uWSGI、Flask、sqlalchemy 和 postgres:SSL 错误:解密失败或记录错误 mac [英] uWSGI, Flask, sqlalchemy, and postgres: SSL error: decryption failed or bad record mac
问题描述
我正在尝试使用 uWSGI + Nginx 设置应用程序网络服务器,该服务器使用 SQLAlchemy 运行 Flask 应用程序以与 Postgres 数据库通信.
I'm trying to setup an application webserver using uWSGI + Nginx, which runs a Flask application using SQLAlchemy to communicate to a Postgres database.
当我向网络服务器发出请求时,所有其他响应都将是 500 错误.
When I make requests to the webserver, every other response will be a 500 error.
错误是:
Traceback (most recent call last):
File "/var/env/argos/lib/python3.3/site-packages/sqlalchemy/engine/base.py", line 867, in _execute_context
context)
File "/var/env/argos/lib/python3.3/site-packages/sqlalchemy/engine/default.py", line 388, in do_execute
cursor.execute(statement, parameters)
psycopg2.OperationalError: SSL error: decryption failed or bad record mac
The above exception was the direct cause of the following exception:
sqlalchemy.exc.OperationalError: (OperationalError) SSL error: decryption failed or bad record mac
错误是由一个简单的Flask-SQLAlchemy方法触发的:
The error is triggered by a simple Flask-SQLAlchemy method:
result = models.Event.query.get(id)
<小时>
uwsgi 由 supervisor 管理,它有一个配置:
uwsgi is being managed by supervisor, which has a config:
[program:my_app]
command=/usr/bin/uwsgi --ini /etc/uwsgi/apps-enabled/myapp.ini --catch-exceptions
directory=/path/to/my/app
stopsignal=QUIT
autostart=true
autorestart=true
和uwsgi的配置如下:
[uwsgi]
socket = /tmp/my_app.sock
logto = /var/log/my_app.log
plugins = python3
virtualenv = /path/to/my/venv
pythonpath = /path/to/my/app
wsgi-file = /path/to/my/app/application.py
callable = app
max-requests = 1000
chmod-socket = 666
chown-socket = www-data:www-data
master = true
processes = 2
no-orphans = true
log-date = true
uid = www-data
gid = www-data
我能说的最多的就是和uwsgi的forking有关.但除此之外,我不清楚需要做什么.
The furthest that I can get is that it has something to do with uwsgi's forking. But beyond that I'm not clear on what needs to be done.
推荐答案
问题最终被 uwsgi 分叉了.
The issue ended up being uwsgi's forking.
当使用一个主进程处理多个进程时,uwsgi 在主进程中初始化应用程序,然后将应用程序复制到每个工作进程.问题是如果您在初始化应用程序时打开一个数据库连接,那么您将有多个进程共享同一个连接,从而导致上述错误.
When working with multiple processes with a master process, uwsgi initializes the application in the master process and then copies the application over to each worker process. The problem is if you open a database connection when initializing your application, you then have multiple processes sharing the same connection, which causes the error above.
解决办法是设置lazy 配置选项对于 uwsgi,它会强制在每个进程中完全加载应用程序:
The solution is to set the lazy configuration option for uwsgi, which forces a complete loading of the application in each process:
懒惰
设置懒惰模式(在worker而不是master中加载应用程序).
Set lazy mode (load apps in workers instead of master).
此选项可能会影响内存使用,因为无法使用 Copy-on-Write 语义.当启用lazy 时,只有worker 会被uWSGI 的重新加载信号重新加载;主人会活着.因此,主服务器不会在重新加载时获取 uWSGI 配置更改.
This option may have memory usage implications as Copy-on-Write semantics can not be used. When lazy is enabled, only workers will be reloaded by uWSGI’s reload signals; the master will remain alive. As such, uWSGI configuration changes are not picked up on reload by the master.
还有一个 lazy-apps 选项:
懒惰应用
在每个工作器而不是主服务器中加载应用程序.
Load apps in each worker instead of the master.
此选项可能会影响内存使用,因为无法使用 Copy-on-Write 语义.与lazy 不同的是,这只影响应用程序的加载方式,而不影响master 在重新加载时的行为.
This option may have memory usage implications as Copy-on-Write semantics can not be used. Unlike lazy, this only affects the way applications are loaded, not master’s behavior on reload.
这个 uwsgi 配置最终对我有用:
This uwsgi configuration ended up working for me:
[uwsgi]
socket = /tmp/my_app.sock
logto = /var/log/my_app.log
plugins = python3
virtualenv = /path/to/my/venv
pythonpath = /path/to/my/app
wsgi-file = /path/to/my/app/application.py
callable = app
max-requests = 1000
chmod-socket = 666
chown-socket = www-data:www-data
master = true
processes = 2
no-orphans = true
log-date = true
uid = www-data
gid = www-data
# the fix
lazy = true
lazy-apps = true
这篇关于uWSGI、Flask、sqlalchemy 和 postgres:SSL 错误:解密失败或记录错误 mac的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
