the X-Content-Type-Options Header#

    To enable this security header on your origin server is quite easily and can be done in just a couple steps. Depending upon which web server you’re using will determine which snippet you should add to your server’s configuration file. The following section outlines what needs to be added to both Nginx and Apache web servers.

    Nginx#

    For Nginx users, add the following snippet to your .conf file. Once done, save your changes and reload Nginx.

    add_header X-Content-Type-Options "nosniff"
    Apache#

    For Apache users, simply add the following snippet to your .htaccess file. Once done, save your changes.

    Header set X-Content-Type-Options "nosniff"

    Enabling your web server to deliver the X-Content-Type-Options header is quite simple to do.

  4. Implementation Procedure in Apache

    • Ensure you have mod_headers.so enabled in Apache HTTP server
    • Add following entry in httpd.conf
    Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
    • Restart Apache HTTP server to test

    Note: Header edit is not compatible with lower than Apache 2.2.4 version.

  5. Configuring Apache

    To configure Apache to send the X-Frame-Options header for all pages, add this to your site’s configuration:

    Header always set X-Frame-Options "sameorigin"
    

    To configure Apache to set the X-Frame-Options deny , add this to your site’s configuration:

    Header set X-Frame-Options "deny"
    

    Configuring nginx

    To configure nginx to send the X-Frame-Options header, add this either to your http, server or location configuration:

https://idp-p39.ibo.lu:8445/ssp/tab/activate-token/activateSoftTokenApplication.seam?domain=SPSCLOUD&type=STM