[Qgis-user] Problems with Qgis Server 2.12

Larry Shaffer larrys at dakotacarto.com
Tue Oct 27 11:22:49 PDT 2015 

Hi Henrik,

This is due to the new authentication system in 2.12 [0], and the support I
added to Server. When running Server, projects loaded that contain an
authentication configuration (instead of clear text username/password) for
accessing a secured resource, e.g. WMS using Basic Auth and HTTPS, need to
be able to access the new 'qgis-auth.db'.

The auth configurations are encrypted using a master password and stored in
the qgis-auth.db, which by default is located at ~/.qgis2/qgis-auth.db for
a desktop QGIS user. To enable Server support, I added two environment
variables to overcome the problems associated with automatically loading
projects [1], which are not yet fully documented:

* QGIS_AUTH_DB_DIR_PATH - Directory where an existing qgis-auth.db is
located or created if not present. This directory needs to be *writeable*
by Server's FCGI process user (which may differ from Apache's).

* QGIS_AUTH_PASSWORD_FILE - File path to file with master password as first
line. This is similar to password files used by database servers. The env
variable is read during QGIS startup, then removed from the env variables
space, so it is not available later on to the FCGI process or any Server
plugins. Since all auth configurations are encrypted, a master password is
required to access the qgis-auth.db, if a loaded project uses auth configs
stored in the qgis-auth.db.

What you have found is possibly a bug: the QGIS_AUTH_DB_DIR_PATH is now
required to start Server, even if no loaded project make use of the new
auth system. This is not really a bug if one considers the auth system
setup mandatory from 2.12+, like it is on Desktop. At the minimum, a
missing/non-writeable qgis-auth.db directory should throw a warning and not
an error, allowing Server to launch.

Please try setting QGIS_AUTH_DB_DIR_PATH to a directory writeable by the
Server's FCGI process user and see if Server starts normally. Then check
that qgis-auth.db is created in the directory.

Here is how to set the env variables for the FCGI process in Apache [2,3].
Note, setting them at the Apache process level will not work.


[0]
https://github.com/dakcarto/QGIS-Enhancement-Proposals/blob/auth-system/qep-14-authentication-system.rst
[1]
https://github.com/qgis/QGIS/blob/master/src/server/qgsserver.cpp#L359-L362
[2] https://httpd.apache.org/mod_fcgid/mod/mod_fcgid.html#fcgidinitialenv
[3] http://www.fastcgi.com/mod_fastcgi/docs/mod_fastcgi.html  (-initial-env
options)

Regards,

Larry Shaffer
Dakota Cartography
Black Hills, South Dakota

QGIS Support/Development | Boundless <http://boundlessgeo.com/>

On Tue, Oct 27, 2015 at 4:43 AM, Henrik Uggla <Henrik.Uggla at kristianstad.se>
wrote:

> It seems to be caused by some file somewhere having wrong permissions.
> This error is from my Apache log:
> ERROR: Auth db directory path could not be created
>
> Googling the phrase I found this:
> http://qgis.org/api/qgsauthmanager_8cpp_source.html
>
> Where is this db directory path supposed to be created?
>
> Henrik
>
> ________________________________________
> Från: Qgis-user <qgis-user-bounces at lists.osgeo.org> för Andreas Neumann <
> a.neumann at carto.net>
> Skickat: den 27 oktober 2015 05:37
> Till: qgis-user at lists.osgeo.org
> Ämne: Re: [Qgis-user] Problems with Qgis Server 2.12
>
> Hi Henrik,
>
> Any errors in the Apache log files? Or QGIS server log file?
>
> Did you specify the map parameter or use an according Apache rewrite rule?
>
> Is there an X-Server running?
>
> Andreas
>
> On 26.10.2015 22:11, Henrik Uggla wrote:
> > I'm using Ubuntu 12.04 and upgraded Qgis Server from version 2.8.3 with
> Ubuntugis dependencies to 2.12 with Ubuntugis dependencies. Now no Qgis
> Server web services is working anymore. All I get when I try
> service=WMS&request=GetCapabilities is:
> >
> > <ServiceException code="WMS configuration error">
> > There was an error reading the project file or the SLD configuration
> > </ServiceException>
> >
> > Is anyone else experiencing this?
> > _______________________________________________
> > Qgis-user mailing list
> > Qgis-user at lists.osgeo.org
> > http://lists.osgeo.org/mailman/listinfo/qgis-user
>
> _______________________________________________
> Qgis-user mailing list
> Qgis-user at lists.osgeo.org
> http://lists.osgeo.org/mailman/listinfo/qgis-user
> _______________________________________________
> Qgis-user mailing list
> Qgis-user at lists.osgeo.org
> http://lists.osgeo.org/mailman/listinfo/qgis-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/qgis-user/attachments/20151027/67ad7c6c/attachment.html>

More information about the Qgis-user mailing list